From e183721b830d9f9b37f33523ae55b292876f35cf Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 19 May 2023 09:26:54 +0800 Subject: [PATCH 1/8] renamed --plain-http to --insecure-registry; updated descriptions Signed-off-by: Patrick Zheng --- cmd/notation/common.go | 18 +++++++++--------- cmd/notation/inspect_test.go | 8 ++++---- cmd/notation/list_test.go | 8 ++++---- cmd/notation/registry.go | 18 +++++++++--------- cmd/notation/registry_test.go | 6 +++--- cmd/notation/sign_test.go | 8 ++++---- cmd/notation/verify_test.go | 4 ++-- specs/commandline/inspect.md | 2 +- specs/commandline/list.md | 2 +- specs/commandline/login.md | 14 +++++++------- specs/commandline/sign.md | 2 +- specs/commandline/verify.md | 2 +- 12 files changed, 46 insertions(+), 46 deletions(-) diff --git a/cmd/notation/common.go b/cmd/notation/common.go index 674da7f84..08298d353 100644 --- a/cmd/notation/common.go +++ b/cmd/notation/common.go @@ -31,27 +31,27 @@ var ( fs.StringVarP(p, flagPassword.Name, flagPassword.Shorthand, "", flagPassword.Usage) } - flagPlainHTTP = &pflag.Flag{ - Name: "plain-http", - Usage: "registry access via plain HTTP", + flagInsecureRegistry = &pflag.Flag{ + Name: "insecure-registry", + Usage: "use HTTP protocol while connecting to registries. Use it only for testing purposes", DefValue: "false", } - setFlagPlainHTTP = func(fs *pflag.FlagSet, p *bool) { - fs.BoolVar(p, flagPlainHTTP.Name, false, flagPlainHTTP.Usage) + setFlagInsecureRegistry = func(fs *pflag.FlagSet, p *bool) { + fs.BoolVar(p, flagInsecureRegistry.Name, false, flagInsecureRegistry.Usage) } ) type SecureFlagOpts struct { - Username string - Password string - PlainHTTP bool + Username string + Password string + InsecureRegistry bool } // ApplyFlags set flags and their default values for the FlagSet func (opts *SecureFlagOpts) ApplyFlags(fs *pflag.FlagSet) { setflagUsername(fs, &opts.Username) setFlagPassword(fs, &opts.Password) - setFlagPlainHTTP(fs, &opts.PlainHTTP) + setFlagInsecureRegistry(fs, &opts.InsecureRegistry) opts.Username = os.Getenv(defaultUsernameEnv) opts.Password = os.Getenv(defaultPasswordEnv) } diff --git a/cmd/notation/inspect_test.go b/cmd/notation/inspect_test.go index e143c3003..20234adaf 100644 --- a/cmd/notation/inspect_test.go +++ b/cmd/notation/inspect_test.go @@ -12,9 +12,9 @@ func TestInspectCommand_SecretsFromArgs(t *testing.T) { expected := &inspectOpts{ reference: "ref", SecureFlagOpts: SecureFlagOpts{ - Password: "password", - PlainHTTP: true, - Username: "user", + Password: "password", + InsecureRegistry: true, + Username: "user", }, outputFormat: cmd.OutputPlaintext, } @@ -22,7 +22,7 @@ func TestInspectCommand_SecretsFromArgs(t *testing.T) { "--password", expected.Password, expected.reference, "-u", expected.Username, - "--plain-http", + "--insecure-registry", "--output", "text"}); err != nil { t.Fatalf("Parse Flag failed: %v", err) } diff --git a/cmd/notation/list_test.go b/cmd/notation/list_test.go index 4f9a7eae3..e60b326d3 100644 --- a/cmd/notation/list_test.go +++ b/cmd/notation/list_test.go @@ -10,16 +10,16 @@ func TestListCommand_SecretsFromArgs(t *testing.T) { expected := &listOpts{ reference: "ref", SecureFlagOpts: SecureFlagOpts{ - Password: "password", - PlainHTTP: true, - Username: "user", + Password: "password", + InsecureRegistry: true, + Username: "user", }, } if err := cmd.ParseFlags([]string{ "--password", expected.Password, expected.reference, "-u", expected.Username, - "--plain-http"}); err != nil { + "--insecure-registry"}); err != nil { t.Fatalf("Parse Flag failed: %v", err) } if err := cmd.Args(cmd, cmd.Flags().Args()); err != nil { diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go index 7e6dca150..c05c6b419 100644 --- a/cmd/notation/registry.go +++ b/cmd/notation/registry.go @@ -80,7 +80,7 @@ func getRemoteRepository(ctx context.Context, opts *SecureFlagOpts, reference st } func getRepositoryClient(ctx context.Context, opts *SecureFlagOpts, ref registry.Reference) (*remote.Repository, error) { - authClient, plainHTTP, err := getAuthClient(ctx, opts, ref) + authClient, insecureRegistry, err := getAuthClient(ctx, opts, ref) if err != nil { return nil, err } @@ -88,7 +88,7 @@ func getRepositoryClient(ctx context.Context, opts *SecureFlagOpts, ref registry return &remote.Repository{ Client: authClient, Reference: ref, - PlainHTTP: plainHTTP, + PlainHTTP: insecureRegistry, }, nil } @@ -119,15 +119,15 @@ func setHttpDebugLog(ctx context.Context, authClient *auth.Client) { } func getAuthClient(ctx context.Context, opts *SecureFlagOpts, ref registry.Reference) (*auth.Client, bool, error) { - var plainHTTP bool + var insecureRegistry bool - if opts.PlainHTTP { - plainHTTP = opts.PlainHTTP + if opts.InsecureRegistry { + insecureRegistry = opts.InsecureRegistry } else { - plainHTTP = configutil.IsRegistryInsecure(ref.Registry) - if !plainHTTP { + insecureRegistry = configutil.IsRegistryInsecure(ref.Registry) + if !insecureRegistry { if host, _, _ := net.SplitHostPort(ref.Registry); host == "localhost" { - plainHTTP = true + insecureRegistry = true } } } @@ -166,7 +166,7 @@ func getAuthClient(ctx context.Context, opts *SecureFlagOpts, ref registry.Refer // update authClient setHttpDebugLog(ctx, authClient) - return authClient, plainHTTP, nil + return authClient, insecureRegistry, nil } func getSavedCreds(ctx context.Context, serverAddress string) (auth.Credential, error) { diff --git a/cmd/notation/registry_test.go b/cmd/notation/registry_test.go index 33f659937..f87dc89d6 100644 --- a/cmd/notation/registry_test.go +++ b/cmd/notation/registry_test.go @@ -34,7 +34,7 @@ func TestRegistry_getRemoteRepositoryWithReferrersAPISupported(t *testing.T) { t.Fatalf("invalid test http server: %v", err) } secureOpts := SecureFlagOpts{ - PlainHTTP: true, + InsecureRegistry: true, } _, err = getRemoteRepository(context.Background(), &secureOpts, uri.Host+"/test", true) if err != nil { @@ -61,7 +61,7 @@ func TestRegistry_getRemoteRepositoryWithReferrersAPINotSupported(t *testing.T) t.Fatalf("invalid test http server: %v", err) } secureOpts := SecureFlagOpts{ - PlainHTTP: true, + InsecureRegistry: true, } _, err = getRemoteRepository(context.Background(), &secureOpts, uri.Host+"/test", true) if err != nil { @@ -85,7 +85,7 @@ func TestRegistry_getRemoteRepositoryWithReferrersTagSchema(t *testing.T) { t.Fatalf("invalid test http server: %v", err) } secureOpts := SecureFlagOpts{ - PlainHTTP: true, + InsecureRegistry: true, } _, err = getRemoteRepository(context.Background(), &secureOpts, uri.Host+"/test", false) if err != nil { diff --git a/cmd/notation/sign_test.go b/cmd/notation/sign_test.go index 242518ea2..a7e6bfacd 100644 --- a/cmd/notation/sign_test.go +++ b/cmd/notation/sign_test.go @@ -45,9 +45,9 @@ func TestSignCommand_MoreArgs(t *testing.T) { expected := &signOpts{ reference: "ref", SecureFlagOpts: SecureFlagOpts{ - Username: "user", - Password: "password", - PlainHTTP: true, + Username: "user", + Password: "password", + InsecureRegistry: true, }, SignerFlagOpts: cmd.SignerFlagOpts{ Key: "key", @@ -61,7 +61,7 @@ func TestSignCommand_MoreArgs(t *testing.T) { "-u", expected.Username, "-p", expected.Password, "--key", expected.Key, - "--plain-http", + "--insecure-registry", "--signature-format", expected.SignerFlagOpts.SignatureFormat, "--expiry", expected.expiry.String(), "--allow-referrers-api"}); err != nil { diff --git a/cmd/notation/verify_test.go b/cmd/notation/verify_test.go index 69d879f25..f1ac69b72 100644 --- a/cmd/notation/verify_test.go +++ b/cmd/notation/verify_test.go @@ -37,13 +37,13 @@ func TestVerifyCommand_MoreArgs(t *testing.T) { expected := &verifyOpts{ reference: "ref", SecureFlagOpts: SecureFlagOpts{ - PlainHTTP: true, + InsecureRegistry: true, }, pluginConfig: []string{"key1=val1", "key2=val2"}, } if err := command.ParseFlags([]string{ expected.reference, - "--plain-http", + "--insecure-registry", "--plugin-config", "key1=val1", "--plugin-config", "key2=val2"}); err != nil { t.Fatalf("Parse Flag failed: %v", err) diff --git a/specs/commandline/inspect.md b/specs/commandline/inspect.md index 6fa6e1fc9..36a2afb4b 100644 --- a/specs/commandline/inspect.md +++ b/specs/commandline/inspect.md @@ -36,9 +36,9 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to inspect signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for inspect + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes -o, --output string output format, options: 'json', 'text' (default "text") -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) - --plain-http registry access via plain HTTP -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) -v, --verbose verbose mode ``` diff --git a/specs/commandline/list.md b/specs/commandline/list.md index 1e0084980..207511368 100644 --- a/specs/commandline/list.md +++ b/specs/commandline/list.md @@ -30,9 +30,9 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to list signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for list + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes --oci-layout [Experimental] list signatures stored in OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) - --plain-http registry access via plain HTTP -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) -v, --verbose verbose mode ``` diff --git a/specs/commandline/login.md b/specs/commandline/login.md index 400ac8836..9c1cf1428 100644 --- a/specs/commandline/login.md +++ b/specs/commandline/login.md @@ -13,13 +13,13 @@ Usage: notation login [flags] Flags: - -d, --debug debug mode - -h, --help help for login - -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) - --password-stdin take the password from stdin - --plain-http registry access via plain HTTP - -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) - -v, --verbose verbose mode + -d, --debug debug mode + -h, --help help for login + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) + --password-stdin take the password from stdin + -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) + -v, --verbose verbose mode ``` ## Usage diff --git a/specs/commandline/sign.md b/specs/commandline/sign.md index 7200dc59a..d867bee29 100644 --- a/specs/commandline/sign.md +++ b/specs/commandline/sign.md @@ -33,10 +33,10 @@ Flags: -e, --expiry duration optional expiry that provides a "best by use" time for the artifact. The duration is specified in minutes(m) and/or hours(h). For example: 12h, 30m, 3h20m -h, --help help for sign --id string key id (required if --plugin is set). This is mutually exclusive with the --key flag + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes -k, --key string signing key name, for a key previously added to notation's key list. This is mutually exclusive with the --id and --plugin flags --oci-layout [Experimental] sign the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) - --plain-http registry access via plain HTTP --plugin string signing plugin name. This is mutually exclusive with the --key flag --plugin-config stringArray {key}={value} pairs that are passed as it is to a plugin, refer plugin's documentation to set appropriate values. --signature-format string signature envelope format, options: "jws", "cose" (default "jws") diff --git a/specs/commandline/verify.md b/specs/commandline/verify.md index a9ffa23d1..a03331c33 100644 --- a/specs/commandline/verify.md +++ b/specs/commandline/verify.md @@ -38,9 +38,9 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to verify signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for verify + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes --oci-layout [Experimental] verify the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) - --plain-http registry access via plain HTTP --plugin-config stringArray {key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values --scope string [Experimental] set trust policy scope for artifact verification, required and can only be used when flag "--oci-layout" is set -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) From a5dd35b1c99a81472bcff7b1bfe160a1b83f7ec7 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 19 May 2023 14:16:10 +0800 Subject: [PATCH 2/8] update based on discussions Signed-off-by: Patrick Zheng --- cmd/notation/common.go | 11 ++++++++++- cmd/notation/registry.go | 1 - 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cmd/notation/common.go b/cmd/notation/common.go index 08298d353..c4477fcf2 100644 --- a/cmd/notation/common.go +++ b/cmd/notation/common.go @@ -33,7 +33,7 @@ var ( flagInsecureRegistry = &pflag.Flag{ Name: "insecure-registry", - Usage: "use HTTP protocol while connecting to registries. Use it only for testing purposes", + Usage: "use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http)", DefValue: "false", } setFlagInsecureRegistry = func(fs *pflag.FlagSet, p *bool) { @@ -52,6 +52,15 @@ func (opts *SecureFlagOpts) ApplyFlags(fs *pflag.FlagSet) { setflagUsername(fs, &opts.Username) setFlagPassword(fs, &opts.Password) setFlagInsecureRegistry(fs, &opts.InsecureRegistry) + fs.SetNormalizeFunc(aliasNormalizeFunc) opts.Username = os.Getenv(defaultUsernameEnv) opts.Password = os.Getenv(defaultPasswordEnv) } + +func aliasNormalizeFunc(f *pflag.FlagSet, name string) pflag.NormalizedName { + switch name { + case "plain-http": + name = "insecure-registry" + } + return pflag.NormalizedName(name) +} diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go index c05c6b419..299a62db3 100644 --- a/cmd/notation/registry.go +++ b/cmd/notation/registry.go @@ -120,7 +120,6 @@ func setHttpDebugLog(ctx context.Context, authClient *auth.Client) { func getAuthClient(ctx context.Context, opts *SecureFlagOpts, ref registry.Reference) (*auth.Client, bool, error) { var insecureRegistry bool - if opts.InsecureRegistry { insecureRegistry = opts.InsecureRegistry } else { From d7d1b6d272f824225ebc81f0dc138869ca91ffaa Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Fri, 19 May 2023 15:44:43 +0800 Subject: [PATCH 3/8] updated specs Signed-off-by: Patrick Zheng --- specs/commandline/inspect.md | 2 +- specs/commandline/list.md | 2 +- specs/commandline/login.md | 2 +- specs/commandline/sign.md | 2 +- specs/commandline/verify.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/specs/commandline/inspect.md b/specs/commandline/inspect.md index 36a2afb4b..965562f27 100644 --- a/specs/commandline/inspect.md +++ b/specs/commandline/inspect.md @@ -36,7 +36,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to inspect signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for inspect - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) -o, --output string output format, options: 'json', 'text' (default "text") -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/list.md b/specs/commandline/list.md index 207511368..49a395e8d 100644 --- a/specs/commandline/list.md +++ b/specs/commandline/list.md @@ -30,7 +30,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to list signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for list - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) --oci-layout [Experimental] list signatures stored in OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/login.md b/specs/commandline/login.md index 9c1cf1428..23d3780ea 100644 --- a/specs/commandline/login.md +++ b/specs/commandline/login.md @@ -15,7 +15,7 @@ Usage: Flags: -d, --debug debug mode -h, --help help for login - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) --password-stdin take the password from stdin -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/sign.md b/specs/commandline/sign.md index d867bee29..09356c394 100644 --- a/specs/commandline/sign.md +++ b/specs/commandline/sign.md @@ -33,7 +33,7 @@ Flags: -e, --expiry duration optional expiry that provides a "best by use" time for the artifact. The duration is specified in minutes(m) and/or hours(h). For example: 12h, 30m, 3h20m -h, --help help for sign --id string key id (required if --plugin is set). This is mutually exclusive with the --key flag - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) -k, --key string signing key name, for a key previously added to notation's key list. This is mutually exclusive with the --id and --plugin flags --oci-layout [Experimental] sign the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) diff --git a/specs/commandline/verify.md b/specs/commandline/verify.md index a03331c33..7889339f9 100644 --- a/specs/commandline/verify.md +++ b/specs/commandline/verify.md @@ -38,7 +38,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to verify signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for verify - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) --oci-layout [Experimental] verify the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) --plugin-config stringArray {key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values From 14dd144a1d00a3921f6da61653a41402344aa2de Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 22 May 2023 11:10:27 +0800 Subject: [PATCH 4/8] updated per code review Signed-off-by: Patrick Zheng --- cmd/notation/common.go | 11 +---------- cmd/notation/verify.go | 4 ++-- specs/commandline/inspect.md | 2 +- specs/commandline/list.md | 2 +- specs/commandline/login.md | 2 +- specs/commandline/sign.md | 2 +- specs/commandline/verify.md | 2 +- 7 files changed, 8 insertions(+), 17 deletions(-) diff --git a/cmd/notation/common.go b/cmd/notation/common.go index c4477fcf2..08298d353 100644 --- a/cmd/notation/common.go +++ b/cmd/notation/common.go @@ -33,7 +33,7 @@ var ( flagInsecureRegistry = &pflag.Flag{ Name: "insecure-registry", - Usage: "use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http)", + Usage: "use HTTP protocol while connecting to registries. Use it only for testing purposes", DefValue: "false", } setFlagInsecureRegistry = func(fs *pflag.FlagSet, p *bool) { @@ -52,15 +52,6 @@ func (opts *SecureFlagOpts) ApplyFlags(fs *pflag.FlagSet) { setflagUsername(fs, &opts.Username) setFlagPassword(fs, &opts.Password) setFlagInsecureRegistry(fs, &opts.InsecureRegistry) - fs.SetNormalizeFunc(aliasNormalizeFunc) opts.Username = os.Getenv(defaultUsernameEnv) opts.Password = os.Getenv(defaultPasswordEnv) } - -func aliasNormalizeFunc(f *pflag.FlagSet, name string) pflag.NormalizedName { - switch name { - case "plain-http": - name = "insecure-registry" - } - return pflag.NormalizedName(name) -} diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 6b038884b..10561661d 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -94,7 +94,7 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { ctx := opts.LoggingFlagOpts.SetLoggerLevel(command.Context()) // initialize - verifier, err := verifier.NewFromConfig() + sigVerifier, err := verifier.NewFromConfig() if err != nil { return err } @@ -131,7 +131,7 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { MaxSignatureAttempts: maxSignatureAttempts, UserMetadata: userMetadata, } - _, outcomes, err := notation.Verify(ctx, verifier, sigRepo, verifyOpts) + _, outcomes, err := notation.Verify(ctx, sigVerifier, sigRepo, verifyOpts) err = checkVerificationFailure(outcomes, resolvedRef, err) if err != nil { return err diff --git a/specs/commandline/inspect.md b/specs/commandline/inspect.md index 965562f27..36a2afb4b 100644 --- a/specs/commandline/inspect.md +++ b/specs/commandline/inspect.md @@ -36,7 +36,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to inspect signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for inspect - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes -o, --output string output format, options: 'json', 'text' (default "text") -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/list.md b/specs/commandline/list.md index 49a395e8d..207511368 100644 --- a/specs/commandline/list.md +++ b/specs/commandline/list.md @@ -30,7 +30,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to list signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for list - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes --oci-layout [Experimental] list signatures stored in OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/login.md b/specs/commandline/login.md index 23d3780ea..9c1cf1428 100644 --- a/specs/commandline/login.md +++ b/specs/commandline/login.md @@ -15,7 +15,7 @@ Usage: Flags: -d, --debug debug mode -h, --help help for login - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) --password-stdin take the password from stdin -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/sign.md b/specs/commandline/sign.md index 09356c394..499991913 100644 --- a/specs/commandline/sign.md +++ b/specs/commandline/sign.md @@ -33,7 +33,7 @@ Flags: -e, --expiry duration optional expiry that provides a "best by use" time for the artifact. The duration is specified in minutes(m) and/or hours(h). For example: 12h, 30m, 3h20m -h, --help help for sign --id string key id (required if --plugin is set). This is mutually exclusive with the --key flag - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes -k, --key string signing key name, for a key previously added to notation's key list. This is mutually exclusive with the --id and --plugin flags --oci-layout [Experimental] sign the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) diff --git a/specs/commandline/verify.md b/specs/commandline/verify.md index 7889339f9..a03331c33 100644 --- a/specs/commandline/verify.md +++ b/specs/commandline/verify.md @@ -38,7 +38,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to verify signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for verify - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes. (alias: --plain-http) + --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes --oci-layout [Experimental] verify the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) --plugin-config stringArray {key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values From f0bab7c18b3210b8c2521da41ad03c0b8b636900 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 22 May 2023 11:15:05 +0800 Subject: [PATCH 5/8] updated per code review Signed-off-by: Patrick Zheng --- cmd/notation/common.go | 2 +- specs/commandline/inspect.md | 2 +- specs/commandline/list.md | 2 +- specs/commandline/login.md | 2 +- specs/commandline/sign.md | 2 +- specs/commandline/verify.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cmd/notation/common.go b/cmd/notation/common.go index 08298d353..f8aac178f 100644 --- a/cmd/notation/common.go +++ b/cmd/notation/common.go @@ -33,7 +33,7 @@ var ( flagInsecureRegistry = &pflag.Flag{ Name: "insecure-registry", - Usage: "use HTTP protocol while connecting to registries. Use it only for testing purposes", + Usage: "use HTTP protocol while connecting to registries. Should be used only for testing", DefValue: "false", } setFlagInsecureRegistry = func(fs *pflag.FlagSet, p *bool) { diff --git a/specs/commandline/inspect.md b/specs/commandline/inspect.md index 36a2afb4b..1849d0530 100644 --- a/specs/commandline/inspect.md +++ b/specs/commandline/inspect.md @@ -36,7 +36,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to inspect signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for inspect - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Should be used only for testing -o, --output string output format, options: 'json', 'text' (default "text") -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/list.md b/specs/commandline/list.md index 207511368..4057cf68c 100644 --- a/specs/commandline/list.md +++ b/specs/commandline/list.md @@ -30,7 +30,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to list signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for list - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Should be used only for testing --oci-layout [Experimental] list signatures stored in OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/login.md b/specs/commandline/login.md index 9c1cf1428..90f37e5c2 100644 --- a/specs/commandline/login.md +++ b/specs/commandline/login.md @@ -15,7 +15,7 @@ Usage: Flags: -d, --debug debug mode -h, --help help for login - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Should be used only for testing -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) --password-stdin take the password from stdin -u, --username string username for registry operations (default to $NOTATION_USERNAME if not specified) diff --git a/specs/commandline/sign.md b/specs/commandline/sign.md index 499991913..5c3569d5d 100644 --- a/specs/commandline/sign.md +++ b/specs/commandline/sign.md @@ -33,7 +33,7 @@ Flags: -e, --expiry duration optional expiry that provides a "best by use" time for the artifact. The duration is specified in minutes(m) and/or hours(h). For example: 12h, 30m, 3h20m -h, --help help for sign --id string key id (required if --plugin is set). This is mutually exclusive with the --key flag - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Should be used only for testing -k, --key string signing key name, for a key previously added to notation's key list. This is mutually exclusive with the --id and --plugin flags --oci-layout [Experimental] sign the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) diff --git a/specs/commandline/verify.md b/specs/commandline/verify.md index a03331c33..819b1065c 100644 --- a/specs/commandline/verify.md +++ b/specs/commandline/verify.md @@ -38,7 +38,7 @@ Flags: --allow-referrers-api [Experimental] use the Referrers API to verify signatures, if not supported (returns 404), fallback to the Referrers tag schema -d, --debug debug mode -h, --help help for verify - --insecure-registry use HTTP protocol while connecting to registries. Use it only for testing purposes + --insecure-registry use HTTP protocol while connecting to registries. Should be used only for testing --oci-layout [Experimental] verify the artifact stored as OCI image layout -p, --password string password for registry operations (default to $NOTATION_PASSWORD if not specified) --plugin-config stringArray {key}={value} pairs that are passed as it is to a plugin, if the verification is associated with a verification plugin, refer plugin documentation to set appropriate values From 13f7038c133ff665d0ea42ecea435e4bb81c885d Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 22 May 2023 11:20:33 +0800 Subject: [PATCH 6/8] update Signed-off-by: Patrick Zheng --- cmd/notation/verify.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index 10561661d..6b038884b 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -94,7 +94,7 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { ctx := opts.LoggingFlagOpts.SetLoggerLevel(command.Context()) // initialize - sigVerifier, err := verifier.NewFromConfig() + verifier, err := verifier.NewFromConfig() if err != nil { return err } @@ -131,7 +131,7 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { MaxSignatureAttempts: maxSignatureAttempts, UserMetadata: userMetadata, } - _, outcomes, err := notation.Verify(ctx, sigVerifier, sigRepo, verifyOpts) + _, outcomes, err := notation.Verify(ctx, verifier, sigRepo, verifyOpts) err = checkVerificationFailure(outcomes, resolvedRef, err) if err != nil { return err From bc5e9db1e20acf3758bc5936286a667a68e0d5c2 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 22 May 2023 14:37:11 +0800 Subject: [PATCH 7/8] updated notation-go dependency Signed-off-by: Patrick Zheng --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ad3d4744f..9295d7059 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( github.com/docker/docker-credential-helpers v0.7.0 github.com/notaryproject/notation-core-go v1.0.0-rc.3 - github.com/notaryproject/notation-go v1.0.0-rc.5 + github.com/notaryproject/notation-go v1.0.0-rc.5.0.20230519221619-15c8ff82d58a github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc.3 github.com/sirupsen/logrus v1.9.0 diff --git a/go.sum b/go.sum index ba923a864..87b0d6c7e 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v1.0.0-rc.3 h1:ukRBOwctPF0bWLFs+ThDHwgj+L3+AHdyaOqmziLp8w0= github.com/notaryproject/notation-core-go v1.0.0-rc.3/go.mod h1:XWAlhOksW+c9AA/TyobkPv5Xoz8RWGwOAoDdybZLEiI= -github.com/notaryproject/notation-go v1.0.0-rc.5 h1:LduZJHOR9oONyL/CFgDg7lKudiQNKDT/lWEyVlVSN0c= -github.com/notaryproject/notation-go v1.0.0-rc.5/go.mod h1:HTLaDq84hp2wAU2ZpeucH/9nJRg7PnufVtCU4dhz/X8= +github.com/notaryproject/notation-go v1.0.0-rc.5.0.20230519221619-15c8ff82d58a h1:WUoScbQP0rZty3ufjfkgsN/vrqxebpb7f+BIDue4vp8= +github.com/notaryproject/notation-go v1.0.0-rc.5.0.20230519221619-15c8ff82d58a/go.mod h1:HTLaDq84hp2wAU2ZpeucH/9nJRg7PnufVtCU4dhz/X8= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc.3 h1:GT9Xon8YrLxz6N7sErbN81V8J4lOQKGUZQmI3ioviqU= From 2b50e153e7d68d831a3d034690ee338a45ebb641 Mon Sep 17 00:00:00 2001 From: Patrick Zheng Date: Mon, 22 May 2023 16:11:04 +0800 Subject: [PATCH 8/8] update Signed-off-by: Patrick Zheng --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9295d7059..ad3d4744f 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( github.com/docker/docker-credential-helpers v0.7.0 github.com/notaryproject/notation-core-go v1.0.0-rc.3 - github.com/notaryproject/notation-go v1.0.0-rc.5.0.20230519221619-15c8ff82d58a + github.com/notaryproject/notation-go v1.0.0-rc.5 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc.3 github.com/sirupsen/logrus v1.9.0 diff --git a/go.sum b/go.sum index 87b0d6c7e..ba923a864 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/notaryproject/notation-core-go v1.0.0-rc.3 h1:ukRBOwctPF0bWLFs+ThDHwgj+L3+AHdyaOqmziLp8w0= github.com/notaryproject/notation-core-go v1.0.0-rc.3/go.mod h1:XWAlhOksW+c9AA/TyobkPv5Xoz8RWGwOAoDdybZLEiI= -github.com/notaryproject/notation-go v1.0.0-rc.5.0.20230519221619-15c8ff82d58a h1:WUoScbQP0rZty3ufjfkgsN/vrqxebpb7f+BIDue4vp8= -github.com/notaryproject/notation-go v1.0.0-rc.5.0.20230519221619-15c8ff82d58a/go.mod h1:HTLaDq84hp2wAU2ZpeucH/9nJRg7PnufVtCU4dhz/X8= +github.com/notaryproject/notation-go v1.0.0-rc.5 h1:LduZJHOR9oONyL/CFgDg7lKudiQNKDT/lWEyVlVSN0c= +github.com/notaryproject/notation-go v1.0.0-rc.5/go.mod h1:HTLaDq84hp2wAU2ZpeucH/9nJRg7PnufVtCU4dhz/X8= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc.3 h1:GT9Xon8YrLxz6N7sErbN81V8J4lOQKGUZQmI3ioviqU=