Conversation
|
Can we combine this PR with #14453 so the conversation is not fragmented |
|
Also how will these changes be effected by the refactor of the registry code, which I hope will get in before this PR if I am not mistaken right? |
|
@jfrazelle I decoupled the registry refactor for the initial PR so this would not be dependent on the other. The authentication code will require using code from the registry client though. Either way we can get this in without the other. |
|
I wonder if we should put this in experimental. That way we'd have more time to polish it. |
|
is this the same vendored uuid library we were having issues with |
|
I think it is the same library, will submit a PR to notary to use the distribution version |
0c0d64e to
8261259
Compare
|
Updated uuid library |
8261259 to
8b9ddbe
Compare
There was a problem hiding this comment.
Are we really going to depend on a fork on the standard encoding/json for a diff which I personally can't find because the file content was reordered?
|
some tests would be nice, even just unit tests, but integration maybe at least one |
api/client/create.go
Outdated
There was a problem hiding this comment.
shouldnt there be a TODO for when isTrusted(repo) is false we will eventually want to explode and die with 80 bajillion warnings
|
I would ask what the value is, I could easily squash the 3rd to last, the last one was left unsquash to easily backout (no emotional attachment), and the second to last I left untouched to make updates easier and the squash should be ugly to put each change in their proper place 😄. |
Clean up tests to remove duplicate code Add tests which run pull and create in an isolated configuration directory. Add build test for untrusted tag Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
Update help line to allow 90 characters instead of 80 The trust flag pushes out the help description column wider, requiring more room to display help messages. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
380139f to
259cadb
Compare
|
Bah ci failed anyway, squashed away 2 more and pushed |
|
started lxc build, bc why nottttttt 😇 |
|
Please ignore ping failures against |
|
Ignoring failures on www.docker.io pings: we're good to go. |
|
🎉 |
|
so, should I submit https://github.com/dmcgowan/docker/pull/25/files against upstream then? |
moby#14546 actually fixed issue moby#14837 but I don't see a new test to ensure we don't regress. So this PR adds a test and then we can close moby#14837. Closes moby#14837 Signed-off-by: Doug Davis <dug@us.ibm.com>
moby#14546 actually fixed issue moby#14837 but I don't see a new test to ensure we don't regress. So this PR adds a test and then we can close moby#14837. Closes moby#14837 Signed-off-by: Doug Davis <dug@us.ibm.com>
I disagree with moby#14546 that pushed the help text past 80 chars. Aside from it now making the help text look ugly on 80 char displays, which I use, one thing I like about the previous limitation is that it forced us to keep our options down to more reasonable phrases/words. For example, I think ` --disable-content-trust=true` could have been: ` --disable-trust=true` or even: ` --disable-ctrust=true` But regardless, let's at least make the comments match what the code does. Signed-off-by: Doug Davis <dug@us.ibm.com>
I disagree with moby#14546 that pushed the help text past 80 chars. Aside from it now making the help text look ugly on 80 char displays, which I use, one thing I like about the previous limitation is that it forced us to keep our options down to more reasonable phrases/words. For example, I think ` --disable-content-trust=true` could have been: ` --disable-trust=true` or even: ` --disable-ctrust=true` But regardless, let's at least make the comments match what the code does. Signed-off-by: Doug Davis <dug@us.ibm.com>
Summary
Add support for trusted image distribution through the use of notary. Notary logic is done client side to allow cli users full configuration of trust and limiting access to private keys to user's machine. Trusted cli actions which involve pulling will always do a pull by digest to the daemon. Since the daemon already supports pull by digest, no changes to the daemon are needed to support the use of notary. All signatures will be done directly from the client on push. For more details on the design, see the design document.
UX Changes
Flags
--untrusted- Explicitly run a pull or push action as untrusted. Defaults to true in 1.7. This can be used to override theDOCKER_NOTARYenvironment variable.Trusted Mode
Pull Changes
Pull by digest
The initial pull line will now always include the digest of the image being pulled.
Sequential pull all
When pulling multiple tags, the client will now sequentially call a pull by digest on every tag.
Full sample pull output
Push Changes
Status Line
Push status line which displays digest now shows tag, digest, and size. This was used for client to be able to parse from the output what the pushed manifests were. These output lines represent the changes which will be made to the notary repository.
old
new
Passphrase prompt on first push of repository
When a repository is pushed for the first time the cli will be prompted for a passphrase. The passphrase will not be echoed back to the user. If metadata is near expiration time, the passphrase may be prompted again to re-sign the metadata. Subsequent pushes should not require entering a passphrase. If entering in a passphrase is not desirable, then the
notarytool may be used directly to initialize a repository.Full sample push output
Environment Variables
DOCKER_NOTARY- boolean whether to use Notary in DockerNOTARY_SERVER- Notary server to use for all repositoriesRemaining items for code review