From bb3c0b246617aecb8ecf9120f07efcf45b94ae09 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 17 Jan 2017 15:46:07 +0100 Subject: [PATCH] fix flag descriptions for content-trust Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags for Docker Content Trust. Depending on the `verify` boolean, the message is "Skip image verification", or "Skip image signing". "Signing" is intended for `docker push` / `docker plugin push`. During the migration to Cobra, this boolean got flipped for `docker push` (9640e3a4514f96a890310757a09fd77a3c70e931), causing `docker push` to show the incorrect flag description. This patch changes the flags to use the correct description for `docker push`, and `docker plugin push`. To prevent this confusion in future, the boolean argument is removed, and a `AddTrustSigningFlags()` function is added. Signed-off-by: Sebastiaan van Stijn --- cli/command/container/create.go | 2 +- cli/command/container/run.go | 2 +- cli/command/image/build.go | 2 +- cli/command/image/pull.go | 2 +- cli/command/image/push.go | 2 +- cli/command/plugin/install.go | 2 +- cli/command/plugin/push.go | 2 +- cli/command/trust.go | 26 +++++++++++++---------- docs/reference/commandline/plugin_push.md | 5 +++-- docs/reference/commandline/push.md | 2 +- 10 files changed, 26 insertions(+), 21 deletions(-) diff --git a/cli/command/container/create.go b/cli/command/container/create.go index 13890d9ef5..787d09b3f6 100644 --- a/cli/command/container/create.go +++ b/cli/command/container/create.go @@ -52,7 +52,7 @@ func NewCreateCommand(dockerCli *command.DockerCli) *cobra.Command { // with hostname flags.Bool("help", false, "Print usage") - command.AddTrustedFlags(flags, true) + command.AddTrustVerificationFlags(flags) copts = addFlags(flags) return cmd } diff --git a/cli/command/container/run.go b/cli/command/container/run.go index cbe64548ea..e805ca1a57 100644 --- a/cli/command/container/run.go +++ b/cli/command/container/run.go @@ -61,7 +61,7 @@ func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command { // with hostname flags.Bool("help", false, "Print usage") - command.AddTrustedFlags(flags, true) + command.AddTrustVerificationFlags(flags) copts = addFlags(flags) return cmd } diff --git a/cli/command/image/build.go b/cli/command/image/build.go index 5d6e611406..3c92ba20b9 100644 --- a/cli/command/image/build.go +++ b/cli/command/image/build.go @@ -108,7 +108,7 @@ func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command { flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options") flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build") - command.AddTrustedFlags(flags, true) + command.AddTrustVerificationFlags(flags) flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer") flags.SetAnnotation("squash", "experimental", nil) diff --git a/cli/command/image/pull.go b/cli/command/image/pull.go index 24933fe846..e840671c62 100644 --- a/cli/command/image/pull.go +++ b/cli/command/image/pull.go @@ -36,7 +36,7 @@ func NewPullCommand(dockerCli *command.DockerCli) *cobra.Command { flags := cmd.Flags() flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository") - command.AddTrustedFlags(flags, true) + command.AddTrustVerificationFlags(flags) return cmd } diff --git a/cli/command/image/push.go b/cli/command/image/push.go index a8ce4945ec..a5ba7d794e 100644 --- a/cli/command/image/push.go +++ b/cli/command/image/push.go @@ -24,7 +24,7 @@ func NewPushCommand(dockerCli *command.DockerCli) *cobra.Command { flags := cmd.Flags() - command.AddTrustedFlags(flags, true) + command.AddTrustSigningFlags(flags) return cmd } diff --git a/cli/command/plugin/install.go b/cli/command/plugin/install.go index a64dc2525a..fd30600370 100644 --- a/cli/command/plugin/install.go +++ b/cli/command/plugin/install.go @@ -47,7 +47,7 @@ func newInstallCommand(dockerCli *command.DockerCli) *cobra.Command { flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install") flags.StringVar(&options.alias, "alias", "", "Local name for plugin") - command.AddTrustedFlags(flags, true) + command.AddTrustVerificationFlags(flags) return cmd } diff --git a/cli/command/plugin/push.go b/cli/command/plugin/push.go index b0766307f3..1a9c592a93 100644 --- a/cli/command/plugin/push.go +++ b/cli/command/plugin/push.go @@ -26,7 +26,7 @@ func newPushCommand(dockerCli *command.DockerCli) *cobra.Command { flags := cmd.Flags() - command.AddTrustedFlags(flags, true) + command.AddTrustSigningFlags(flags) return cmd } diff --git a/cli/command/trust.go b/cli/command/trust.go index b4c8a84ee5..c0742bc5b2 100644 --- a/cli/command/trust.go +++ b/cli/command/trust.go @@ -12,13 +12,20 @@ var ( untrusted bool ) -// AddTrustedFlags adds content trust flags to the current command flagset -func AddTrustedFlags(fs *pflag.FlagSet, verify bool) { - trusted, message := setupTrustedFlag(verify) - fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message) +// AddTrustVerificationFlags adds content trust flags to the provided flagset +func AddTrustVerificationFlags(fs *pflag.FlagSet) { + trusted := getDefaultTrustState() + fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image verification") } -func setupTrustedFlag(verify bool) (bool, string) { +// AddTrustSigningFlags adds "signing" flags to the provided flagset +func AddTrustSigningFlags(fs *pflag.FlagSet) { + trusted := getDefaultTrustState() + fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image signing") +} + +// getDefaultTrustState returns true if content trust is enabled through the $DOCKER_CONTENT_TRUST environment variable. +func getDefaultTrustState() bool { var trusted bool if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" { if t, err := strconv.ParseBool(e); t || err != nil { @@ -26,14 +33,11 @@ func setupTrustedFlag(verify bool) (bool, string) { trusted = true } } - message := "Skip image signing" - if verify { - message = "Skip image verification" - } - return trusted, message + return trusted } -// IsTrusted returns true if content trust is enabled +// IsTrusted returns true if content trust is enabled, either through the $DOCKER_CONTENT_TRUST environment variable, +// or through `--disabled-content-trust=false` on a command. func IsTrusted() bool { return !untrusted } diff --git a/docs/reference/commandline/plugin_push.md b/docs/reference/commandline/plugin_push.md index 2747f4c4a9..693dc3a130 100644 --- a/docs/reference/commandline/plugin_push.md +++ b/docs/reference/commandline/plugin_push.md @@ -14,12 +14,13 @@ keywords: "plugin, push" --> ```markdown -Usage: docker plugin push PLUGIN[:TAG] +Usage: docker plugin push PLUGIN[:TAG] Push a plugin to a registry Options: - --help Print usage + --disable-content-trust Skip image signing (default true) + --help Print usage ``` Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution, diff --git a/docs/reference/commandline/push.md b/docs/reference/commandline/push.md index e36fd026d1..33cc399767 100644 --- a/docs/reference/commandline/push.md +++ b/docs/reference/commandline/push.md @@ -21,7 +21,7 @@ Usage: docker push [OPTIONS] NAME[:TAG] Push an image or a repository to a registry Options: - --disable-content-trust Skip image verification (default true) + --disable-content-trust Skip image signing (default true) --help Print usage ```