diff --git a/cmd/notation/cert/generateTest.go b/cmd/notation/cert/generateTest.go index 69b83ff09..8f417c982 100644 --- a/cmd/notation/cert/generateTest.go +++ b/cmd/notation/cert/generateTest.go @@ -83,7 +83,15 @@ func generateTestCert(opts *certGenerateTestOpts) error { fmt.Println("generated certificate expiring on", rsaCertTuple.Cert.NotAfter.Format(time.RFC3339)) // write private key - keyPath, certPath := dir.Path.Localkey(name) + relativeKeyPath, relativeCertPath := dir.LocalKeyPath(name) + keyPath, err := dir.ConfigFS().SysPath(relativeKeyPath) + if err != nil { + return err + } + certPath, err := dir.ConfigFS().SysPath(relativeCertPath) + if err != nil { + return err + } if err := osutil.WriteFileWithPermission(keyPath, keyBytes, 0600, false); err != nil { return fmt.Errorf("failed to write key file: %v", err) } diff --git a/cmd/notation/cert/list.go b/cmd/notation/cert/list.go index fe8601acf..0bc484b97 100644 --- a/cmd/notation/cert/list.go +++ b/cmd/notation/cert/list.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/notaryproject/notation-go/dir" - "github.com/notaryproject/notation-go/verification" + notationgoTruststore "github.com/notaryproject/notation-go/verifier/truststore" "github.com/notaryproject/notation/cmd/notation/internal/truststore" "github.com/spf13/cobra" ) @@ -38,7 +38,7 @@ func listCerts(opts *certListOpts) error { // List all certificates under truststore/x509, display empty if there's // no certificate yet if namedStore == "" && storeType == "" { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509") + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509") if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } @@ -52,7 +52,7 @@ func listCerts(opts *certListOpts) error { // List all certificates under truststore/x509/storeType/namedStore, // display empty if there's no such certificate if namedStore != "" && storeType != "" { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } @@ -66,7 +66,7 @@ func listCerts(opts *certListOpts) error { // List all certificates under x509/storeType, display empty if // there's no certificate yet if storeType != "" { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } @@ -76,8 +76,8 @@ func listCerts(opts *certListOpts) error { } else { // List all certificates under named store namedStore, display empty if // there's no such certificate - for _, t := range verification.TrustStorePrefixes { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", string(t), namedStore) + for _, t := range notationgoTruststore.Types { + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", string(t), namedStore) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } diff --git a/cmd/notation/cert/show.go b/cmd/notation/cert/show.go index 6b14026c0..78f7b767c 100644 --- a/cmd/notation/cert/show.go +++ b/cmd/notation/cert/show.go @@ -59,7 +59,7 @@ func showCerts(opts *certShowOpts) error { return errors.New("certificate fileName cannot be empty") } - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) if err != nil { return fmt.Errorf("failed to show details of certificate %s, with error: %s", cert, err.Error()) } diff --git a/cmd/notation/internal/truststore/truststore.go b/cmd/notation/internal/truststore/truststore.go index 9d438e6db..8a850cf92 100644 --- a/cmd/notation/internal/truststore/truststore.go +++ b/cmd/notation/internal/truststore/truststore.go @@ -14,7 +14,7 @@ import ( corex509 "github.com/notaryproject/notation-core-go/x509" "github.com/notaryproject/notation-go/dir" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/verifier/truststore" "github.com/notaryproject/notation/cmd/notation/internal/cmdutil" "github.com/notaryproject/notation/internal/osutil" ) @@ -44,7 +44,7 @@ func AddCert(path, storeType, namedStore string, display bool) error { // core process // get the trust store path - trustStorePath, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore) + trustStorePath, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err := CheckNonErrNotExistError(err); err != nil { return err } @@ -119,7 +119,7 @@ func showCert(cert *x509.Certificate) { // DeleteAllCerts deletes all certificate files from the trust store // under dir truststore/x509/storeType/namedStore func DeleteAllCerts(storeType, namedStore string, confirmed bool, errorSlice []error) []error { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err == nil { prompt := fmt.Sprintf("Are you sure you want to delete all certificate in %q of type %q?", namedStore, storeType) confirmed, err := cmdutil.AskForConfirmation(os.Stdin, prompt, confirmed) @@ -147,7 +147,7 @@ func DeleteAllCerts(storeType, namedStore string, confirmed bool, errorSlice []e // DeleteCert deletes a specific certificate file from the // trust store, namely truststore/x509/storeType/namedStore/cert func DeleteCert(storeType, namedStore, cert string, confirmed bool, errorSlice []error) []error { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) if err == nil { prompt := fmt.Sprintf("Are you sure you want to delete %q in %q of type %q?", cert, namedStore, storeType) confirmed, err := cmdutil.AskForConfirmation(os.Stdin, prompt, confirmed) @@ -183,7 +183,7 @@ func CheckNonErrNotExistError(err error) error { // IsValidStoreType checks if storeType is supported func IsValidStoreType(storeType string) bool { - for _, t := range verification.TrustStorePrefixes { + for _, t := range truststore.Types { if storeType == string(t) { return true } diff --git a/cmd/notation/key.go b/cmd/notation/key.go index bcf5c4bd6..a54d1c14f 100644 --- a/cmd/notation/key.go +++ b/cmd/notation/key.go @@ -7,7 +7,8 @@ import ( "os" "github.com/notaryproject/notation-go/config" - "github.com/notaryproject/notation-go/plugin/manager" + "github.com/notaryproject/notation-go/dir" + "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" "github.com/notaryproject/notation/internal/slices" @@ -186,14 +187,12 @@ func addExternalKey(ctx context.Context, opts *keyAddOpts, pluginName, keyName s if id == "" { return config.KeySuite{}, errors.New("missing key id") } - mgr := manager.New() - p, err := mgr.Get(ctx, pluginName) + mgr := plugin.NewCLIManager(dir.PluginFS()) + // Check existence of plugin with name pluginName + _, err := mgr.Get(ctx, pluginName) if err != nil { return config.KeySuite{}, err } - if p.Err != nil { - return config.KeySuite{}, fmt.Errorf("invalid plugin: %w", p.Err) - } pluginConfig, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) if err != nil { return config.KeySuite{}, err diff --git a/cmd/notation/list.go b/cmd/notation/list.go index 027c4c663..5914f9df8 100644 --- a/cmd/notation/list.go +++ b/cmd/notation/list.go @@ -6,10 +6,8 @@ import ( "fmt" notationRegistry "github.com/notaryproject/notation-go/registry" - notationregistry "github.com/notaryproject/notation-go/registry" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1" "github.com/spf13/cobra" "oras.land/oras-go/v2/registry" ) @@ -61,12 +59,9 @@ func runList(command *cobra.Command, opts *listOpts) error { return printSignatureManifestDigests(command.Context(), manifestDesc.Digest, sigRepo, reference) } -// printSignatureManifestDigests returns the signature manifest digest of +// printSignatureManifestDigests returns the signature manifest digests of // the subject manifest. -// -// TODO: this is a temporary function and will be replaced after -// notation-go refactor. -func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo *notationregistry.RepositoryClient, reference string) error { +func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo notationRegistry.Repository, reference string) error { // prepare title ref, err := registry.ParseReference(reference) if err != nil { @@ -83,11 +78,13 @@ func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Di } // traverse referrers + artifactDescriptor, err := sigRepo.Resolve(ctx, reference) + if err != nil { + return err + } var prevDigest digest.Digest - if err := sigRepo.Repository.Referrers(ctx, ocispec.Descriptor{ - Digest: manifestDigest, - }, notationRegistry.ArtifactTypeNotation, func(referrers []artifactspec.Descriptor) error { - for _, desc := range referrers { + err = sigRepo.ListSignatures(ctx, artifactDescriptor, func(signatureManifests []ocispec.Descriptor) error { + for _, sigManifestDesc := range signatureManifests { if prevDigest != "" { // check and print title printTitle() @@ -95,10 +92,12 @@ func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Di // print each signature digest fmt.Printf(" ├── %s\n", prevDigest) } - prevDigest = desc.Digest + prevDigest = sigManifestDesc.Digest } return nil - }); err != nil { + }) + + if err != nil { return err } diff --git a/cmd/notation/manifest.go b/cmd/notation/manifest.go index b9d82baf2..472c56e15 100644 --- a/cmd/notation/manifest.go +++ b/cmd/notation/manifest.go @@ -4,26 +4,26 @@ import ( "context" "errors" - "github.com/notaryproject/notation-go" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" "oras.land/oras-go/v2/registry" ) -func getManifestDescriptorFromContext(ctx context.Context, opts *SecureFlagOpts, ref string) (notation.Descriptor, error) { +func getManifestDescriptorFromContext(ctx context.Context, opts *SecureFlagOpts, ref string) (ocispec.Descriptor, error) { if ref == "" { - return notation.Descriptor{}, errors.New("missing reference") + return ocispec.Descriptor{}, errors.New("missing reference") } return getManifestDescriptorFromReference(ctx, opts, ref) } -func getManifestDescriptorFromReference(ctx context.Context, opts *SecureFlagOpts, reference string) (notation.Descriptor, error) { +func getManifestDescriptorFromReference(ctx context.Context, opts *SecureFlagOpts, reference string) (ocispec.Descriptor, error) { ref, err := registry.ParseReference(reference) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } repo, err := getRepositoryClient(opts, ref) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } return repo.Resolve(ctx, ref.ReferenceOrDefault()) } diff --git a/cmd/notation/plugin.go b/cmd/notation/plugin.go index 4ee8d2c94..b2484d303 100644 --- a/cmd/notation/plugin.go +++ b/cmd/notation/plugin.go @@ -3,7 +3,8 @@ package main import ( "os" - "github.com/notaryproject/notation-go/plugin/manager" + "github.com/notaryproject/notation-go/dir" + "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" ) @@ -29,10 +30,17 @@ func pluginListCommand() *cobra.Command { } func listPlugins(command *cobra.Command) error { - mgr := manager.New() - plugins, err := mgr.List(command.Context()) + mgr := plugin.NewCLIManager(dir.PluginFS()) + pluginNames, err := mgr.List(command.Context()) if err != nil { return err } - return ioutil.PrintPlugins(os.Stdout, plugins) + var plugins []plugin.Plugin + var errors []error + for _, n := range pluginNames { + pl, err := mgr.Get(command.Context(), n) + errors = append(errors, err) + plugins = append(plugins, pl) + } + return ioutil.PrintPlugins(command.Context(), os.Stdout, plugins, errors) } diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go index 0551bc341..da37e2288 100644 --- a/cmd/notation/registry.go +++ b/cmd/notation/registry.go @@ -14,7 +14,7 @@ import ( "oras.land/oras-go/v2/registry/remote/auth" ) -func getSignatureRepository(opts *SecureFlagOpts, reference string) (*notationregistry.RepositoryClient, error) { +func getSignatureRepository(opts *SecureFlagOpts, reference string) (notationregistry.Repository, error) { ref, err := registry.ParseReference(reference) if err != nil { return nil, err @@ -35,12 +35,18 @@ func getRegistryClient(opts *SecureFlagOpts, serverAddress string) (*remote.Regi return reg, nil } -func getRepositoryClient(opts *SecureFlagOpts, ref registry.Reference) (*notationregistry.RepositoryClient, error) { +func getRepositoryClient(opts *SecureFlagOpts, ref registry.Reference) (notationregistry.Repository, error) { authClient, plainHTTP, err := getAuthClient(opts, ref) if err != nil { return nil, err } - return notationregistry.NewRepositoryClient(authClient, ref, plainHTTP), nil + repo := &remote.Repository{ + Client: authClient, + Reference: ref, + PlainHTTP: plainHTTP, + } + + return notationregistry.NewRepository(repo), nil } func getAuthClient(opts *SecureFlagOpts, ref registry.Reference) (*auth.Client, bool, error) { diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index b1c7a83bc..2758b2bb1 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -9,6 +9,7 @@ import ( "github.com/notaryproject/notation-go" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/envelope" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/spf13/cobra" ) @@ -74,61 +75,37 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { if err != nil { return err } - sig, err := signer.Sign(command.Context(), desc, opts) + sigRepo, err := getSignatureRepository(&cmdOpts.SecureFlagOpts, cmdOpts.reference) if err != nil { return err } - - // write out - ref := cmdOpts.reference - if _, err := pushSignature(command.Context(), &cmdOpts.SecureFlagOpts, ref, sig); err != nil { - return fmt.Errorf("fail to push signature to %q: %v: %v", - ref, - desc.Digest, - err, - ) + _, err = notation.Sign(command.Context(), signer, sigRepo, opts) + if err != nil { + return err } + // write out fmt.Println(desc.Digest) return nil } -func prepareSigningContent(ctx context.Context, opts *signOpts) (notation.Descriptor, notation.SignOptions, error) { +func prepareSigningContent(ctx context.Context, opts *signOpts) (ocispec.Descriptor, notation.SignOptions, error) { manifestDesc, err := getManifestDescriptorFromContext(ctx, &opts.SecureFlagOpts, opts.reference) if err != nil { - return notation.Descriptor{}, notation.SignOptions{}, err + return ocispec.Descriptor{}, notation.SignOptions{}, err + } + mediaType, err := envelope.GetEnvelopeMediaType(opts.SignerFlagOpts.SignatureFormat) + if err != nil { + return ocispec.Descriptor{}, notation.SignOptions{}, err } pluginConfig, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) if err != nil { - return notation.Descriptor{}, notation.SignOptions{}, err + return ocispec.Descriptor{}, notation.SignOptions{}, err } return manifestDesc, notation.SignOptions{ - Expiry: cmd.GetExpiry(opts.expiry), - PluginConfig: pluginConfig, + ArtifactReference: opts.reference, + SignatureMediaType: mediaType, + Expiry: cmd.GetExpiry(opts.expiry), + PluginConfig: pluginConfig, }, nil } - -func pushSignature(ctx context.Context, opts *SecureFlagOpts, ref string, sig []byte) (notation.Descriptor, error) { - // initialize - sigRepo, err := getSignatureRepository(opts, ref) - if err != nil { - return notation.Descriptor{}, err - } - manifestDesc, err := getManifestDescriptorFromReference(ctx, opts, ref) - if err != nil { - return notation.Descriptor{}, err - } - - // core process - // pass in nonempty annotations if needed - sigMediaType, err := envelope.SpeculateSignatureEnvelopeFormat(sig) - if err != nil { - return notation.Descriptor{}, err - } - sigDesc, _, err := sigRepo.PutSignatureManifest(ctx, sig, sigMediaType, manifestDesc, make(map[string]string)) - if err != nil { - return notation.Descriptor{}, fmt.Errorf("put signature manifest failure: %v", err) - } - - return sigDesc, nil -} diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index e5fd71a5f..fbac59d80 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -2,16 +2,19 @@ package main import ( "errors" + "math" "os" "strings" + "github.com/notaryproject/notation-go" notationregistry "github.com/notaryproject/notation-go/registry" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" "oras.land/oras-go/v2/registry" + "oras.land/oras-go/v2/registry/remote" ) type verifyOpts struct { @@ -52,10 +55,17 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // initialize verifier. - verifier, err := getVerifier(opts, ref) + verifier, err := verifier.NewFromConfig() if err != nil { return err } + authClient, plainHTTP, _ := getAuthClient(&opts.SecureFlagOpts, ref) + remote_repo := remote.Repository{ + Client: authClient, + Reference: ref, + PlainHTTP: plainHTTP, + } + repo := notationregistry.NewRepository(&remote_repo) // set up verification plugin config. configs, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) @@ -63,25 +73,21 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { return err } + verifyOpts := notation.RemoteVerifyOptions{ + ArtifactReference: ref.String(), + PluginConfig: configs, + // TODO: need to change MaxSignatureAttempts as a user input flag or + // a field in config.json + MaxSignatureAttempts: math.MaxInt64, + } + // core verify process. - ctx := verification.WithPluginConfig(command.Context(), configs) - outcomes, err := verifier.Verify(ctx, ref.String()) + _, outcomes, err := notation.Verify(command.Context(), verifier, repo, verifyOpts) // write out. return ioutil.PrintVerificationResults(os.Stdout, outcomes, err, ref.Reference) } -func getVerifier(opts *verifyOpts, ref registry.Reference) (*verification.Verifier, error) { - authClient, plainHTTP, err := getAuthClient(&opts.SecureFlagOpts, ref) - if err != nil { - return nil, err - } - - repo := notationregistry.NewRepositoryClient(authClient, ref, plainHTTP) - - return verification.NewVerifier(repo) -} - func resolveReference(command *cobra.Command, opts *verifyOpts) (registry.Reference, error) { ref, err := registry.ParseReference(opts.reference) if err != nil { diff --git a/go.mod b/go.mod index 7b126ad4b..00d403ea2 100644 --- a/go.mod +++ b/go.mod @@ -5,15 +5,14 @@ go 1.19 require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 - github.com/notaryproject/notation-core-go v0.2.0-beta.1 - github.com/notaryproject/notation-go v0.12.0-beta.1 + github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023 + github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221129043056-7ae1f5fd0730 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 - github.com/oras-project/artifacts-spec v1.0.0-rc.2 + github.com/opencontainers/image-spec v1.1.0-rc2 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 - github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 - oras.land/oras-go/v2 v2.0.0-rc.3 + github.com/veraison/go-cose v1.0.0-rc.2 + oras.land/oras-go/v2 v2.0.0-rc.5 ) require ( @@ -23,7 +22,6 @@ require ( github.com/go-ldap/ldap/v3 v3.4.4 // indirect github.com/golang-jwt/jwt/v4 v4.4.2 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect - github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 // indirect github.com/x448/float16 v0.8.4 // indirect golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect diff --git a/go.sum b/go.sum index df85c91d6..9dd96ea96 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f h1:3NCYdjXycNd/Xn/iICZzmxkiDX1e1cjTHjbMAz+wRVk= github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= @@ -17,18 +17,14 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA= -github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= -github.com/notaryproject/notation-go v0.12.0-beta.1 h1:LATXX7gt/Y7a+vqLVN4Ydmd6GfaPAFRdKgUEjaEYhUM= -github.com/notaryproject/notation-go v0.12.0-beta.1/go.mod h1:sfOLDfdt7IXtzU9tyGwhsWDYY357+OWr1ktCfHfLdOk= -github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU= -github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4= +github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023 h1:Z/2hxPJOjWfmgOPTNkGBDp/LVIEtizd9uJNQvjFE0Dc= +github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023/go.mod h1:n8Gbvl9sKa00KptkKEL5XKUyMTIALe74QipKauE2rj4= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221129043056-7ae1f5fd0730 h1:WPzkdjn/fruM07tl4ZsrUNBx9FT2a/hCJwj2Djuamv0= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221129043056-7ae1f5fd0730/go.mod h1:2Xy40C9rJip3h9XPC6ei2HEEdUoZJ5KDC6mlX/FD0oQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec= -github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/oras-project/artifacts-spec v1.0.0-rc.2 h1:9SMCNSxkJEHqWGDiMCuy6TXHgvjgwXGdXZZGXLKQvVE= -github.com/oras-project/artifacts-spec v1.0.0-rc.2/go.mod h1:Xch2aLzSwtkhbFFN6LUzTfLtukYvMMdXJ4oZ8O7BOdc= +github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= +github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -39,8 +35,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs= -github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= +github.com/veraison/go-cose v1.0.0-rc.2 h1:zH3QmP4N5kwpdGauceIT3aJm8iUyV9OqpUOb+7CF7rQ= +github.com/veraison/go-cose v1.0.0-rc.2/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= @@ -59,5 +55,5 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -oras.land/oras-go/v2 v2.0.0-rc.3 h1:O4GeIwJ9Ge7rbCkqa/M7DLrL55ww+ZEc+Rhc63OYitU= -oras.land/oras-go/v2 v2.0.0-rc.3/go.mod h1:PrY+cCglzK/DrQoJUtxbYVbL94ZHecVS3eJR01RglpE= +oras.land/oras-go/v2 v2.0.0-rc.5 h1:enT2ZMNo383bH3INm1/+mw4d09AaMbqx0BMhsgEDUSg= +oras.land/oras-go/v2 v2.0.0-rc.5/go.mod h1:YGHvWBGuqRlZgUyXUIoKsR3lcuCOb3DAtG0SEsEw1iY= diff --git a/internal/cmd/signer.go b/internal/cmd/signer.go index 135cd2ab8..1c23e3292 100644 --- a/internal/cmd/signer.go +++ b/internal/cmd/signer.go @@ -1,23 +1,19 @@ package cmd import ( + "context" "errors" "time" "github.com/notaryproject/notation-go" - "github.com/notaryproject/notation-go/plugin/manager" - "github.com/notaryproject/notation-go/signature" - "github.com/notaryproject/notation/internal/envelope" + "github.com/notaryproject/notation-go/dir" + "github.com/notaryproject/notation-go/plugin" + "github.com/notaryproject/notation-go/signer" "github.com/notaryproject/notation/pkg/configutil" ) // GetSigner returns a signer according to the CLI context. func GetSigner(opts *SignerFlagOpts) (notation.Signer, error) { - // Construct a signer from key and cert file if provided as CLI arguments - mediaType, err := envelope.GetEnvelopeMediaType(opts.SignatureFormat) - if err != nil { - return nil, err - } // Construct a signer from preconfigured key pair in config.json // if key name is provided as the CLI argument key, err := configutil.ResolveKey(opts.Key) @@ -25,17 +21,17 @@ func GetSigner(opts *SignerFlagOpts) (notation.Signer, error) { return nil, err } if key.X509KeyPair != nil { - return signature.NewSignerFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath, mediaType) + return signer.NewFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath) } // Construct a plugin signer if key name provided as the CLI argument // corresponds to an external key if key.ExternalKey != nil { - mgr := manager.New() - runner, err := mgr.Runner(key.PluginName) + mgr := plugin.NewCLIManager(dir.PluginFS()) + plugin, err := mgr.Get(context.Background(), key.PluginName) if err != nil { return nil, err } - return signature.NewSignerPlugin(runner, key.ExternalKey.ID, key.PluginConfig, mediaType) + return signer.NewFromPlugin(plugin, key.ExternalKey.ID, key.PluginConfig) } return nil, errors.New("unsupported key, either provide a local key and certificate file paths, or a key name in config.json, check [DOC_PLACEHOLDER] for details") } diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 9f7eca634..daf0431aa 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -1,25 +1,36 @@ package ioutil import ( + "context" "fmt" "io" "text/tabwriter" + "github.com/notaryproject/notation-go" "github.com/notaryproject/notation-go/config" - "github.com/notaryproject/notation-go/plugin/manager" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/plugin" + "github.com/notaryproject/notation-go/plugin/proto" ) func newTabWriter(w io.Writer) *tabwriter.Writer { return tabwriter.NewWriter(w, 0, 0, 3, ' ', 0) } -func PrintPlugins(w io.Writer, v []*manager.Plugin) error { +func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin, errors []error) error { tw := newTabWriter(w) fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\tERROR\t") - for _, p := range v { + for ind, p := range v { + metaData := proto.GetMetadataResponse{} + if p != nil { + req := &proto.GetMetadataRequest{} + metadata, err := p.GetMetadata(ctx, req) + if err == nil { + metaData = *metadata + } + errors[ind] = err + } fmt.Fprintf(tw, "%s\t%s\t%s\t%v\t%v\t\n", - p.Name, p.Description, p.Version, p.Capabilities, p.Err) + metaData.Name, metaData.Description, metaData.Version, metaData.Capabilities, errors[ind]) } return tw.Flush() } @@ -45,36 +56,16 @@ func PrintKeyMap(w io.Writer, target string, v []config.KeySuite) error { return tw.Flush() } -func PrintCertificateMap(w io.Writer, v []config.CertificateReference) error { - tw := newTabWriter(w) - fmt.Fprintln(tw, "NAME\tPATH\t") - for _, cert := range v { - fmt.Fprintf(tw, "%s\t%s\t\n", cert.Name, cert.Path) - } - return tw.Flush() -} - -func PrintVerificationResults(w io.Writer, v []*verification.SignatureVerificationOutcome, resultErr error, digest string) error { +func PrintVerificationResults(w io.Writer, v []*notation.VerificationOutcome, resultErr error, digest string) error { tw := newTabWriter(w) if resultErr == nil { - fmt.Fprintf(tw, "Signature verification succeeded for %s\n", digest) + fmt.Fprintf(tw, "Successfully verified for %s\n", digest) // TODO[https://github.com/notaryproject/notation/issues/304]: print out failed validations as warnings. return nil } - - fmt.Fprintf(tw, "ERROR: %s\n\n", resultErr.Error()) - printOutcomes(tw, v, digest) + fmt.Printf("Signature verification failed for all the signatures associated with digest: %s\n", digest) tw.Flush() return resultErr } - -func printOutcomes(tw *tabwriter.Writer, outcomes []*verification.SignatureVerificationOutcome, digest string) { - fmt.Printf("Signature verification failed for all the %d signatures associated with digest: %s\n\n", len(outcomes), digest) - - // TODO[https://github.com/notaryproject/notation/issues/304]: print out detailed errors in debug mode. - for idx, outcome := range outcomes { - fmt.Printf("Signature #%d : %s\n", idx+1, outcome.Error.Error()) - } -}