Skip to content

Multiple signatures support #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shizhMSFT merged 2 commits into from
Apr 15, 2021
Merged

Multiple signatures support #52

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1a8109b
multiple signatures support
shizhMSFT Apr 14, 2021
37bdcd7
deprecate the use of ioutil
shizhMSFT Apr 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 56 additions & 3 deletions cmd/docker-nv2/config/path.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package config

import (
"os"
"path/filepath"
"strings"

"github.com/docker/cli/cli/config"
"github.com/opencontainers/go-digest"
Expand All @@ -25,11 +27,62 @@ var (
SignatureStoreDirPath = filepath.Join(config.Dir(), SignatureStoreDirName)
)

// SignaturePath returns the path of a signature for a manifest
func SignaturePath(manifestDigest digest.Digest) string {
// SignatureRootPath returns the root path of signatures for a manifest
func SignatureRootPath(manifestDigest digest.Digest) string {
return filepath.Join(
SignatureStoreDirPath,
manifestDigest.Algorithm().String(),
manifestDigest.Encoded()+SignatureExtension,
manifestDigest.Encoded(),
)
}

// SignaturePath returns the path of a signature for a manifest
func SignaturePath(manifestDigest, signatureDigest digest.Digest) string {
return filepath.Join(
SignatureRootPath(manifestDigest),
signatureDigest.Algorithm().String(),
signatureDigest.Encoded()+SignatureExtension,
)
}

// SignatureDigests returns the digest of signatures for a manifest
func SignatureDigests(manifestDigest digest.Digest) ([]digest.Digest, error) {
rootPath := SignatureRootPath(manifestDigest)
algorithmEntries, err := os.ReadDir(rootPath)
if err != nil {
if os.IsNotExist(err) {
return nil, nil
}
return nil, err
}

var digests []digest.Digest
for _, algorithmEntry := range algorithmEntries {
if !algorithmEntry.Type().IsDir() {
continue
}

algorithm := algorithmEntry.Name()
signatureEntries, err := os.ReadDir(filepath.Join(rootPath, algorithm))
if err != nil {
return nil, err
}

for _, signatureEntry := range signatureEntries {
if !signatureEntry.Type().IsRegular() {
continue
}
encoded := signatureEntry.Name()
if !strings.HasSuffix(encoded, SignatureExtension) {
continue
}
encoded = strings.TrimSuffix(encoded, SignatureExtension)
digest := digest.NewDigestFromEncoded(digest.Algorithm(algorithm), encoded)
if err := digest.Validate(); err != nil {
return nil, err
}
digests = append(digests, digest)
}
}
return digests, nil
}
3 changes: 2 additions & 1 deletion cmd/docker-nv2/notary_sign.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"github.com/notaryproject/nv2/cmd/docker-nv2/crypto"
"github.com/notaryproject/nv2/cmd/docker-nv2/docker"
ios "github.com/notaryproject/nv2/internal/os"
"github.com/opencontainers/go-digest"
"github.com/urfave/cli/v2"
)

Expand Down Expand Up @@ -57,7 +58,7 @@ func notarySign(ctx *cli.Context) error {
if err != nil {
return err
}
sigPath := config.SignaturePath(desc.Digest)
sigPath := config.SignaturePath(desc.Digest, digest.FromBytes(sig))
if err := ios.WriteFile(sigPath, sig); err != nil {
return err
}
Expand Down
40 changes: 26 additions & 14 deletions cmd/docker-nv2/push.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"io"
"io/ioutil"
"os"
"os/exec"
"strconv"
Expand Down Expand Up @@ -37,29 +36,42 @@ func pushImage(ctx *cli.Context) error {
}

fmt.Println("Pushing signature")
sigPath := config.SignaturePath(desc.Digest)
sig, err := ioutil.ReadFile(sigPath)
sigDigests, err := config.SignatureDigests(desc.Digest)
if err != nil {
if os.IsNotExist(err) {
return errors.New("signature not found")
}
return err
}
if len(sigDigests) == 0 {
return errors.New("no signatures found")
}

client, err := docker.GetSignatureRepository(ctx.Context, ctx.Args().First())
if err != nil {
return err
}
sigDesc, err := client.Put(ctx.Context, sig)
if err != nil {
return err
}
pushSignature := func(sigDigest digest.Digest) error {
sigPath := config.SignaturePath(desc.Digest, sigDigest)
sig, err := os.ReadFile(sigPath)
if err != nil {
return err
}

artifactDesc, err := client.Link(ctx.Context, desc, sigDesc)
if err != nil {
return err
sigDesc, err := client.Put(ctx.Context, sig)
if err != nil {
return err
}

artifactDesc, err := client.Link(ctx.Context, desc, sigDesc)
if err != nil {
return err
}
fmt.Println("signature manifest digest:", artifactDesc.Digest, "size:", artifactDesc.Size)
return nil
}
for _, sigDigest := range sigDigests {
if err := pushSignature(sigDigest); err != nil {
return err
}
}
fmt.Println("signature manifest digest:", artifactDesc.Digest, "size:", artifactDesc.Size)

return nil
}
Expand Down