Revendor to official docker/notary 87c591965429960d1a109d9aa95741a73b2e1c58

cli/command/image/trust.go

@@ -158,7 +158,7 @@ func PushTrustedReference(streams command.Streams, repoInfo *registry.Repository
 // (based on whether we have the signing key and whether the role's path allows
 // us to).
 // If there are no delegation roles, we add to the targets role.
-func addTargetToAllSignableRoles(repo *client.NotaryRepository, target *client.Target) error {
+func addTargetToAllSignableRoles(repo *client.Repository, target *client.Target) error {
 	var signableRoles []string
 
 	// translate the full key names, which includes the GUN, into just the key IDs
@@ -183,7 +183,7 @@ func addTargetToAllSignableRoles(repo *client.NotaryRepository, target *client.T
 		// We do not support signing any delegation role that isn't a direct child of the targets role.
 		// Also don't bother checking the keys if we can't add the target
 		// to this role due to path restrictions
-		if path.Dir(delegationRole.Name) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
+		if data.RoleName(path.Dir(delegationRole.Name)) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
 			continue
 		}
 
@@ -228,7 +228,7 @@ func trustedPull(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 
 	if tagged, isTagged := ref.(reference.NamedTagged); !isTagged {
 		// List all targets
-		targets, err := notaryRepo.ListTargets(trust.ReleasesRole, data.CanonicalTargetsRole)
+		targets, err := notaryRepo.ListTargets(data.RoleName(trust.ReleasesRole), data.CanonicalTargetsRole)
 		if err != nil {
 			return trust.NotaryError(ref.Name(), err)
 		}
@@ -240,7 +240,7 @@ func trustedPull(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 			}
 			// Only list tags in the top level targets role or the releases delegation role - ignore
 			// all other delegation roles
-			if tgt.Role != trust.ReleasesRole && tgt.Role != data.CanonicalTargetsRole {
+			if tgt.Role != data.RoleName(trust.ReleasesRole) && data.RoleName(tgt.Role) != data.CanonicalTargetsRole {
 				continue
 			}
 			refs = append(refs, t)
@@ -249,13 +249,13 @@ func trustedPull(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 			return trust.NotaryError(ref.Name(), errors.Errorf("No trusted tags for %s", ref.Name()))
 		}
 	} else {
-		t, err := notaryRepo.GetTargetByName(tagged.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+		t, err := notaryRepo.GetTargetByName(tagged.Tag(), data.RoleName(trust.ReleasesRole), data.CanonicalTargetsRole)
 		if err != nil {
 			return trust.NotaryError(ref.Name(), err)
 		}
 		// Only get the tag if it's in the top level targets role or the releases delegation role
 		// ignore it if it's in any other delegation roles
-		if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+		if t.Role != data.RoleName(trust.ReleasesRole) && t.Role != data.CanonicalTargetsRole {
 			return trust.NotaryError(ref.Name(), errors.Errorf("No trust data for %s", tagged.Tag()))
 		}
 
@@ -341,13 +341,13 @@ func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedT
 		return nil, err
 	}
 
-	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+	t, err := notaryRepo.GetTargetByName(ref.Tag(), data.RoleName(trust.ReleasesRole), data.CanonicalTargetsRole)
 	if err != nil {
 		return nil, trust.NotaryError(repoInfo.Name.Name(), err)
 	}
 	// Only list tags in the top level targets role or the releases delegation role - ignore
 	// all other delegation roles
-	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+	if t.Role != data.RoleName(trust.ReleasesRole) && t.Role != data.CanonicalTargetsRole {
 		return nil, trust.NotaryError(repoInfo.Name.Name(), errors.Errorf("No trust data for %s", ref.Tag()))
 	}
 	r, err := convertTarget(t.Target)

cli/command/service/trust.go

@@ -9,7 +9,6 @@ import (
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/registry"
 	"github.com/docker/notary/tuf/data"
-	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
@@ -64,13 +63,13 @@ func trustedResolveDigest(ctx context.Context, cli command.Cli, ref reference.Na
 		return nil, errors.Wrap(err, "error establishing connection to trust repository")
 	}
 
-	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+	t, err := notaryRepo.GetTargetByName(ref.Tag(), data.RoleName(trust.ReleasesRole), data.CanonicalTargetsRole)
 	if err != nil {
 		return nil, trust.NotaryError(repoInfo.Name.Name(), err)
 	}
 	// Only get the tag if it's in the top level targets role or the releases delegation role
 	// ignore it if it's in any other delegation roles
-	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+	if t.Role != data.RoleName(trust.ReleasesRole) && data.RoleName(t.Role) != data.CanonicalTargetsRole {
 		return nil, trust.NotaryError(repoInfo.Name.Name(), errors.Errorf("No trust data for %s", reference.FamiliarString(ref)))
 	}
 

cli/trust/trust.go

@@ -33,7 +33,7 @@ import (
 
 var (
 	// ReleasesRole is the role named "releases"
-	ReleasesRole = path.Join(data.CanonicalTargetsRole, "releases")
+	ReleasesRole = path.Join(data.CanonicalTargetsRole.String(), "releases")
 )
 
 func trustDirectory() string {
@@ -86,7 +86,7 @@ func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {
 // GetNotaryRepository returns a NotaryRepository which stores all the
 // information needed to operate on a notary repository.
 // It creates an HTTP transport providing authentication support.
-func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig, actions ...string) (*client.NotaryRepository, error) {
+func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig, actions ...string) (client.Repository, error) {
 	server, err := Server(repoInfo.Index)
 	if err != nil {
 		return nil, err
@@ -164,9 +164,9 @@ func GetNotaryRepository(streams command.Streams, repoInfo *registry.RepositoryI
 	modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler))
 	tr := transport.NewTransport(base, modifiers...)
 
-	return client.NewNotaryRepository(
+	return client.NewFileCachedRepository(
 		trustDirectory(),
-		repoInfo.Name.Name(),
+		data.GUN(repoInfo.Name.Name()),
 		server,
 		tr,
 		getPassphraseRetriever(streams),
@@ -193,7 +193,7 @@ func getPassphraseRetriever(streams command.Streams) notary.PassRetriever {
 			return v, numAttempts > 1, nil
 		}
 		// For non-root roles, we can also try the "default" alias if it is specified
-		if v := env["default"]; v != "" && alias != data.CanonicalRootRole {
+		if v := env["default"]; v != "" && alias != data.CanonicalRootRole.String() {
 			return v, numAttempts > 1, nil
 		}
 		return baseRetriever(keyName, alias, createNew, numAttempts)

vendor.conf

@@ -4,7 +4,7 @@ github.com/coreos/etcd 824277cb3a577a0e8c829ca9ec557b973fe06d20
 github.com/cpuguy83/go-md2man a65d4d2de4d5f7c74868dfa9b202a3c8be315aaa
 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76
 github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
-github.com/docker/docker 184cea5ff710abde25547749e5608b24a255ba09 
+github.com/docker/docker 184cea5ff710abde25547749e5608b24a255ba09
 github.com/docker/docker-credential-helpers v0.5.1
 
 # the docker/go package contains a customized version of canonical/json
@@ -14,7 +14,7 @@ github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
 github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
-github.com/docker/notary v0.4.2-sirupsen https://github.com/simonferquel/notary.git
+github.com/docker/notary 87c591965429960d1a109d9aa95741a73b2e1c58
 github.com/docker/swarmkit 0554c9bc9a485025e89b8e5c2c1f0d75961906a2
 github.com/flynn-archive/go-shlex 3f9db97f856818214da2e1057f8ad84803971cff
 github.com/gogo/protobuf v0.4
@@ -29,7 +29,7 @@ github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f
 github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715
 github.com/moby/buildkit da2b9dc7dab99e824b2b1067ad7d0523e32dd2d9 https://github.com/dmcgowan/buildkit.git
 github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty
-github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448 
+github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448
 github.com/opencontainers/image-spec v1.0.0
 github.com/opencontainers/runc d40db12e72a40109dfcf28539f5ee0930d2f0277
 github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9
@@ -45,10 +45,10 @@ github.com/tonistiigi/fsutil 0ac4c11b053b9c5c7c47558f81f96c7100ce50fb
 github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
 github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45
 github.com/xeipuuv/gojsonschema 93e72a773fade158921402d6a24c819b48aba29d
-golang.org/x/crypto 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2
+golang.org/x/crypto 5bcd134fee4dd1475da17714aac19c0aa0142e2f
 golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
 golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
-golang.org/x/sys 739734461d1c916b6c72a63d7efda2b27edb369f 
+golang.org/x/sys 739734461d1c916b6c72a63d7efda2b27edb369f
 golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
 golang.org/x/time a4bde12657593d5e90d0533a3e4fd95e635124cb
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944