Merge pull request #30211 from thaJeztah/fix-content-trust-flags

fix flag descriptions for content-trust
2022-11-09 12:21:53 -05:00 · 2017-01-23 23:52:11 +01:00 · 2017-01-23 23:52:11 +01:00 · 7fed0830f3
commit 7fed0830f3
parent eac3e4b5dd bb3c0b2466
10 changed files with 26 additions and 21 deletions
--- a/cli/command/container/create.go
+++ b/cli/command/container/create.go
@ -52,7 +52,7 @@ func NewCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
 	// with hostname
 	flags.Bool("help", false, "Print usage")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	copts = addFlags(flags)
 	return cmd
 }
--- a/cli/command/container/run.go
+++ b/cli/command/container/run.go
@ -61,7 +61,7 @@ func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command {
 	// with hostname
 	flags.Bool("help", false, "Print usage")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	copts = addFlags(flags)
 	return cmd
 }
--- a/cli/command/image/build.go
+++ b/cli/command/image/build.go
@ -108,7 +108,7 @@ func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options")
 	flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer")
 	flags.SetAnnotation("squash", "experimental", nil)
--- a/cli/command/image/pull.go
+++ b/cli/command/image/pull.go
@ -36,7 +36,7 @@ func NewPullCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	return cmd
 }
--- a/cli/command/image/push.go
+++ b/cli/command/image/push.go
@ -24,7 +24,7 @@ func NewPushCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags := cmd.Flags()
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustSigningFlags(flags)
 	return cmd
 }
--- a/cli/command/plugin/install.go
+++ b/cli/command/plugin/install.go
@ -47,7 +47,7 @@ func newInstallCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install")
 	flags.StringVar(&options.alias, "alias", "", "Local name for plugin")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	return cmd
 }
--- a/cli/command/plugin/push.go
+++ b/cli/command/plugin/push.go
@ -26,7 +26,7 @@ func newPushCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags := cmd.Flags()
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustSigningFlags(flags)
 	return cmd
 }
--- a/cli/command/trust.go
+++ b/cli/command/trust.go
@ -12,13 +12,20 @@ var (
 	untrusted bool
 )
-// AddTrustedFlags adds content trust flags to the current command flagset
+// AddTrustVerificationFlags adds content trust flags to the provided flagset
-func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {
+func AddTrustVerificationFlags(fs *pflag.FlagSet) {
-	trusted, message := setupTrustedFlag(verify)
+	trusted := getDefaultTrustState()
-	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)
+	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image verification")
 }
-func setupTrustedFlag(verify bool) (bool, string) {
+// AddTrustSigningFlags adds "signing" flags to the provided flagset
 func AddTrustSigningFlags(fs *pflag.FlagSet) {
 	trusted := getDefaultTrustState()
 	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image signing")
 }
 // getDefaultTrustState returns true if content trust is enabled through the $DOCKER_CONTENT_TRUST environment variable.
 func getDefaultTrustState() bool {
 	var trusted bool
 	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
 		if t, err := strconv.ParseBool(e); t || err != nil {
@ -26,14 +33,11 @@ func setupTrustedFlag(verify bool) (bool, string) {
 			trusted = true
 		}
 	}
-	message := "Skip image signing"
+	return trusted
 	if verify {
 		message = "Skip image verification"
 	}
 	return trusted, message
 }
-// IsTrusted returns true if content trust is enabled
+// IsTrusted returns true if content trust is enabled, either through the $DOCKER_CONTENT_TRUST environment variable,
 // or through `--disabled-content-trust=false` on a command.
 func IsTrusted() bool {
 	return !untrusted
 }
--- a/docs/reference/commandline/plugin_push.md
+++ b/docs/reference/commandline/plugin_push.md
@ -19,6 +19,7 @@ Usage:  docker plugin push PLUGIN[:TAG]
 Push a plugin to a registry
 Options:
      --disable-content-trust   Skip image signing (default true)
      --help                    Print usage
 ```
--- a/docs/reference/commandline/push.md
+++ b/docs/reference/commandline/push.md
@ -21,7 +21,7 @@ Usage:  docker push [OPTIONS] NAME[:TAG]
 Push an image or a repository to a registry
 Options:
-      --disable-content-trust   Skip image verification (default true)
+      --disable-content-trust   Skip image signing (default true)
      --help                    Print usage
 ```