func init() {
yubikey.SetYubikeyKeyMode(yubikey.KeymodeNone)
regRetriver := passphrase.PromptRetriever()
_retriever := func(k, a string, c bool, n int) (string, bool, error) {
if k == "Yubikey" {
return regRetriver(k, a, c, n)
}
return testPassphrase, false, nil
}
// best effort at removing keys here, so nil is fine
s, err := yubikey.NewYubiKeyStore(nil, _retriever)
if err != nil {
for k := range s.ListKeys() {
s.RemoveKey(k)
}
}
NewNotaryCommand = func() *cobra.Command {
commander := ¬aryCommander{
getRetriever: func() passphrase.Retriever { return _retriever },
}
return commander.GetCommand()
}
}
func getPassphraseRetriever() passphrase.Retriever {
baseRetriever := passphrase.PromptRetriever()
env := map[string]string{
"root": os.Getenv("NOTARY_ROOT_PASSPHRASE"),
"targets": os.Getenv("NOTARY_TARGETS_PASSPHRASE"),
"snapshot": os.Getenv("NOTARY_SNAPSHOT_PASSPHRASE"),
}
return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
if v := env[alias]; v != "" {
return v, numAttempts > 1, nil
}
return baseRetriever(keyName, alias, createNew, numAttempts)
}
}
func getPassphraseRetriever() notary.PassRetriever {
baseRetriever := passphrase.PromptRetriever()
env := map[string]string{
"root": os.Getenv("NOTARY_ROOT_PASSPHRASE"),
"targets": os.Getenv("NOTARY_TARGETS_PASSPHRASE"),
"snapshot": os.Getenv("NOTARY_SNAPSHOT_PASSPHRASE"),
"delegation": os.Getenv("NOTARY_DELEGATION_PASSPHRASE"),
}
return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
if v := env[alias]; v != "" {
return v, numAttempts > 1, nil
}
// For delegation roles, we can also try the "delegation" alias if it is specified
// Note that we don't check if the role name is for a delegation to allow for names like "user"
// since delegation keys can be shared across repositories
if v := env["delegation"]; v != "" {
return v, numAttempts > 1, nil
}
return baseRetriever(keyName, alias, createNew, numAttempts)
}
}
