From b910a8a1114648a207b5676aa8d3e6e0d57b261c Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Wed, 12 Oct 2022 11:02:39 +0800 Subject: [PATCH 01/23] updated dependency Signed-off-by: Patrick Zheng --- go.mod | 4 ++-- go.sum | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index bab4cc5c6..a55dac5f2 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.19 require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 - github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921054535-009c09a9628e - github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220927020950-2bcfd343f974 + github.com/notaryproject/notation-core-go v0.1.0-alpha.4 + github.com/notaryproject/notation-go v0.11.0-alpha.4 github.com/opencontainers/go-digest v1.0.0 github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 7c8e219c0..47134c266 100644 --- a/go.sum +++ b/go.sum @@ -3,14 +3,15 @@ github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f h1:3N github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= +github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921054535-009c09a9628e h1:n3wJRhIVbEGg497rtKV3IMaZJv2hFKYHCOtNIOAyLYw= -github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921054535-009c09a9628e/go.mod h1:mM4M9wPdu0CGgh8f3wOcu0XMiXwEKWQurjBG4nmqQ4g= -github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220927020950-2bcfd343f974 h1:aJ5p4zydKHoyXVK62H50fmj5czcxXpSG5a24EgoZH5E= -github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220927020950-2bcfd343f974/go.mod h1:TeQIoxMetPFqJSDzcHnGZ6x9kKzglfSmgxYrWt9/viA= +github.com/notaryproject/notation-core-go v0.1.0-alpha.4 h1:0OhA2PjwT0TAouHOrU4K+8H9YM6E/e4/ocoq+JiHeOw= +github.com/notaryproject/notation-core-go v0.1.0-alpha.4/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= +github.com/notaryproject/notation-go v0.11.0-alpha.4 h1:PNptLtrhW0jyw10hUWU+KNzvzeuBBZmg+/1IUaGYE10= +github.com/notaryproject/notation-go v0.11.0-alpha.4/go.mod h1:4xYTcW4wfsXkXw3piUA53uSW82RwdXyipSEtiiRVrCw= github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU= github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -24,6 +25,8 @@ github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 h1:UiNENfZ8gDvpiWw7IpOMQ27spWmThO1RwwdQVbJahJM= From 3d3f972b733be09795f2928ace23146250f13a18 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 15 Nov 2022 13:30:50 +0800 Subject: [PATCH 02/23] initialize Signed-off-by: Patrick Zheng --- go.mod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/go.mod b/go.mod index 7b126ad4b..a9832daa5 100644 --- a/go.mod +++ b/go.mod @@ -29,3 +29,5 @@ require ( golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) + +replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go sign \ No newline at end of file From 9ae62884e22300bcb4d7ffc65d8b37ae458cdcc3 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 15 Nov 2022 13:51:41 +0800 Subject: [PATCH 03/23] initialize Signed-off-by: Patrick Zheng --- cmd/notation/cert/list.go | 4 ++-- cmd/notation/internal/truststore/truststore.go | 4 ++-- cmd/notation/key.go | 4 ++-- cmd/notation/plugin.go | 4 ++-- cmd/notation/verify.go | 8 ++++---- go.mod | 7 +++---- go.sum | 16 +++++++--------- internal/cmd/signer.go | 10 +++++----- internal/ioutil/print.go | 10 +++++----- 9 files changed, 32 insertions(+), 35 deletions(-) diff --git a/cmd/notation/cert/list.go b/cmd/notation/cert/list.go index fe8601acf..8fc2d40f6 100644 --- a/cmd/notation/cert/list.go +++ b/cmd/notation/cert/list.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/notaryproject/notation-go/dir" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/cmd/notation/internal/truststore" "github.com/spf13/cobra" ) @@ -76,7 +76,7 @@ func listCerts(opts *certListOpts) error { } else { // List all certificates under named store namedStore, display empty if // there's no such certificate - for _, t := range verification.TrustStorePrefixes { + for _, t := range verifier.TrustStorePrefixes { path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", string(t), namedStore) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err diff --git a/cmd/notation/internal/truststore/truststore.go b/cmd/notation/internal/truststore/truststore.go index 9d438e6db..6abb38697 100644 --- a/cmd/notation/internal/truststore/truststore.go +++ b/cmd/notation/internal/truststore/truststore.go @@ -14,7 +14,7 @@ import ( corex509 "github.com/notaryproject/notation-core-go/x509" "github.com/notaryproject/notation-go/dir" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/cmd/notation/internal/cmdutil" "github.com/notaryproject/notation/internal/osutil" ) @@ -183,7 +183,7 @@ func CheckNonErrNotExistError(err error) error { // IsValidStoreType checks if storeType is supported func IsValidStoreType(storeType string) bool { - for _, t := range verification.TrustStorePrefixes { + for _, t := range verifier.TrustStorePrefixes { if storeType == string(t) { return true } diff --git a/cmd/notation/key.go b/cmd/notation/key.go index bcf5c4bd6..3b477420f 100644 --- a/cmd/notation/key.go +++ b/cmd/notation/key.go @@ -7,7 +7,7 @@ import ( "os" "github.com/notaryproject/notation-go/config" - "github.com/notaryproject/notation-go/plugin/manager" + "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" "github.com/notaryproject/notation/internal/slices" @@ -186,7 +186,7 @@ func addExternalKey(ctx context.Context, opts *keyAddOpts, pluginName, keyName s if id == "" { return config.KeySuite{}, errors.New("missing key id") } - mgr := manager.New() + mgr := plugin.NewCLIManager(dir.PluginFS()) p, err := mgr.Get(ctx, pluginName) if err != nil { return config.KeySuite{}, err diff --git a/cmd/notation/plugin.go b/cmd/notation/plugin.go index 4ee8d2c94..c95c6ab49 100644 --- a/cmd/notation/plugin.go +++ b/cmd/notation/plugin.go @@ -3,7 +3,7 @@ package main import ( "os" - "github.com/notaryproject/notation-go/plugin/manager" + "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" ) @@ -29,7 +29,7 @@ func pluginListCommand() *cobra.Command { } func listPlugins(command *cobra.Command) error { - mgr := manager.New() + mgr := plugin.NewCLIManager(dir.PluginFS()) plugins, err := mgr.List(command.Context()) if err != nil { return err diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index e5fd71a5f..f98c781f1 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -6,7 +6,7 @@ import ( "strings" notationregistry "github.com/notaryproject/notation-go/registry" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" @@ -64,14 +64,14 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // core verify process. - ctx := verification.WithPluginConfig(command.Context(), configs) + ctx := verifier.WithPluginConfig(command.Context(), configs) outcomes, err := verifier.Verify(ctx, ref.String()) // write out. return ioutil.PrintVerificationResults(os.Stdout, outcomes, err, ref.Reference) } -func getVerifier(opts *verifyOpts, ref registry.Reference) (*verification.Verifier, error) { +func getVerifier(opts *verifyOpts, ref registry.Reference) (*verifier.Verifier, error) { authClient, plainHTTP, err := getAuthClient(&opts.SecureFlagOpts, ref) if err != nil { return nil, err @@ -79,7 +79,7 @@ func getVerifier(opts *verifyOpts, ref registry.Reference) (*verification.Verifi repo := notationregistry.NewRepositoryClient(authClient, ref, plainHTTP) - return verification.NewVerifier(repo) + return verifier.NewVerifier(repo) } func resolveReference(command *cobra.Command, opts *verifyOpts) (registry.Reference, error) { diff --git a/go.mod b/go.mod index a9832daa5..3329d1824 100644 --- a/go.mod +++ b/go.mod @@ -8,12 +8,12 @@ require ( github.com/notaryproject/notation-core-go v0.2.0-beta.1 github.com/notaryproject/notation-go v0.12.0-beta.1 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 + github.com/opencontainers/image-spec v1.1.0-rc2 github.com/oras-project/artifacts-spec v1.0.0-rc.2 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 - oras.land/oras-go/v2 v2.0.0-rc.3 + oras.land/oras-go/v2 v2.0.0-rc.4 ) require ( @@ -23,11 +23,10 @@ require ( github.com/go-ldap/ldap/v3 v3.4.4 // indirect github.com/golang-jwt/jwt/v4 v4.4.2 // indirect github.com/inconshreveable/mousetrap v1.0.1 // indirect - github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 // indirect github.com/x448/float16 v0.8.4 // indirect golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) -replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go sign \ No newline at end of file +replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115040102-e426472c1c9e diff --git a/go.sum b/go.sum index df85c91d6..bebbd033f 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f h1:3NCYdjXycNd/Xn/iICZzmxkiDX1e1cjTHjbMAz+wRVk= github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= @@ -19,16 +19,14 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA= github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= -github.com/notaryproject/notation-go v0.12.0-beta.1 h1:LATXX7gt/Y7a+vqLVN4Ydmd6GfaPAFRdKgUEjaEYhUM= -github.com/notaryproject/notation-go v0.12.0-beta.1/go.mod h1:sfOLDfdt7IXtzU9tyGwhsWDYY357+OWr1ktCfHfLdOk= -github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU= -github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec= -github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= +github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/oras-project/artifacts-spec v1.0.0-rc.2 h1:9SMCNSxkJEHqWGDiMCuy6TXHgvjgwXGdXZZGXLKQvVE= github.com/oras-project/artifacts-spec v1.0.0-rc.2/go.mod h1:Xch2aLzSwtkhbFFN6LUzTfLtukYvMMdXJ4oZ8O7BOdc= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115040102-e426472c1c9e h1:ih885uHIffyM9eCmPU6GQY7k20G4tuM6pGu77bnOL9Y= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115040102-e426472c1c9e/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -59,5 +57,5 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -oras.land/oras-go/v2 v2.0.0-rc.3 h1:O4GeIwJ9Ge7rbCkqa/M7DLrL55ww+ZEc+Rhc63OYitU= -oras.land/oras-go/v2 v2.0.0-rc.3/go.mod h1:PrY+cCglzK/DrQoJUtxbYVbL94ZHecVS3eJR01RglpE= +oras.land/oras-go/v2 v2.0.0-rc.4 h1:hg/R2znUQ1+qd43gRmL16VeX1GIZ8hQlLalBjYhhKSk= +oras.land/oras-go/v2 v2.0.0-rc.4/go.mod h1:YGHvWBGuqRlZgUyXUIoKsR3lcuCOb3DAtG0SEsEw1iY= diff --git a/internal/cmd/signer.go b/internal/cmd/signer.go index 135cd2ab8..e54b512c7 100644 --- a/internal/cmd/signer.go +++ b/internal/cmd/signer.go @@ -5,8 +5,8 @@ import ( "time" "github.com/notaryproject/notation-go" - "github.com/notaryproject/notation-go/plugin/manager" - "github.com/notaryproject/notation-go/signature" + "github.com/notaryproject/notation-go/plugin" + "github.com/notaryproject/notation-go/signer" "github.com/notaryproject/notation/internal/envelope" "github.com/notaryproject/notation/pkg/configutil" ) @@ -25,17 +25,17 @@ func GetSigner(opts *SignerFlagOpts) (notation.Signer, error) { return nil, err } if key.X509KeyPair != nil { - return signature.NewSignerFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath, mediaType) + return signer.NewSignerFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath, mediaType) } // Construct a plugin signer if key name provided as the CLI argument // corresponds to an external key if key.ExternalKey != nil { - mgr := manager.New() + mgr := plugin.NewCLIManager(dir.PluginFS()) runner, err := mgr.Runner(key.PluginName) if err != nil { return nil, err } - return signature.NewSignerPlugin(runner, key.ExternalKey.ID, key.PluginConfig, mediaType) + return signer.NewSignerPlugin(runner, key.ExternalKey.ID, key.PluginConfig, mediaType) } return nil, errors.New("unsupported key, either provide a local key and certificate file paths, or a key name in config.json, check [DOC_PLACEHOLDER] for details") } diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 9f7eca634..949549f7f 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -6,15 +6,15 @@ import ( "text/tabwriter" "github.com/notaryproject/notation-go/config" - "github.com/notaryproject/notation-go/plugin/manager" - "github.com/notaryproject/notation-go/verification" + "github.com/notaryproject/notation-go/plugin" + "github.com/notaryproject/notation-go/verifier" ) func newTabWriter(w io.Writer) *tabwriter.Writer { return tabwriter.NewWriter(w, 0, 0, 3, ' ', 0) } -func PrintPlugins(w io.Writer, v []*manager.Plugin) error { +func PrintPlugins(w io.Writer, v []*plugin.Plugin) error { tw := newTabWriter(w) fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\tERROR\t") for _, p := range v { @@ -54,7 +54,7 @@ func PrintCertificateMap(w io.Writer, v []config.CertificateReference) error { return tw.Flush() } -func PrintVerificationResults(w io.Writer, v []*verification.SignatureVerificationOutcome, resultErr error, digest string) error { +func PrintVerificationResults(w io.Writer, v []*verifier.SignatureVerificationOutcome, resultErr error, digest string) error { tw := newTabWriter(w) if resultErr == nil { @@ -70,7 +70,7 @@ func PrintVerificationResults(w io.Writer, v []*verification.SignatureVerificati return resultErr } -func printOutcomes(tw *tabwriter.Writer, outcomes []*verification.SignatureVerificationOutcome, digest string) { +func printOutcomes(tw *tabwriter.Writer, outcomes []*verifier.SignatureVerificationOutcome, digest string) { fmt.Printf("Signature verification failed for all the %d signatures associated with digest: %s\n\n", len(outcomes), digest) // TODO[https://github.com/notaryproject/notation/issues/304]: print out detailed errors in debug mode. From 170fa86cc674177283294981c8df7f4f2851e5d0 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 15 Nov 2022 15:21:23 +0800 Subject: [PATCH 04/23] update Signed-off-by: Patrick Zheng --- cmd/notation/manifest.go | 12 ++++++------ cmd/notation/registry.go | 12 +++++++++--- cmd/notation/sign.go | 25 ++++++++++++++----------- cmd/notation/verify.go | 32 ++++++++++++++++---------------- go.mod | 2 +- go.sum | 4 ++-- internal/cmd/signer.go | 14 +++++--------- 7 files changed, 53 insertions(+), 48 deletions(-) diff --git a/cmd/notation/manifest.go b/cmd/notation/manifest.go index b9d82baf2..472c56e15 100644 --- a/cmd/notation/manifest.go +++ b/cmd/notation/manifest.go @@ -4,26 +4,26 @@ import ( "context" "errors" - "github.com/notaryproject/notation-go" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" "oras.land/oras-go/v2/registry" ) -func getManifestDescriptorFromContext(ctx context.Context, opts *SecureFlagOpts, ref string) (notation.Descriptor, error) { +func getManifestDescriptorFromContext(ctx context.Context, opts *SecureFlagOpts, ref string) (ocispec.Descriptor, error) { if ref == "" { - return notation.Descriptor{}, errors.New("missing reference") + return ocispec.Descriptor{}, errors.New("missing reference") } return getManifestDescriptorFromReference(ctx, opts, ref) } -func getManifestDescriptorFromReference(ctx context.Context, opts *SecureFlagOpts, reference string) (notation.Descriptor, error) { +func getManifestDescriptorFromReference(ctx context.Context, opts *SecureFlagOpts, reference string) (ocispec.Descriptor, error) { ref, err := registry.ParseReference(reference) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } repo, err := getRepositoryClient(opts, ref) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } return repo.Resolve(ctx, ref.ReferenceOrDefault()) } diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go index 0551bc341..da37e2288 100644 --- a/cmd/notation/registry.go +++ b/cmd/notation/registry.go @@ -14,7 +14,7 @@ import ( "oras.land/oras-go/v2/registry/remote/auth" ) -func getSignatureRepository(opts *SecureFlagOpts, reference string) (*notationregistry.RepositoryClient, error) { +func getSignatureRepository(opts *SecureFlagOpts, reference string) (notationregistry.Repository, error) { ref, err := registry.ParseReference(reference) if err != nil { return nil, err @@ -35,12 +35,18 @@ func getRegistryClient(opts *SecureFlagOpts, serverAddress string) (*remote.Regi return reg, nil } -func getRepositoryClient(opts *SecureFlagOpts, ref registry.Reference) (*notationregistry.RepositoryClient, error) { +func getRepositoryClient(opts *SecureFlagOpts, ref registry.Reference) (notationregistry.Repository, error) { authClient, plainHTTP, err := getAuthClient(opts, ref) if err != nil { return nil, err } - return notationregistry.NewRepositoryClient(authClient, ref, plainHTTP), nil + repo := &remote.Repository{ + Client: authClient, + Reference: ref, + PlainHTTP: plainHTTP, + } + + return notationregistry.NewRepository(repo), nil } func getAuthClient(opts *SecureFlagOpts, ref registry.Reference) (*auth.Client, bool, error) { diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index b1c7a83bc..af88c0684 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -9,6 +9,7 @@ import ( "github.com/notaryproject/notation-go" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/envelope" + ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/spf13/cobra" ) @@ -74,7 +75,7 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { if err != nil { return err } - sig, err := signer.Sign(command.Context(), desc, opts) + sig, _, err := signer.Sign(command.Context(), desc, opts) if err != nil { return err } @@ -93,41 +94,43 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { return nil } -func prepareSigningContent(ctx context.Context, opts *signOpts) (notation.Descriptor, notation.SignOptions, error) { +func prepareSigningContent(ctx context.Context, opts *signOpts) (ocispec.Descriptor, notation.SignOptions, error) { manifestDesc, err := getManifestDescriptorFromContext(ctx, &opts.SecureFlagOpts, opts.reference) if err != nil { - return notation.Descriptor{}, notation.SignOptions{}, err + return ocispec.Descriptor{}, notation.SignOptions{}, err } pluginConfig, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) if err != nil { - return notation.Descriptor{}, notation.SignOptions{}, err + return ocispec.Descriptor{}, notation.SignOptions{}, err } return manifestDesc, notation.SignOptions{ - Expiry: cmd.GetExpiry(opts.expiry), - PluginConfig: pluginConfig, + ArtifactReference: opts.reference, + SignatureMediaType: opts.SignerFlagOpts.SignatureFormat, + Expiry: cmd.GetExpiry(opts.expiry), + PluginConfig: pluginConfig, }, nil } -func pushSignature(ctx context.Context, opts *SecureFlagOpts, ref string, sig []byte) (notation.Descriptor, error) { +func pushSignature(ctx context.Context, opts *SecureFlagOpts, ref string, sig []byte) (ocispec.Descriptor, error) { // initialize sigRepo, err := getSignatureRepository(opts, ref) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } manifestDesc, err := getManifestDescriptorFromReference(ctx, opts, ref) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } // core process // pass in nonempty annotations if needed sigMediaType, err := envelope.SpeculateSignatureEnvelopeFormat(sig) if err != nil { - return notation.Descriptor{}, err + return ocispec.Descriptor{}, err } sigDesc, _, err := sigRepo.PutSignatureManifest(ctx, sig, sigMediaType, manifestDesc, make(map[string]string)) if err != nil { - return notation.Descriptor{}, fmt.Errorf("put signature manifest failure: %v", err) + return ocispec.Descriptor{}, fmt.Errorf("put signature manifest failure: %v", err) } return sigDesc, nil diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index f98c781f1..6b888dd3b 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -5,6 +5,7 @@ import ( "os" "strings" + "github.com/notaryproject/notation-go" notationregistry "github.com/notaryproject/notation-go/registry" "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/internal/cmd" @@ -12,6 +13,7 @@ import ( "github.com/spf13/cobra" "oras.land/oras-go/v2/registry" + "oras.land/oras-go/v2/registry/remote" ) type verifyOpts struct { @@ -52,10 +54,14 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // initialize verifier. - verifier, err := getVerifier(opts, ref) - if err != nil { - return err + verifier, _ := verifier.New() + authClient, plainHTTP, _ := getAuthClient(&opts.SecureFlagOpts, ref) + remote_repo := remote.Repository{ + Client: authClient, + Reference: ref, + PlainHTTP: plainHTTP, } + repo := notationregistry.NewRepository(&remote_repo) // set up verification plugin config. configs, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) @@ -64,24 +70,18 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // core verify process. - ctx := verifier.WithPluginConfig(command.Context(), configs) - outcomes, err := verifier.Verify(ctx, ref.String()) + verifyOpts := notation.VerifyOptions{ + ArtifactReference: ref.String(), + SignatureMediaType: "application/cose", + PluginConfig: configs, + MaxSignatureAttempts: 50, + } + _, outcomes, err := notation.Verify(command.Context(), verifier, repo, verifyOpts) // write out. return ioutil.PrintVerificationResults(os.Stdout, outcomes, err, ref.Reference) } -func getVerifier(opts *verifyOpts, ref registry.Reference) (*verifier.Verifier, error) { - authClient, plainHTTP, err := getAuthClient(&opts.SecureFlagOpts, ref) - if err != nil { - return nil, err - } - - repo := notationregistry.NewRepositoryClient(authClient, ref, plainHTTP) - - return verifier.NewVerifier(repo) -} - func resolveReference(command *cobra.Command, opts *verifyOpts) (registry.Reference, error) { ref, err := registry.ParseReference(opts.reference) if err != nil { diff --git a/go.mod b/go.mod index 3329d1824..df6d532be 100644 --- a/go.mod +++ b/go.mod @@ -29,4 +29,4 @@ require ( golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) -replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115040102-e426472c1c9e +replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238 diff --git a/go.sum b/go.sum index bebbd033f..8b2d9b333 100644 --- a/go.sum +++ b/go.sum @@ -25,8 +25,8 @@ github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7X github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/oras-project/artifacts-spec v1.0.0-rc.2 h1:9SMCNSxkJEHqWGDiMCuy6TXHgvjgwXGdXZZGXLKQvVE= github.com/oras-project/artifacts-spec v1.0.0-rc.2/go.mod h1:Xch2aLzSwtkhbFFN6LUzTfLtukYvMMdXJ4oZ8O7BOdc= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115040102-e426472c1c9e h1:ih885uHIffyM9eCmPU6GQY7k20G4tuM6pGu77bnOL9Y= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115040102-e426472c1c9e/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238 h1:F0vreVkDosrctKZ39zq2RfQ9Zh5P/gdwRRnZzFbcqp8= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= diff --git a/internal/cmd/signer.go b/internal/cmd/signer.go index e54b512c7..1c23e3292 100644 --- a/internal/cmd/signer.go +++ b/internal/cmd/signer.go @@ -1,23 +1,19 @@ package cmd import ( + "context" "errors" "time" "github.com/notaryproject/notation-go" + "github.com/notaryproject/notation-go/dir" "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation-go/signer" - "github.com/notaryproject/notation/internal/envelope" "github.com/notaryproject/notation/pkg/configutil" ) // GetSigner returns a signer according to the CLI context. func GetSigner(opts *SignerFlagOpts) (notation.Signer, error) { - // Construct a signer from key and cert file if provided as CLI arguments - mediaType, err := envelope.GetEnvelopeMediaType(opts.SignatureFormat) - if err != nil { - return nil, err - } // Construct a signer from preconfigured key pair in config.json // if key name is provided as the CLI argument key, err := configutil.ResolveKey(opts.Key) @@ -25,17 +21,17 @@ func GetSigner(opts *SignerFlagOpts) (notation.Signer, error) { return nil, err } if key.X509KeyPair != nil { - return signer.NewSignerFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath, mediaType) + return signer.NewFromFiles(key.X509KeyPair.KeyPath, key.X509KeyPair.CertificatePath) } // Construct a plugin signer if key name provided as the CLI argument // corresponds to an external key if key.ExternalKey != nil { mgr := plugin.NewCLIManager(dir.PluginFS()) - runner, err := mgr.Runner(key.PluginName) + plugin, err := mgr.Get(context.Background(), key.PluginName) if err != nil { return nil, err } - return signer.NewSignerPlugin(runner, key.ExternalKey.ID, key.PluginConfig, mediaType) + return signer.NewFromPlugin(plugin, key.ExternalKey.ID, key.PluginConfig) } return nil, errors.New("unsupported key, either provide a local key and certificate file paths, or a key name in config.json, check [DOC_PLACEHOLDER] for details") } From bfd2b37a82d70fb704dd9909d3b98bb9b8a2728c Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 15 Nov 2022 19:15:27 +0800 Subject: [PATCH 05/23] updated with most recent notation-go and oras v2.0.0-rc.4 Signed-off-by: Patrick Zheng --- cmd/notation/cert/generateTest.go | 2 +- cmd/notation/cert/list.go | 12 ++--- cmd/notation/cert/show.go | 2 +- .../internal/truststore/truststore.go | 10 ++-- cmd/notation/key.go | 6 +-- cmd/notation/list.go | 21 +++++---- cmd/notation/plugin.go | 13 +++++- cmd/notation/sign.go | 46 ++++--------------- go.mod | 1 - go.sum | 2 - internal/ioutil/print.go | 28 ++++++----- 11 files changed, 61 insertions(+), 82 deletions(-) diff --git a/cmd/notation/cert/generateTest.go b/cmd/notation/cert/generateTest.go index 69b83ff09..2f6907266 100644 --- a/cmd/notation/cert/generateTest.go +++ b/cmd/notation/cert/generateTest.go @@ -83,7 +83,7 @@ func generateTestCert(opts *certGenerateTestOpts) error { fmt.Println("generated certificate expiring on", rsaCertTuple.Cert.NotAfter.Format(time.RFC3339)) // write private key - keyPath, certPath := dir.Path.Localkey(name) + keyPath, certPath := dir.LocalKeyPath(name) if err := osutil.WriteFileWithPermission(keyPath, keyBytes, 0600, false); err != nil { return fmt.Errorf("failed to write key file: %v", err) } diff --git a/cmd/notation/cert/list.go b/cmd/notation/cert/list.go index 8fc2d40f6..0bc484b97 100644 --- a/cmd/notation/cert/list.go +++ b/cmd/notation/cert/list.go @@ -4,7 +4,7 @@ import ( "fmt" "github.com/notaryproject/notation-go/dir" - "github.com/notaryproject/notation-go/verifier" + notationgoTruststore "github.com/notaryproject/notation-go/verifier/truststore" "github.com/notaryproject/notation/cmd/notation/internal/truststore" "github.com/spf13/cobra" ) @@ -38,7 +38,7 @@ func listCerts(opts *certListOpts) error { // List all certificates under truststore/x509, display empty if there's // no certificate yet if namedStore == "" && storeType == "" { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509") + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509") if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } @@ -52,7 +52,7 @@ func listCerts(opts *certListOpts) error { // List all certificates under truststore/x509/storeType/namedStore, // display empty if there's no such certificate if namedStore != "" && storeType != "" { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } @@ -66,7 +66,7 @@ func listCerts(opts *certListOpts) error { // List all certificates under x509/storeType, display empty if // there's no certificate yet if storeType != "" { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } @@ -76,8 +76,8 @@ func listCerts(opts *certListOpts) error { } else { // List all certificates under named store namedStore, display empty if // there's no such certificate - for _, t := range verifier.TrustStorePrefixes { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", string(t), namedStore) + for _, t := range notationgoTruststore.Types { + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", string(t), namedStore) if err := truststore.CheckNonErrNotExistError(err); err != nil { return err } diff --git a/cmd/notation/cert/show.go b/cmd/notation/cert/show.go index 6b14026c0..78f7b767c 100644 --- a/cmd/notation/cert/show.go +++ b/cmd/notation/cert/show.go @@ -59,7 +59,7 @@ func showCerts(opts *certShowOpts) error { return errors.New("certificate fileName cannot be empty") } - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) if err != nil { return fmt.Errorf("failed to show details of certificate %s, with error: %s", cert, err.Error()) } diff --git a/cmd/notation/internal/truststore/truststore.go b/cmd/notation/internal/truststore/truststore.go index 6abb38697..8a850cf92 100644 --- a/cmd/notation/internal/truststore/truststore.go +++ b/cmd/notation/internal/truststore/truststore.go @@ -14,7 +14,7 @@ import ( corex509 "github.com/notaryproject/notation-core-go/x509" "github.com/notaryproject/notation-go/dir" - "github.com/notaryproject/notation-go/verifier" + "github.com/notaryproject/notation-go/verifier/truststore" "github.com/notaryproject/notation/cmd/notation/internal/cmdutil" "github.com/notaryproject/notation/internal/osutil" ) @@ -44,7 +44,7 @@ func AddCert(path, storeType, namedStore string, display bool) error { // core process // get the trust store path - trustStorePath, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore) + trustStorePath, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err := CheckNonErrNotExistError(err); err != nil { return err } @@ -119,7 +119,7 @@ func showCert(cert *x509.Certificate) { // DeleteAllCerts deletes all certificate files from the trust store // under dir truststore/x509/storeType/namedStore func DeleteAllCerts(storeType, namedStore string, confirmed bool, errorSlice []error) []error { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore) if err == nil { prompt := fmt.Sprintf("Are you sure you want to delete all certificate in %q of type %q?", namedStore, storeType) confirmed, err := cmdutil.AskForConfirmation(os.Stdin, prompt, confirmed) @@ -147,7 +147,7 @@ func DeleteAllCerts(storeType, namedStore string, confirmed bool, errorSlice []e // DeleteCert deletes a specific certificate file from the // trust store, namely truststore/x509/storeType/namedStore/cert func DeleteCert(storeType, namedStore, cert string, confirmed bool, errorSlice []error) []error { - path, err := dir.Path.UserConfigFS.GetPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) + path, err := dir.ConfigFS().SysPath(dir.TrustStoreDir, "x509", storeType, namedStore, cert) if err == nil { prompt := fmt.Sprintf("Are you sure you want to delete %q in %q of type %q?", cert, namedStore, storeType) confirmed, err := cmdutil.AskForConfirmation(os.Stdin, prompt, confirmed) @@ -183,7 +183,7 @@ func CheckNonErrNotExistError(err error) error { // IsValidStoreType checks if storeType is supported func IsValidStoreType(storeType string) bool { - for _, t := range verifier.TrustStorePrefixes { + for _, t := range truststore.Types { if storeType == string(t) { return true } diff --git a/cmd/notation/key.go b/cmd/notation/key.go index 3b477420f..84a49547d 100644 --- a/cmd/notation/key.go +++ b/cmd/notation/key.go @@ -7,6 +7,7 @@ import ( "os" "github.com/notaryproject/notation-go/config" + "github.com/notaryproject/notation-go/dir" "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation/internal/cmd" "github.com/notaryproject/notation/internal/ioutil" @@ -187,13 +188,10 @@ func addExternalKey(ctx context.Context, opts *keyAddOpts, pluginName, keyName s return config.KeySuite{}, errors.New("missing key id") } mgr := plugin.NewCLIManager(dir.PluginFS()) - p, err := mgr.Get(ctx, pluginName) + _, err := mgr.Get(ctx, pluginName) if err != nil { return config.KeySuite{}, err } - if p.Err != nil { - return config.KeySuite{}, fmt.Errorf("invalid plugin: %w", p.Err) - } pluginConfig, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) if err != nil { return config.KeySuite{}, err diff --git a/cmd/notation/list.go b/cmd/notation/list.go index 027c4c663..a6fceb7f9 100644 --- a/cmd/notation/list.go +++ b/cmd/notation/list.go @@ -9,7 +9,6 @@ import ( notationregistry "github.com/notaryproject/notation-go/registry" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1" "github.com/spf13/cobra" "oras.land/oras-go/v2/registry" ) @@ -61,12 +60,12 @@ func runList(command *cobra.Command, opts *listOpts) error { return printSignatureManifestDigests(command.Context(), manifestDesc.Digest, sigRepo, reference) } -// printSignatureManifestDigests returns the signature manifest digest of +// printSignatureManifestDigests returns the signature manifest digests of // the subject manifest. // // TODO: this is a temporary function and will be replaced after // notation-go refactor. -func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo *notationregistry.RepositoryClient, reference string) error { +func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo notationregistry.Repository, reference string) error { // prepare title ref, err := registry.ParseReference(reference) if err != nil { @@ -83,11 +82,13 @@ func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Di } // traverse referrers + artifactDescriptor, err := sigRepo.Resolve(ctx, reference) + if err != nil { + return err + } var prevDigest digest.Digest - if err := sigRepo.Repository.Referrers(ctx, ocispec.Descriptor{ - Digest: manifestDigest, - }, notationRegistry.ArtifactTypeNotation, func(referrers []artifactspec.Descriptor) error { - for _, desc := range referrers { + err = sigRepo.ListSignatures(ctx, artifactDescriptor, func(signatureManifests []ocispec.Descriptor) error { + for _, sigManifestDesc := range signatureManifests { if prevDigest != "" { // check and print title printTitle() @@ -95,10 +96,12 @@ func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Di // print each signature digest fmt.Printf(" ├── %s\n", prevDigest) } - prevDigest = desc.Digest + prevDigest = sigManifestDesc.Digest } return nil - }); err != nil { + }) + + if err != nil { return err } diff --git a/cmd/notation/plugin.go b/cmd/notation/plugin.go index c95c6ab49..1971d87ae 100644 --- a/cmd/notation/plugin.go +++ b/cmd/notation/plugin.go @@ -3,6 +3,7 @@ package main import ( "os" + "github.com/notaryproject/notation-go/dir" "github.com/notaryproject/notation-go/plugin" "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" @@ -30,9 +31,17 @@ func pluginListCommand() *cobra.Command { func listPlugins(command *cobra.Command) error { mgr := plugin.NewCLIManager(dir.PluginFS()) - plugins, err := mgr.List(command.Context()) + pluginNames, err := mgr.List(command.Context()) if err != nil { return err } - return ioutil.PrintPlugins(os.Stdout, plugins) + var plugins []plugin.Plugin + for _, n := range pluginNames { + pl, err := mgr.Get(command.Context(), n) + if err != nil { + return err + } + plugins = append(plugins, pl) + } + return ioutil.PrintPlugins(command.Context(), os.Stdout, plugins) } diff --git a/cmd/notation/sign.go b/cmd/notation/sign.go index af88c0684..2758b2bb1 100644 --- a/cmd/notation/sign.go +++ b/cmd/notation/sign.go @@ -75,21 +75,16 @@ func runSign(command *cobra.Command, cmdOpts *signOpts) error { if err != nil { return err } - sig, _, err := signer.Sign(command.Context(), desc, opts) + sigRepo, err := getSignatureRepository(&cmdOpts.SecureFlagOpts, cmdOpts.reference) if err != nil { return err } - - // write out - ref := cmdOpts.reference - if _, err := pushSignature(command.Context(), &cmdOpts.SecureFlagOpts, ref, sig); err != nil { - return fmt.Errorf("fail to push signature to %q: %v: %v", - ref, - desc.Digest, - err, - ) + _, err = notation.Sign(command.Context(), signer, sigRepo, opts) + if err != nil { + return err } + // write out fmt.Println(desc.Digest) return nil } @@ -99,39 +94,18 @@ func prepareSigningContent(ctx context.Context, opts *signOpts) (ocispec.Descrip if err != nil { return ocispec.Descriptor{}, notation.SignOptions{}, err } + mediaType, err := envelope.GetEnvelopeMediaType(opts.SignerFlagOpts.SignatureFormat) + if err != nil { + return ocispec.Descriptor{}, notation.SignOptions{}, err + } pluginConfig, err := cmd.ParseFlagPluginConfig(opts.pluginConfig) if err != nil { return ocispec.Descriptor{}, notation.SignOptions{}, err } return manifestDesc, notation.SignOptions{ ArtifactReference: opts.reference, - SignatureMediaType: opts.SignerFlagOpts.SignatureFormat, + SignatureMediaType: mediaType, Expiry: cmd.GetExpiry(opts.expiry), PluginConfig: pluginConfig, }, nil } - -func pushSignature(ctx context.Context, opts *SecureFlagOpts, ref string, sig []byte) (ocispec.Descriptor, error) { - // initialize - sigRepo, err := getSignatureRepository(opts, ref) - if err != nil { - return ocispec.Descriptor{}, err - } - manifestDesc, err := getManifestDescriptorFromReference(ctx, opts, ref) - if err != nil { - return ocispec.Descriptor{}, err - } - - // core process - // pass in nonempty annotations if needed - sigMediaType, err := envelope.SpeculateSignatureEnvelopeFormat(sig) - if err != nil { - return ocispec.Descriptor{}, err - } - sigDesc, _, err := sigRepo.PutSignatureManifest(ctx, sig, sigMediaType, manifestDesc, make(map[string]string)) - if err != nil { - return ocispec.Descriptor{}, fmt.Errorf("put signature manifest failure: %v", err) - } - - return sigDesc, nil -} diff --git a/go.mod b/go.mod index df6d532be..4ffb79a17 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,6 @@ require ( github.com/notaryproject/notation-go v0.12.0-beta.1 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 - github.com/oras-project/artifacts-spec v1.0.0-rc.2 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 diff --git a/go.sum b/go.sum index 8b2d9b333..565ee84f8 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,6 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/oras-project/artifacts-spec v1.0.0-rc.2 h1:9SMCNSxkJEHqWGDiMCuy6TXHgvjgwXGdXZZGXLKQvVE= -github.com/oras-project/artifacts-spec v1.0.0-rc.2/go.mod h1:Xch2aLzSwtkhbFFN6LUzTfLtukYvMMdXJ4oZ8O7BOdc= github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238 h1:F0vreVkDosrctKZ39zq2RfQ9Zh5P/gdwRRnZzFbcqp8= github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 949549f7f..b1164d645 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -1,25 +1,32 @@ package ioutil import ( + "context" "fmt" "io" "text/tabwriter" + "github.com/notaryproject/notation-go" "github.com/notaryproject/notation-go/config" "github.com/notaryproject/notation-go/plugin" - "github.com/notaryproject/notation-go/verifier" + "github.com/notaryproject/notation-go/plugin/proto" ) func newTabWriter(w io.Writer) *tabwriter.Writer { return tabwriter.NewWriter(w, 0, 0, 3, ' ', 0) } -func PrintPlugins(w io.Writer, v []*plugin.Plugin) error { +func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin) error { tw := newTabWriter(w) fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\tERROR\t") for _, p := range v { - fmt.Fprintf(tw, "%s\t%s\t%s\t%v\t%v\t\n", - p.Name, p.Description, p.Version, p.Capabilities, p.Err) + req := &proto.GetMetadataRequest{} + metadata, err := p.GetMetadata(ctx, req) + if err != nil { + return err + } + fmt.Fprintf(tw, "%s\t%s\t%v\t%v\t\n", + metadata.Name, metadata.Description, metadata.Version, metadata.Capabilities) } return tw.Flush() } @@ -45,16 +52,7 @@ func PrintKeyMap(w io.Writer, target string, v []config.KeySuite) error { return tw.Flush() } -func PrintCertificateMap(w io.Writer, v []config.CertificateReference) error { - tw := newTabWriter(w) - fmt.Fprintln(tw, "NAME\tPATH\t") - for _, cert := range v { - fmt.Fprintf(tw, "%s\t%s\t\n", cert.Name, cert.Path) - } - return tw.Flush() -} - -func PrintVerificationResults(w io.Writer, v []*verifier.SignatureVerificationOutcome, resultErr error, digest string) error { +func PrintVerificationResults(w io.Writer, v []*notation.VerificationOutcome, resultErr error, digest string) error { tw := newTabWriter(w) if resultErr == nil { @@ -70,7 +68,7 @@ func PrintVerificationResults(w io.Writer, v []*verifier.SignatureVerificationOu return resultErr } -func printOutcomes(tw *tabwriter.Writer, outcomes []*verifier.SignatureVerificationOutcome, digest string) { +func printOutcomes(tw *tabwriter.Writer, outcomes []*notation.VerificationOutcome, digest string) { fmt.Printf("Signature verification failed for all the %d signatures associated with digest: %s\n\n", len(outcomes), digest) // TODO[https://github.com/notaryproject/notation/issues/304]: print out detailed errors in debug mode. From a3e7e3751bd134d153b2ba242c1c1678f5bb7dd8 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 17 Nov 2022 11:44:33 +0800 Subject: [PATCH 06/23] updated notation-go Signed-off-by: Patrick Zheng --- cmd/notation/list.go | 3 +-- cmd/notation/verify.go | 2 +- go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/cmd/notation/list.go b/cmd/notation/list.go index a6fceb7f9..aea375248 100644 --- a/cmd/notation/list.go +++ b/cmd/notation/list.go @@ -6,7 +6,6 @@ import ( "fmt" notationRegistry "github.com/notaryproject/notation-go/registry" - notationregistry "github.com/notaryproject/notation-go/registry" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/spf13/cobra" @@ -65,7 +64,7 @@ func runList(command *cobra.Command, opts *listOpts) error { // // TODO: this is a temporary function and will be replaced after // notation-go refactor. -func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo notationregistry.Repository, reference string) error { +func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo notationRegistry.Repository, reference string) error { // prepare title ref, err := registry.ParseReference(reference) if err != nil { diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 6b888dd3b..da15268f6 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -54,7 +54,7 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // initialize verifier. - verifier, _ := verifier.New() + verifier, _ := verifier.NewFromConfig() authClient, plainHTTP, _ := getAuthClient(&opts.SecureFlagOpts, ref) remote_repo := remote.Repository{ Client: authClient, diff --git a/go.mod b/go.mod index 4ffb79a17..cd5ed4c4f 100644 --- a/go.mod +++ b/go.mod @@ -28,4 +28,4 @@ require ( golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) -replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238 +replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221117032623-cd8041409602 diff --git a/go.sum b/go.sum index 565ee84f8..6fd038360 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238 h1:F0vreVkDosrctKZ39zq2RfQ9Zh5P/gdwRRnZzFbcqp8= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221115063758-c87972382238/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221117032623-cd8041409602 h1:HFi6JZlFm9R6YRlD/biQe9dH5Bs7uUF47EctK6aMYsE= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221117032623-cd8041409602/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= From 21cf35aabd998baf1e520a704357ccd6b45f185a Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 17 Nov 2022 13:21:10 +0800 Subject: [PATCH 07/23] update Signed-off-by: Patrick Zheng --- cmd/notation/cert/generateTest.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/cmd/notation/cert/generateTest.go b/cmd/notation/cert/generateTest.go index 2f6907266..8f417c982 100644 --- a/cmd/notation/cert/generateTest.go +++ b/cmd/notation/cert/generateTest.go @@ -83,7 +83,15 @@ func generateTestCert(opts *certGenerateTestOpts) error { fmt.Println("generated certificate expiring on", rsaCertTuple.Cert.NotAfter.Format(time.RFC3339)) // write private key - keyPath, certPath := dir.LocalKeyPath(name) + relativeKeyPath, relativeCertPath := dir.LocalKeyPath(name) + keyPath, err := dir.ConfigFS().SysPath(relativeKeyPath) + if err != nil { + return err + } + certPath, err := dir.ConfigFS().SysPath(relativeCertPath) + if err != nil { + return err + } if err := osutil.WriteFileWithPermission(keyPath, keyBytes, 0600, false); err != nil { return fmt.Errorf("failed to write key file: %v", err) } From 2d7bb485f51ffddb9bb9802a8b6f10365d0b4ba9 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 17 Nov 2022 13:32:59 +0800 Subject: [PATCH 08/23] update Signed-off-by: Patrick Zheng --- cmd/notation/list.go | 3 --- internal/ioutil/print.go | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/cmd/notation/list.go b/cmd/notation/list.go index aea375248..5914f9df8 100644 --- a/cmd/notation/list.go +++ b/cmd/notation/list.go @@ -61,9 +61,6 @@ func runList(command *cobra.Command, opts *listOpts) error { // printSignatureManifestDigests returns the signature manifest digests of // the subject manifest. -// -// TODO: this is a temporary function and will be replaced after -// notation-go refactor. func printSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo notationRegistry.Repository, reference string) error { // prepare title ref, err := registry.ParseReference(reference) diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index b1164d645..3040658ee 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -18,7 +18,7 @@ func newTabWriter(w io.Writer) *tabwriter.Writer { func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin) error { tw := newTabWriter(w) - fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\tERROR\t") + fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\t") for _, p := range v { req := &proto.GetMetadataRequest{} metadata, err := p.GetMetadata(ctx, req) From d569eca777c336671d6a399d42c6ea67f53b096f Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 17 Nov 2022 14:01:42 +0800 Subject: [PATCH 09/23] updated Signed-off-by: Patrick Zheng --- cmd/notation/plugin.go | 7 +++---- internal/ioutil/print.go | 10 +++++----- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/cmd/notation/plugin.go b/cmd/notation/plugin.go index 1971d87ae..b2484d303 100644 --- a/cmd/notation/plugin.go +++ b/cmd/notation/plugin.go @@ -36,12 +36,11 @@ func listPlugins(command *cobra.Command) error { return err } var plugins []plugin.Plugin + var errors []error for _, n := range pluginNames { pl, err := mgr.Get(command.Context(), n) - if err != nil { - return err - } + errors = append(errors, err) plugins = append(plugins, pl) } - return ioutil.PrintPlugins(command.Context(), os.Stdout, plugins) + return ioutil.PrintPlugins(command.Context(), os.Stdout, plugins, errors) } diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 3040658ee..6ef298ef3 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -16,17 +16,17 @@ func newTabWriter(w io.Writer) *tabwriter.Writer { return tabwriter.NewWriter(w, 0, 0, 3, ' ', 0) } -func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin) error { +func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin, errors []error) error { tw := newTabWriter(w) - fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\t") - for _, p := range v { + fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\tERROR\t") + for ind, p := range v { req := &proto.GetMetadataRequest{} metadata, err := p.GetMetadata(ctx, req) if err != nil { return err } - fmt.Fprintf(tw, "%s\t%s\t%v\t%v\t\n", - metadata.Name, metadata.Description, metadata.Version, metadata.Capabilities) + fmt.Fprintf(tw, "%s\t%s\t%s\t%v\t%v\t\n", + metadata.Name, metadata.Description, metadata.Version, metadata.Capabilities, errors[ind]) } return tw.Flush() } From 3016efb1f035300f415e7440c31eb703792a8e94 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 17 Nov 2022 20:52:42 +0800 Subject: [PATCH 10/23] updated verify Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index da15268f6..25ab20c93 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -9,6 +9,7 @@ import ( notationregistry "github.com/notaryproject/notation-go/registry" "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/internal/cmd" + "github.com/notaryproject/notation/internal/envelope" "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" @@ -18,8 +19,9 @@ import ( type verifyOpts struct { SecureFlagOpts - reference string - pluginConfig []string + reference string + pluginConfig []string + signatureFormat string } func verifyCommand(opts *verifyOpts) *cobra.Command { @@ -43,6 +45,7 @@ func verifyCommand(opts *verifyOpts) *cobra.Command { } opts.ApplyFlags(command.Flags()) command.Flags().StringArrayVarP(&opts.pluginConfig, "plugin-config", "c", nil, "{key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values") + cmd.SetPflagSignatureFormat(command.Flags(), &opts.signatureFormat) return command } @@ -70,9 +73,13 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // core verify process. + signatureMediaType, err := envelope.GetEnvelopeMediaType(opts.signatureFormat) + if err != nil { + return err + } verifyOpts := notation.VerifyOptions{ ArtifactReference: ref.String(), - SignatureMediaType: "application/cose", + SignatureMediaType: signatureMediaType, PluginConfig: configs, MaxSignatureAttempts: 50, } From 493ec56282a66913308b350b1ead77b6e10324a4 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 18 Nov 2022 09:28:51 +0800 Subject: [PATCH 11/23] updated notation-go Signed-off-by: Patrick Zheng --- go.mod | 4 +--- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index cd5ed4c4f..552c3cfd5 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 github.com/notaryproject/notation-core-go v0.2.0-beta.1 - github.com/notaryproject/notation-go v0.12.0-beta.1 + github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117143817-2573c88a5f62 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 github.com/spf13/cobra v1.6.1 @@ -27,5 +27,3 @@ require ( golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) - -replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221117032623-cd8041409602 diff --git a/go.sum b/go.sum index 6fd038360..d5dd70457 100644 --- a/go.sum +++ b/go.sum @@ -19,12 +19,12 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA= github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117143817-2573c88a5f62 h1:QRXDj9HIPqlNnqmNi8vN36UUQmqiHR+OJl69kJDXQ/s= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117143817-2573c88a5f62/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221117032623-cd8041409602 h1:HFi6JZlFm9R6YRlD/biQe9dH5Bs7uUF47EctK6aMYsE= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221117032623-cd8041409602/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= From 11f2a0d2d484a8d66c702a48d856afd1763e3afa Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 18 Nov 2022 11:03:40 +0800 Subject: [PATCH 12/23] fixed unit test Signed-off-by: Patrick Zheng --- cmd/notation/verify_test.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/cmd/notation/verify_test.go b/cmd/notation/verify_test.go index 69d879f25..8c2369ef5 100644 --- a/cmd/notation/verify_test.go +++ b/cmd/notation/verify_test.go @@ -14,12 +14,14 @@ func TestVerifyCommand_BasicArgs(t *testing.T) { Username: "user", Password: "password", }, - pluginConfig: []string{"key1=val1"}, + signatureFormat: "cose", + pluginConfig: []string{"key1=val1"}, } if err := command.ParseFlags([]string{ expected.reference, "--username", expected.Username, "--password", expected.Password, + "--signature-format", "cose", "--plugin-config", "key1=val1"}); err != nil { t.Fatalf("Parse Flag failed: %v", err) } @@ -39,7 +41,8 @@ func TestVerifyCommand_MoreArgs(t *testing.T) { SecureFlagOpts: SecureFlagOpts{ PlainHTTP: true, }, - pluginConfig: []string{"key1=val1", "key2=val2"}, + signatureFormat: "jws", + pluginConfig: []string{"key1=val1", "key2=val2"}, } if err := command.ParseFlags([]string{ expected.reference, From 4789a32b42a77f7c85ea04d7ab275b515143fe69 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 21 Nov 2022 10:00:47 +0800 Subject: [PATCH 13/23] updated to oras-go v2.0.0-rc.5 Signed-off-by: Patrick Zheng --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 552c3cfd5..c9170b172 100644 --- a/go.mod +++ b/go.mod @@ -6,13 +6,13 @@ require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 github.com/notaryproject/notation-core-go v0.2.0-beta.1 - github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117143817-2573c88a5f62 + github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221118130049-27251a828d0b github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 - oras.land/oras-go/v2 v2.0.0-rc.4 + oras.land/oras-go/v2 v2.0.0-rc.5 ) require ( diff --git a/go.sum b/go.sum index d5dd70457..ddaeb5f3d 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA= github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= -github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117143817-2573c88a5f62 h1:QRXDj9HIPqlNnqmNi8vN36UUQmqiHR+OJl69kJDXQ/s= -github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117143817-2573c88a5f62/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221118130049-27251a828d0b h1:3dz6X4X3PBRJS1F6x+6i0cxR8oqSbW1SDlHrjkmRWes= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221118130049-27251a828d0b/go.mod h1:dIWSa7RifIAVrvL9rQqFoQbOouKRkNbKEvVCtfnp/5k= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= @@ -55,5 +55,5 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -oras.land/oras-go/v2 v2.0.0-rc.4 h1:hg/R2znUQ1+qd43gRmL16VeX1GIZ8hQlLalBjYhhKSk= -oras.land/oras-go/v2 v2.0.0-rc.4/go.mod h1:YGHvWBGuqRlZgUyXUIoKsR3lcuCOb3DAtG0SEsEw1iY= +oras.land/oras-go/v2 v2.0.0-rc.5 h1:enT2ZMNo383bH3INm1/+mw4d09AaMbqx0BMhsgEDUSg= +oras.land/oras-go/v2 v2.0.0-rc.5/go.mod h1:YGHvWBGuqRlZgUyXUIoKsR3lcuCOb3DAtG0SEsEw1iY= From e685c478793e6c7b30955971896ffaa01cc9b0e7 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 21 Nov 2022 10:50:14 +0800 Subject: [PATCH 14/23] updated per code review Signed-off-by: Patrick Zheng --- cmd/notation/key.go | 1 + cmd/notation/verify.go | 15 ++++----------- cmd/notation/verify_test.go | 7 ++----- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/cmd/notation/key.go b/cmd/notation/key.go index 84a49547d..a54d1c14f 100644 --- a/cmd/notation/key.go +++ b/cmd/notation/key.go @@ -188,6 +188,7 @@ func addExternalKey(ctx context.Context, opts *keyAddOpts, pluginName, keyName s return config.KeySuite{}, errors.New("missing key id") } mgr := plugin.NewCLIManager(dir.PluginFS()) + // Check existence of plugin with name pluginName _, err := mgr.Get(ctx, pluginName) if err != nil { return config.KeySuite{}, err diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 25ab20c93..969927bf0 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -9,7 +9,6 @@ import ( notationregistry "github.com/notaryproject/notation-go/registry" "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation/internal/cmd" - "github.com/notaryproject/notation/internal/envelope" "github.com/notaryproject/notation/internal/ioutil" "github.com/spf13/cobra" @@ -19,9 +18,8 @@ import ( type verifyOpts struct { SecureFlagOpts - reference string - pluginConfig []string - signatureFormat string + reference string + pluginConfig []string } func verifyCommand(opts *verifyOpts) *cobra.Command { @@ -45,7 +43,6 @@ func verifyCommand(opts *verifyOpts) *cobra.Command { } opts.ApplyFlags(command.Flags()) command.Flags().StringArrayVarP(&opts.pluginConfig, "plugin-config", "c", nil, "{key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values") - cmd.SetPflagSignatureFormat(command.Flags(), &opts.signatureFormat) return command } @@ -72,17 +69,13 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { return err } - // core verify process. - signatureMediaType, err := envelope.GetEnvelopeMediaType(opts.signatureFormat) - if err != nil { - return err - } verifyOpts := notation.VerifyOptions{ ArtifactReference: ref.String(), - SignatureMediaType: signatureMediaType, PluginConfig: configs, MaxSignatureAttempts: 50, } + + // core verify process. _, outcomes, err := notation.Verify(command.Context(), verifier, repo, verifyOpts) // write out. diff --git a/cmd/notation/verify_test.go b/cmd/notation/verify_test.go index 8c2369ef5..69d879f25 100644 --- a/cmd/notation/verify_test.go +++ b/cmd/notation/verify_test.go @@ -14,14 +14,12 @@ func TestVerifyCommand_BasicArgs(t *testing.T) { Username: "user", Password: "password", }, - signatureFormat: "cose", - pluginConfig: []string{"key1=val1"}, + pluginConfig: []string{"key1=val1"}, } if err := command.ParseFlags([]string{ expected.reference, "--username", expected.Username, "--password", expected.Password, - "--signature-format", "cose", "--plugin-config", "key1=val1"}); err != nil { t.Fatalf("Parse Flag failed: %v", err) } @@ -41,8 +39,7 @@ func TestVerifyCommand_MoreArgs(t *testing.T) { SecureFlagOpts: SecureFlagOpts{ PlainHTTP: true, }, - signatureFormat: "jws", - pluginConfig: []string{"key1=val1", "key2=val2"}, + pluginConfig: []string{"key1=val1", "key2=val2"}, } if err := command.ParseFlags([]string{ expected.reference, From ebafa3559aba1accaaac2904a1a468b4deef6ba4 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 22 Nov 2022 11:31:16 +0800 Subject: [PATCH 15/23] update Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 5 ++--- internal/ioutil/print.go | 12 ++---------- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 969927bf0..a3c9d0da7 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -70,9 +70,8 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } verifyOpts := notation.VerifyOptions{ - ArtifactReference: ref.String(), - PluginConfig: configs, - MaxSignatureAttempts: 50, + ArtifactReference: ref.String(), + PluginConfig: configs, } // core verify process. diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 6ef298ef3..b3977fc84 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -23,6 +23,7 @@ func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin, errors [] req := &proto.GetMetadataRequest{} metadata, err := p.GetMetadata(ctx, req) if err != nil { + fmt.Println(err.Error()) return err } fmt.Fprintf(tw, "%s\t%s\t%s\t%v\t%v\t\n", @@ -62,17 +63,8 @@ func PrintVerificationResults(w io.Writer, v []*notation.VerificationOutcome, re } fmt.Fprintf(tw, "ERROR: %s\n\n", resultErr.Error()) - printOutcomes(tw, v, digest) + fmt.Printf("Signature verification failed for all the signatures associated with digest: %s\n", digest) tw.Flush() return resultErr } - -func printOutcomes(tw *tabwriter.Writer, outcomes []*notation.VerificationOutcome, digest string) { - fmt.Printf("Signature verification failed for all the %d signatures associated with digest: %s\n\n", len(outcomes), digest) - - // TODO[https://github.com/notaryproject/notation/issues/304]: print out detailed errors in debug mode. - for idx, outcome := range outcomes { - fmt.Printf("Signature #%d : %s\n", idx+1, outcome.Error.Error()) - } -} From 76e915e30be944a1013a22c22992655e67ed6ba8 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 22 Nov 2022 15:16:28 +0800 Subject: [PATCH 16/23] update Signed-off-by: Patrick Zheng --- internal/ioutil/print.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index b3977fc84..01c624e4f 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -20,14 +20,17 @@ func PrintPlugins(ctx context.Context, w io.Writer, v []plugin.Plugin, errors [] tw := newTabWriter(w) fmt.Fprintln(tw, "NAME\tDESCRIPTION\tVERSION\tCAPABILITIES\tERROR\t") for ind, p := range v { - req := &proto.GetMetadataRequest{} - metadata, err := p.GetMetadata(ctx, req) - if err != nil { - fmt.Println(err.Error()) - return err + metaData := proto.GetMetadataResponse{} + if p != nil { + req := &proto.GetMetadataRequest{} + metadata, err := p.GetMetadata(ctx, req) + if err == nil { + metaData = *metadata + } + errors[ind] = err } fmt.Fprintf(tw, "%s\t%s\t%s\t%v\t%v\t\n", - metadata.Name, metadata.Description, metadata.Version, metadata.Capabilities, errors[ind]) + metaData.Name, metaData.Description, metaData.Version, metaData.Capabilities, errors[ind]) } return tw.Flush() } From f3e8a15c0dd7a09f1512738e03e46e639456c876 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 22 Nov 2022 16:01:15 +0800 Subject: [PATCH 17/23] update Signed-off-by: Patrick Zheng --- internal/ioutil/print.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 01c624e4f..219accc86 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -60,7 +60,7 @@ func PrintVerificationResults(w io.Writer, v []*notation.VerificationOutcome, re tw := newTabWriter(w) if resultErr == nil { - fmt.Fprintf(tw, "Signature verification succeeded for %s\n", digest) + fmt.Fprintf(tw, "Successfully verified for %s\n", digest) // TODO[https://github.com/notaryproject/notation/issues/304]: print out failed validations as warnings. return nil } From af4d7ba571feb45042dd62dbce184a401d93920c Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 22 Nov 2022 16:33:47 +0800 Subject: [PATCH 18/23] update Signed-off-by: Patrick Zheng --- internal/ioutil/print.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/internal/ioutil/print.go b/internal/ioutil/print.go index 219accc86..daf0431aa 100644 --- a/internal/ioutil/print.go +++ b/internal/ioutil/print.go @@ -64,8 +64,6 @@ func PrintVerificationResults(w io.Writer, v []*notation.VerificationOutcome, re // TODO[https://github.com/notaryproject/notation/issues/304]: print out failed validations as warnings. return nil } - - fmt.Fprintf(tw, "ERROR: %s\n\n", resultErr.Error()) fmt.Printf("Signature verification failed for all the signatures associated with digest: %s\n", digest) tw.Flush() From c73f2c70e9894903af0d5d1b1e657db28afbc51c Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Wed, 23 Nov 2022 14:32:38 +0800 Subject: [PATCH 19/23] update Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index a3c9d0da7..44ff1bbc0 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -2,6 +2,7 @@ package main import ( "errors" + "math" "os" "strings" @@ -72,6 +73,9 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { verifyOpts := notation.VerifyOptions{ ArtifactReference: ref.String(), PluginConfig: configs, + // TODO: need to change MaxSignatureAttempts as a user input flag or + // a field in config.json + MaxSignatureAttempts: math.MaxInt64, } // core verify process. From ab8a697e19136db9e99e5e8a488e77dd8b3cb7b0 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Wed, 23 Nov 2022 14:54:23 +0800 Subject: [PATCH 20/23] updated notation-go Signed-off-by: Patrick Zheng --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c9170b172..390fc997a 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 github.com/notaryproject/notation-core-go v0.2.0-beta.1 - github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221118130049-27251a828d0b + github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221123064516-7e391f7562e4 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 github.com/spf13/cobra v1.6.1 diff --git a/go.sum b/go.sum index ddaeb5f3d..4d6ada612 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA= github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= -github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221118130049-27251a828d0b h1:3dz6X4X3PBRJS1F6x+6i0cxR8oqSbW1SDlHrjkmRWes= -github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221118130049-27251a828d0b/go.mod h1:dIWSa7RifIAVrvL9rQqFoQbOouKRkNbKEvVCtfnp/5k= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221123064516-7e391f7562e4 h1:dov1b7lDzWJ48fnpm6NH2smCTgnO/OM64fbG5O4Aa90= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221123064516-7e391f7562e4/go.mod h1:dIWSa7RifIAVrvL9rQqFoQbOouKRkNbKEvVCtfnp/5k= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= From 103b287cadda8c39574ff2b2e47f72bd2cb4e662 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Thu, 24 Nov 2022 16:19:25 +0800 Subject: [PATCH 21/23] update Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 44ff1bbc0..a5e1fd510 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -55,7 +55,10 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } // initialize verifier. - verifier, _ := verifier.NewFromConfig() + verifier, err := verifier.NewFromConfig() + if err != nil { + return err + } authClient, plainHTTP, _ := getAuthClient(&opts.SecureFlagOpts, ref) remote_repo := remote.Repository{ Client: authClient, @@ -71,8 +74,9 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { } verifyOpts := notation.VerifyOptions{ - ArtifactReference: ref.String(), - PluginConfig: configs, + ArtifactReference: ref.String(), + SignatureMediaType: "application/cose", + PluginConfig: configs, // TODO: need to change MaxSignatureAttempts as a user input flag or // a field in config.json MaxSignatureAttempts: math.MaxInt64, From 58c42827db5b5b4e7fe8e2518029df338671efe5 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 25 Nov 2022 11:20:12 +0800 Subject: [PATCH 22/23] bump-up dependencies Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 7 +++---- go.mod | 8 +++++--- go.sum | 12 ++++++------ 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index a5e1fd510..fbac59d80 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -73,10 +73,9 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { return err } - verifyOpts := notation.VerifyOptions{ - ArtifactReference: ref.String(), - SignatureMediaType: "application/cose", - PluginConfig: configs, + verifyOpts := notation.RemoteVerifyOptions{ + ArtifactReference: ref.String(), + PluginConfig: configs, // TODO: need to change MaxSignatureAttempts as a user input flag or // a field in config.json MaxSignatureAttempts: math.MaxInt64, diff --git a/go.mod b/go.mod index 390fc997a..e65d4e8de 100644 --- a/go.mod +++ b/go.mod @@ -5,13 +5,13 @@ go 1.19 require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 - github.com/notaryproject/notation-core-go v0.2.0-beta.1 - github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221123064516-7e391f7562e4 + github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023 + github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221125022016-ab113ebd2a6c github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 github.com/spf13/cobra v1.6.1 github.com/spf13/pflag v1.0.5 - github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 + github.com/veraison/go-cose v1.0.0-rc.2 oras.land/oras-go/v2 v2.0.0-rc.5 ) @@ -27,3 +27,5 @@ require ( golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) + +replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221125030408-81262695f10f diff --git a/go.sum b/go.sum index 4d6ada612..f17e2baad 100644 --- a/go.sum +++ b/go.sum @@ -17,14 +17,14 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA= -github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U= -github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221123064516-7e391f7562e4 h1:dov1b7lDzWJ48fnpm6NH2smCTgnO/OM64fbG5O4Aa90= -github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221123064516-7e391f7562e4/go.mod h1:dIWSa7RifIAVrvL9rQqFoQbOouKRkNbKEvVCtfnp/5k= +github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023 h1:Z/2hxPJOjWfmgOPTNkGBDp/LVIEtizd9uJNQvjFE0Dc= +github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023/go.mod h1:n8Gbvl9sKa00KptkKEL5XKUyMTIALe74QipKauE2rj4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221125030408-81262695f10f h1:iOlGatZIoXNibPT26G8lzsz4rWSQ7CzMI4h8u7q9dV4= +github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221125030408-81262695f10f/go.mod h1:2Xy40C9rJip3h9XPC6ei2HEEdUoZJ5KDC6mlX/FD0oQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -35,8 +35,8 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs= -github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= +github.com/veraison/go-cose v1.0.0-rc.2 h1:zH3QmP4N5kwpdGauceIT3aJm8iUyV9OqpUOb+7CF7rQ= +github.com/veraison/go-cose v1.0.0-rc.2/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= From 0e9db2b7b337e8935a1e9189f5af576fce85ac89 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Tue, 29 Nov 2022 12:54:17 +0800 Subject: [PATCH 23/23] updated dependencies Signed-off-by: Patrick Zheng --- go.mod | 4 +--- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index e65d4e8de..00d403ea2 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.7.0 github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023 - github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221125022016-ab113ebd2a6c + github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221129043056-7ae1f5fd0730 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 github.com/spf13/cobra v1.6.1 @@ -27,5 +27,3 @@ require ( golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64 // indirect ) - -replace github.com/notaryproject/notation-go => github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221125030408-81262695f10f diff --git a/go.sum b/go.sum index f17e2baad..9dd96ea96 100644 --- a/go.sum +++ b/go.sum @@ -19,12 +19,12 @@ github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7P github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023 h1:Z/2hxPJOjWfmgOPTNkGBDp/LVIEtizd9uJNQvjFE0Dc= github.com/notaryproject/notation-core-go v0.2.0-beta.1.0.20221123104522-9b5de089a023/go.mod h1:n8Gbvl9sKa00KptkKEL5XKUyMTIALe74QipKauE2rj4= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221129043056-7ae1f5fd0730 h1:WPzkdjn/fruM07tl4ZsrUNBx9FT2a/hCJwj2Djuamv0= +github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221129043056-7ae1f5fd0730/go.mod h1:2Xy40C9rJip3h9XPC6ei2HEEdUoZJ5KDC6mlX/FD0oQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221125030408-81262695f10f h1:iOlGatZIoXNibPT26G8lzsz4rWSQ7CzMI4h8u7q9dV4= -github.com/patrickzheng200/notation-go v0.9.0-alpha.1.0.20221125030408-81262695f10f/go.mod h1:2Xy40C9rJip3h9XPC6ei2HEEdUoZJ5KDC6mlX/FD0oQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=