Update push to sign with the daemon's key when no manifest is given
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan
parent
25945a40c4
commit
8ceb9d20d6
|
|
@ -895,8 +895,13 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
|
|||
return nil, err
|
||||
}
|
||||
|
||||
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
log.Debugf("Creating repository list")
|
||||
repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g)
|
||||
repositories, err := graph.NewTagStore(path.Join(config.Root, "repositories-"+driver.String()), g, trustKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Couldn't create Tag store: %s", err)
|
||||
}
|
||||
|
|
@ -961,11 +966,6 @@ func NewDaemonFromDirectory(config *Config, eng *engine.Engine) (*Daemon, error)
|
|||
return nil, err
|
||||
}
|
||||
|
||||
trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
daemon := &Daemon{
|
||||
ID: trustKey.PublicKey().KeyID(),
|
||||
repository: daemonRepo,
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/docker/docker/pkg/archive"
|
||||
"github.com/docker/docker/registry"
|
||||
"github.com/docker/docker/utils"
|
||||
"github.com/docker/libtrust"
|
||||
)
|
||||
|
||||
// Retrieve the all the images to be uploaded in the correct order
|
||||
|
|
@ -308,7 +309,26 @@ func (s *TagStore) CmdPush(job *engine.Job) engine.Status {
|
|||
}
|
||||
|
||||
if len(manifestBytes) == 0 {
|
||||
// TODO Create manifest and sign
|
||||
mBytes, err := s.newManifest(repoInfo.LocalName, repoInfo.RemoteName, tag)
|
||||
if err != nil {
|
||||
return job.Error(err)
|
||||
}
|
||||
js, err := libtrust.NewJSONSignature(mBytes)
|
||||
if err != nil {
|
||||
return job.Error(err)
|
||||
}
|
||||
|
||||
if err = js.Sign(s.trustKey); err != nil {
|
||||
return job.Error(err)
|
||||
}
|
||||
|
||||
signedBody, err := js.PrettySignature("signatures")
|
||||
if err != nil {
|
||||
return job.Error(err)
|
||||
}
|
||||
log.Infof("Signed manifest using daemon's key: %s", s.trustKey.KeyID())
|
||||
|
||||
manifestBytes = string(signedBody)
|
||||
}
|
||||
|
||||
manifest, verified, err := s.verifyManifest(job.Eng, []byte(manifestBytes))
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/docker/docker/pkg/parsers"
|
||||
"github.com/docker/docker/registry"
|
||||
"github.com/docker/docker/utils"
|
||||
"github.com/docker/libtrust"
|
||||
)
|
||||
|
||||
const DEFAULTTAG = "latest"
|
||||
|
|
@ -27,6 +28,7 @@ type TagStore struct {
|
|||
path string
|
||||
graph *Graph
|
||||
Repositories map[string]Repository
|
||||
trustKey libtrust.PrivateKey
|
||||
sync.Mutex
|
||||
// FIXME: move push/pull-related fields
|
||||
// to a helper type
|
||||
|
|
@ -54,7 +56,7 @@ func (r Repository) Contains(u Repository) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
func NewTagStore(path string, graph *Graph) (*TagStore, error) {
|
||||
func NewTagStore(path string, graph *Graph, key libtrust.PrivateKey) (*TagStore, error) {
|
||||
abspath, err := filepath.Abs(path)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -63,6 +65,7 @@ func NewTagStore(path string, graph *Graph) (*TagStore, error) {
|
|||
store := &TagStore{
|
||||
path: abspath,
|
||||
graph: graph,
|
||||
trustKey: key,
|
||||
Repositories: make(map[string]Repository),
|
||||
pullingPool: make(map[string]chan struct{}),
|
||||
pushingPool: make(map[string]chan struct{}),
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ func mkTestTagStore(root string, t *testing.T) *TagStore {
|
|||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
store, err := NewTagStore(path.Join(root, "tags"), graph)
|
||||
store, err := NewTagStore(path.Join(root, "tags"), graph, nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue