From 8bd2545d2d47ac85c7dea8cd18b34a7653a35ebf Mon Sep 17 00:00:00 2001
From: Shiwei Zhang <shizh@microsoft.com>
Date: Sun, 25 Apr 2021 13:40:45 +0800
Subject: [PATCH] Explicit add original references when signing

Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
---
 cmd/docker-nv2/notary_sign.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/cmd/docker-nv2/notary_sign.go b/cmd/docker-nv2/notary_sign.go
index 2102eabe9..a3d7e00ab 100644
--- a/cmd/docker-nv2/notary_sign.go
+++ b/cmd/docker-nv2/notary_sign.go
@@ -29,6 +29,15 @@ var notarySignCommand = &cli.Command{
 			Usage:     "signing cert",
 			TakesFile: true,
 		},
+		&cli.StringSliceFlag{
+			Name:    "reference",
+			Aliases: []string{"r"},
+			Usage:   "original references",
+		},
+		&cli.BoolFlag{
+			Name:  "origin",
+			Usage: "mark the current reference as a original reference",
+		},
 	},
 	Action: notarySign,
 }
@@ -54,7 +63,12 @@ func notarySign(ctx *cli.Context) error {
 	}
 
 	fmt.Println("Signing", desc.Digest)
-	sig, err := service.Sign(ctx.Context, desc, reference)
+	var references []string
+	if ctx.Bool("origin") {
+		references = append(references, reference)
+	}
+	references = append(references, ctx.StringSlice("reference")...)
+	sig, err := service.Sign(ctx.Context, desc, references...)
 	if err != nil {
 		return err
 	}