Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix brittle splitting of GUN and target #62

Merged
merged 3 commits into from
Feb 22, 2020
Merged

Fix brittle splitting of GUN and target #62

merged 3 commits into from
Feb 22, 2020

Conversation

radu-matei
Copy link
Member

@radu-matei radu-matei commented Feb 21, 2020
edited

closes #48
closes #49
closes #50

TODO:

  • test with local registry and port numbers
  • test with with multi-path hierarchy structure
  • test with Docker Hub and Notary
  • test list command

Fix brittle splitting of GUN and target
7f6e308 
Signed-off-by: Radu M <root@radu.sh>
radu-matei
radu-matei commented Feb 21, 2020
View reviewed changes
Makefile Outdated Show resolved Hide resolved
radu-matei
radu-matei commented Feb 21, 2020
View reviewed changes
pkg/tuf/sign.go Outdated Show resolved Hide resolved
radu-matei
radu-matei commented Feb 21, 2020
View reviewed changes
pkg/tuf/verify.go Outdated Show resolved Hide resolved
@radu-matei
Copy link
Member Author

  • local registry and trust server, with port number in URL:
 $ signy 
   --tlscacert=$NOTARY_CA 
   --server https://localhost:4443 
   sign testdata/cnab/bundle.json localhost:5000/thin-bundle:v1

INFO[0000] Starting to copy image cnab/helloworld:0.1.1
INFO[0001] Completed image cnab/helloworld:0.1.1 copy
INFO[0001] Generated relocation map: relocation.ImageRelocationMap{"cnab/helloworld:0.1.1":"localhost:5000/thin-bundle@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}
INFO[0002] Pushed successfully, with digest "sha256:b4936e42304c184bafc9b06dde9ea1f979129e09a021a8f40abc07f736de9268"
INFO[0002] Root key found, using: ac20f61a2b72960d46f3c3bacbfe63ae1064165f477fc343911ebfdca7baf345
INFO[0002] Pushed trust data for localhost:5000/thin-bundle:v1: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

 $ signy 
   --tlscacert=$NOTARY_CA 
   --server https://localhost:4443 
   verify localhost:5000/thin-bundle:v1
INFO[0000] Pulled trust data for localhost:5000/thin-bundle:v1, with role targets - SHA256: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
INFO[0000] Pulling bundle from registry: localhost:5000/thin-bundle:v1
INFO[0000] Computed SHA: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
INFO[0000] The SHA sums are equal: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

$ signy 
   --tlscacert=$NOTARY_CA 
   --server https://localhost:4443 
   list localhost:5000/thin-bundle
v1      c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
  • local registry and trust server, with port number, and multiple paths:
 $ signy 
   --tlscacert=$NOTARY_CA 
   --server https://localhost:4443 
   sign testdata/cnab/bundle.json localhost:5000/multi-path-repo/thin-bundle:v1

INFO[0000] Starting to copy image cnab/helloworld:0.1.1
INFO[0001] Completed image cnab/helloworld:0.1.1 copy
INFO[0001] Generated relocation map: relocation.ImageRelocationMap{"cnab/helloworld:0.1.1":"localhost:5000/multi-path-repo/thin-bundle@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}
INFO[0001] Pushed successfully, with digest "sha256:b4936e42304c184bafc9b06dde9ea1f979129e09a021a8f40abc07f736de9268"
INFO[0001] Root key found, using: ac20f61a2b72960d46f3c3bacbfe63ae1064165f477fc343911ebfdca7baf345
INFO[0001] Pushed trust data for localhost:5000/multi-path-repo/thin-bundle:v1: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

$ signy 
   --tlscacert=$NOTARY_CA 
   --server https://localhost:4443 
   verify localhost:5000/multi-path-repo/thin-bundle:v1

INFO[0000] Pulled trust data for localhost:5000/multi-path-repo/thin-bundle:v1, with role targets - SHA256: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
INFO[0000] Pulling bundle from registry: localhost:5000/multi-path-repo/thin-bundle:v1
INFO[0000] Computed SHA: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
INFO[0000] The SHA sums are equal: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

$ signy 
   --tlscacert=$NOTARY_CA 
   --server https://localhost:4443 
   list localhost:5000/multi-path-repo/thin-bundle

v1      c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
  • Docker Hub and Notary:
$ signy sign testdata/cnab/bundle.json radumatei/test-signy-ref:v1

INFO[0000] Starting to copy image cnab/helloworld:0.1.1
INFO[0002] Completed image cnab/helloworld:0.1.1 copy
INFO[0002] Generated relocation map: relocation.ImageRelocationMap{"cnab/helloworld:0.1.1":"docker.io/radumatei/test-signy-ref@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}
INFO[0004] Pushed successfully, with digest "sha256:bc9ee7c4f564aaa22ece941e9188186da270e872074d7475b1db8f8b9364c212"
INFO[0005] Root key found, using: ac20f61a2b72960d46f3c3bacbfe63ae1064165f477fc343911ebfdca7baf345
INFO[0006] Pushed trust data for radumatei/test-signy-ref:v1: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

$ signy verify radumatei/test-signy-ref:v1

INFO[0001] Pulled trust data for radumatei/test-signy-ref:v1, with role targets - SHA256: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
INFO[0001] Pulling bundle from registry: radumatei/test-signy-ref:v1
INFO[0002] Computed SHA: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
INFO[0002] The SHA sums are equal: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

$ signy list radumatei/test-signy-ref

Error: cannot list targets:notary.docker.io does not have trust data for radumatei/test-signy-ref

$ signy list docker.io/radumatei/test-signy-ref

v1      c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5

Notice that the list command for Docker Hub still requires you to prepend docker.io to the username and repository.

@radu-matei radu-matei marked this pull request as ready for review February 21, 2020 04:21
trishankatdatadog
trishankatdatadog reviewed Feb 21, 2020
View reviewed changes
Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Would you please add some unit tests for this?

Add test for parsing references
7fd5532 
Signed-off-by: Radu M <root@radu.sh>
@radu-matei
Copy link
Member Author

Added a test, PTAL.

trishankatdatadog
trishankatdatadog approved these changes Feb 22, 2020
View reviewed changes
Copy link
Member

@trishankatdatadog trishankatdatadog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@trishankatdatadog trishankatdatadog merged commit 9720dfd into cnabio:master Feb 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trishankatdatadog trishankatdatadog trishankatdatadog approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@radu-matei @trishankatdatadog