From bb3c0b246617aecb8ecf9120f07efcf45b94ae09 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Tue, 17 Jan 2017 15:46:07 +0100
Subject: [PATCH] fix flag descriptions for content-trust

Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags
for Docker Content Trust. Depending on the `verify` boolean,
the message is "Skip image verification", or "Skip image signing".
"Signing" is intended for `docker push` / `docker plugin push`.

During the migration to Cobra, this boolean got flipped for
`docker push` (9640e3a4514f96a890310757a09fd77a3c70e931),
causing `docker push` to show the incorrect flag description.

This patch changes the flags to use the correct description
for `docker push`, and `docker plugin push`.

To prevent this confusion in future, the boolean argument
is removed, and a `AddTrustSigningFlags()` function is added.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 cli/command/container/create.go           |  2 +-
 cli/command/container/run.go              |  2 +-
 cli/command/image/build.go                |  2 +-
 cli/command/image/pull.go                 |  2 +-
 cli/command/image/push.go                 |  2 +-
 cli/command/plugin/install.go             |  2 +-
 cli/command/plugin/push.go                |  2 +-
 cli/command/trust.go                      | 26 +++++++++++++----------
 docs/reference/commandline/plugin_push.md |  5 +++--
 docs/reference/commandline/push.md        |  2 +-
 10 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/cli/command/container/create.go b/cli/command/container/create.go
index 13890d9ef5..787d09b3f6 100644
--- a/cli/command/container/create.go
+++ b/cli/command/container/create.go
@@ -52,7 +52,7 @@ func NewCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
 	// with hostname
 	flags.Bool("help", false, "Print usage")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	copts = addFlags(flags)
 	return cmd
 }
diff --git a/cli/command/container/run.go b/cli/command/container/run.go
index cbe64548ea..e805ca1a57 100644
--- a/cli/command/container/run.go
+++ b/cli/command/container/run.go
@@ -61,7 +61,7 @@ func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command {
 	// with hostname
 	flags.Bool("help", false, "Print usage")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	copts = addFlags(flags)
 	return cmd
 }
diff --git a/cli/command/image/build.go b/cli/command/image/build.go
index 5d6e611406..3c92ba20b9 100644
--- a/cli/command/image/build.go
+++ b/cli/command/image/build.go
@@ -108,7 +108,7 @@ func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options")
 	flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 
 	flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer")
 	flags.SetAnnotation("squash", "experimental", nil)
diff --git a/cli/command/image/pull.go b/cli/command/image/pull.go
index 24933fe846..e840671c62 100644
--- a/cli/command/image/pull.go
+++ b/cli/command/image/pull.go
@@ -36,7 +36,7 @@ func NewPullCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags := cmd.Flags()
 
 	flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 
 	return cmd
 }
diff --git a/cli/command/image/push.go b/cli/command/image/push.go
index a8ce4945ec..a5ba7d794e 100644
--- a/cli/command/image/push.go
+++ b/cli/command/image/push.go
@@ -24,7 +24,7 @@ func NewPushCommand(dockerCli *command.DockerCli) *cobra.Command {
 
 	flags := cmd.Flags()
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustSigningFlags(flags)
 
 	return cmd
 }
diff --git a/cli/command/plugin/install.go b/cli/command/plugin/install.go
index a64dc2525a..fd30600370 100644
--- a/cli/command/plugin/install.go
+++ b/cli/command/plugin/install.go
@@ -47,7 +47,7 @@ func newInstallCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install")
 	flags.StringVar(&options.alias, "alias", "", "Local name for plugin")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 
 	return cmd
 }
diff --git a/cli/command/plugin/push.go b/cli/command/plugin/push.go
index b0766307f3..1a9c592a93 100644
--- a/cli/command/plugin/push.go
+++ b/cli/command/plugin/push.go
@@ -26,7 +26,7 @@ func newPushCommand(dockerCli *command.DockerCli) *cobra.Command {
 
 	flags := cmd.Flags()
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustSigningFlags(flags)
 
 	return cmd
 }
diff --git a/cli/command/trust.go b/cli/command/trust.go
index b4c8a84ee5..c0742bc5b2 100644
--- a/cli/command/trust.go
+++ b/cli/command/trust.go
@@ -12,13 +12,20 @@ var (
 	untrusted bool
 )
 
-// AddTrustedFlags adds content trust flags to the current command flagset
-func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {
-	trusted, message := setupTrustedFlag(verify)
-	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)
+// AddTrustVerificationFlags adds content trust flags to the provided flagset
+func AddTrustVerificationFlags(fs *pflag.FlagSet) {
+	trusted := getDefaultTrustState()
+	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image verification")
 }
 
-func setupTrustedFlag(verify bool) (bool, string) {
+// AddTrustSigningFlags adds "signing" flags to the provided flagset
+func AddTrustSigningFlags(fs *pflag.FlagSet) {
+	trusted := getDefaultTrustState()
+	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image signing")
+}
+
+// getDefaultTrustState returns true if content trust is enabled through the $DOCKER_CONTENT_TRUST environment variable.
+func getDefaultTrustState() bool {
 	var trusted bool
 	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
 		if t, err := strconv.ParseBool(e); t || err != nil {
@@ -26,14 +33,11 @@ func setupTrustedFlag(verify bool) (bool, string) {
 			trusted = true
 		}
 	}
-	message := "Skip image signing"
-	if verify {
-		message = "Skip image verification"
-	}
-	return trusted, message
+	return trusted
 }
 
-// IsTrusted returns true if content trust is enabled
+// IsTrusted returns true if content trust is enabled, either through the $DOCKER_CONTENT_TRUST environment variable,
+// or through `--disabled-content-trust=false` on a command.
 func IsTrusted() bool {
 	return !untrusted
 }
diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md
index 2747f4c4a9..693dc3a130 100644
--- a/docs/reference/commandline/plugin_push.md
+++ b/docs/reference/commandline/plugin_push.md
@@ -14,12 +14,13 @@ keywords: "plugin, push"
 -->
 
 ```markdown
-Usage:  docker plugin push PLUGIN[:TAG]
+Usage:	docker plugin push PLUGIN[:TAG]
 
 Push a plugin to a registry
 
 Options:
-      --help       Print usage
+      --disable-content-trust   Skip image signing (default true)
+      --help                    Print usage
 ```
 
 Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution,
diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md
index e36fd026d1..33cc399767 100644
--- a/docs/reference/commandline/push.md
+++ b/docs/reference/commandline/push.md
@@ -21,7 +21,7 @@ Usage:  docker push [OPTIONS] NAME[:TAG]
 Push an image or a repository to a registry
 
 Options:
-      --disable-content-trust   Skip image verification (default true)
+      --disable-content-trust   Skip image signing (default true)
       --help                    Print usage
 ```