func (t *tufCommander) tufList(cmd *cobra.Command, args []string) error { if len(args) < 1 { cmd.Usage() return fmt.Errorf("Must specify a GUN") } config, err := t.configGetter() if err != nil { return err } gun := args[0] rt, err := getTransport(config, gun, true) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever) if err != nil { return err } // Retrieve the remote list of signed targets, prioritizing the passed-in list over targets roles := append(t.roles, data.CanonicalTargetsRole) targetList, err := nRepo.ListTargets(roles...) if err != nil { return err } prettyPrintTargets(targetList, cmd.Out()) return nil }
func (t *tufCommander) tufAdd(cmd *cobra.Command, args []string) error { if len(args) < 3 { cmd.Usage() return fmt.Errorf("Must specify a GUN, target, and path to target data") } config, err := t.configGetter() if err != nil { return err } gun := args[0] targetName := args[1] targetPath := args[2] // no online operations are performed by add so the transport argument // should be nil nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever) if err != nil { return err } target, err := notaryclient.NewTarget(targetName, targetPath) if err != nil { return err } // If roles is empty, we default to adding to targets if err = nRepo.AddTarget(target, t.roles...); err != nil { return err } cmd.Printf( "Addition of target \"%s\" to repository \"%s\" staged for next publish.\n", targetName, gun) return nil }
func (s *DockerTrustSuite) setupDelegations(c *check.C, repoName, pwd string) { initCmd := exec.Command(notaryClientBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "init", repoName) notaryClientEnv(initCmd, pwd, pwd) out, _, err := runCommandWithOutput(initCmd) if err != nil { c.Fatalf("Error initializing notary repository: %s\n", out) } // no command line for this, so build by hand nRepo, err := client.NewNotaryRepository(filepath.Join(cliconfig.ConfigDir(), "trust"), repoName, notaryURL, nil, passphrase.ConstantRetriever(pwd)) if err != nil { c.Fatalf("Error creating notary repository: %s\n", err) } delgKey, err := nRepo.CryptoService.Create("targets/releases", data.ECDSAKey) if err != nil { c.Fatalf("Error creating delegation key: %s\n", err) } err = nRepo.AddDelegation("targets/releases", []data.PublicKey{delgKey}, []string{""}) if err != nil { c.Fatalf("Error creating delegation: %s\n", err) } // publishing first simulates the client pushing to a repo that they have been given delegated access to pubCmd := exec.Command(notaryClientBinary, "-c", filepath.Join(s.not.dir, "client-config.json"), "publish", repoName) notaryClientEnv(pubCmd, pwd, pwd) out, _, err = runCommandWithOutput(pubCmd) if err != nil { c.Fatalf("Error publishing notary repository: %s\n", out) } }
func (t *tufCommander) tufLookup(cmd *cobra.Command, args []string) error { if len(args) < 2 { cmd.Usage() return fmt.Errorf("Must specify a GUN and target") } config, err := t.configGetter() if err != nil { return err } gun := args[0] targetName := args[1] rt, err := getTransport(config, gun, true) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever) if err != nil { return err } target, err := nRepo.GetTargetByName(targetName) if err != nil { return err } cmd.Println(target.Name, fmt.Sprintf("sha256:%x", target.Hashes["sha256"]), target.Length) return nil }
func (t *tufCommander) tufRemove(cmd *cobra.Command, args []string) error { if len(args) < 2 { return fmt.Errorf("Must specify a GUN and target") } config, err := t.configGetter() if err != nil { return err } gun := args[0] targetName := args[1] trustPin, err := getTrustPinning(config) if err != nil { return err } // no online operation are performed by remove so the transport argument // should be nil. repo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever, trustPin) if err != nil { return err } // If roles is empty, we default to removing from targets if err = repo.RemoveTarget(targetName, t.roles...); err != nil { return err } cmd.Printf("Removal of %s from %s staged for next publish.\n", targetName, gun) return nil }
func (t *tufCommander) tufPublish(cmd *cobra.Command, args []string) error { if len(args) < 1 { cmd.Usage() return fmt.Errorf("Must specify a GUN") } config, err := t.configGetter() if err != nil { return err } gun := args[0] cmd.Println("Pushing changes to", gun) rt, err := getTransport(config, gun, false) if err != nil { return err } trustPin, err := getTrustPinning(config) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever, trustPin) if err != nil { return err } if err = nRepo.Publish(); err != nil { return err } return nil }
// The command line uses NotaryRepository's RotateKey - this is just testing // that the correct config variables are passed for the client to request a key // from the remote server. func TestRotateKeyRemoteServerManagesKey(t *testing.T) { // Temporary directory where test files will be created tempBaseDir, err := ioutil.TempDir("/tmp", "notary-test-") defer os.RemoveAll(tempBaseDir) assert.NoError(t, err, "failed to create a temporary directory: %s", err) gun := "docker.com/notary" ret := passphrase.ConstantRetriever("pass") ts, initialKeys := setUpRepo(t, tempBaseDir, gun, ret) defer ts.Close() k := &keyCommander{ configGetter: func() (*viper.Viper, error) { v := viper.New() v.SetDefault("trust_dir", tempBaseDir) v.SetDefault("remote_server.url", ts.URL) return v, nil }, getRetriever: func() passphrase.Retriever { return ret }, rotateKeyRole: data.CanonicalSnapshotRole, rotateKeyServerManaged: true, } err = k.keysRotate(&cobra.Command{}, []string{gun}) assert.NoError(t, err) repo, err := client.NewNotaryRepository(tempBaseDir, gun, ts.URL, nil, ret) assert.NoError(t, err, "error creating repo: %s", err) cl, err := repo.GetChangelist() assert.NoError(t, err, "unable to get changelist: %v", err) assert.Len(t, cl.List(), 1) // no keys have been created, since a remote key was specified assert.Equal(t, initialKeys, repo.CryptoService.ListAllKeys()) }
// initialize a repo with keys, so they can be rotated func setUpRepo(t *testing.T, tempBaseDir, gun string, ret passphrase.Retriever) ( *httptest.Server, map[string]string) { // server that always returns 200 (and a key) key, err := trustmanager.GenerateECDSAKey(rand.Reader) assert.NoError(t, err) pubKey := data.PublicKeyFromPrivate(key) jsonBytes, err := json.MarshalCanonical(&pubKey) assert.NoError(t, err) keyJSON := string(jsonBytes) ts := httptest.NewServer(http.HandlerFunc( func(w http.ResponseWriter, r *http.Request) { fmt.Fprint(w, keyJSON) })) repo, err := client.NewNotaryRepository( tempBaseDir, gun, ts.URL, http.DefaultTransport, ret) assert.NoError(t, err, "error creating repo: %s", err) rootPubKey, err := repo.CryptoService.Create("root", data.ECDSAKey) assert.NoError(t, err, "error generating root key: %s", err) err = repo.Initialize(rootPubKey.ID()) assert.NoError(t, err) return ts, repo.CryptoService.ListAllKeys() }
// initialize a repo with keys, so they can be rotated func setUpRepo(t *testing.T, tempBaseDir, gun string, ret notary.PassRetriever) ( *httptest.Server, map[string]string) { // Set up server ctx := context.WithValue( context.Background(), "metaStore", storage.NewMemStorage()) // Do not pass one of the const KeyAlgorithms here as the value! Passing a // string is in itself good test that we are handling it correctly as we // will be receiving a string from the configuration. ctx = context.WithValue(ctx, "keyAlgorithm", "ecdsa") // Eat the logs instead of spewing them out l := logrus.New() l.Out = bytes.NewBuffer(nil) ctx = ctxu.WithLogger(ctx, logrus.NewEntry(l)) cryptoService := cryptoservice.NewCryptoService(trustmanager.NewKeyMemoryStore(ret)) ts := httptest.NewServer(server.RootHandler(nil, ctx, cryptoService, nil, nil, nil)) repo, err := client.NewNotaryRepository( tempBaseDir, gun, ts.URL, http.DefaultTransport, ret, trustpinning.TrustPinConfig{}) require.NoError(t, err, "error creating repo: %s", err) rootPubKey, err := repo.CryptoService.Create("root", "", data.ECDSAKey) require.NoError(t, err, "error generating root key: %s", err) err = repo.Initialize(rootPubKey.ID()) require.NoError(t, err) return ts, repo.CryptoService.ListAllKeys() }
func tufAdd(cmd *cobra.Command, args []string) { if len(args) < 3 { cmd.Usage() fatalf("must specify a GUN, target, and path to target data") } gun := args[0] targetName := args[1] targetPath := args[2] repo, err := notaryclient.NewNotaryRepository(viper.GetString("baseTrustDir"), gun, hardcodedBaseURL, getInsecureTransport()) if err != nil { fatalf(err.Error()) } target, err := notaryclient.NewTarget(targetName, targetPath) if err != nil { fatalf(err.Error()) } err = repo.AddTarget(target) if err != nil { fatalf(err.Error()) } fmt.Println("Successfully added targets") }
func tufStatus(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify a GUN") } gun := args[0] parseConfig() nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), nil, retriever) if err != nil { fatalf(err.Error()) } cl, err := nRepo.GetChangelist() if err != nil { fatalf(err.Error()) } if len(cl.List()) == 0 { fmt.Printf("No unpublished changes for %s\n", gun) return } fmt.Printf("Unpublished changes for %s:\n\n", gun) fmt.Printf("%-10s%-10s%-12s%s\n", "action", "scope", "type", "path") fmt.Println("----------------------------------------------------") for _, ch := range cl.List() { fmt.Printf("%-10s%-10s%-12s%s\n", ch.Action(), ch.Scope(), ch.Type(), ch.Path()) } }
func tufAdd(cmd *cobra.Command, args []string) { if len(args) < 3 { cmd.Usage() fatalf("must specify a GUN, target, and path to target data") } gun := args[0] targetName := args[1] targetPath := args[2] parseConfig() // no online operations are performed by add so the transport argument // should be nil nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), nil, retriever) if err != nil { fatalf(err.Error()) } target, err := notaryclient.NewTarget(targetName, targetPath) if err != nil { fatalf(err.Error()) } err = nRepo.AddTarget(target) if err != nil { fatalf(err.Error()) } fmt.Printf("Addition of %s to %s staged for next publish.\n", targetName, gun) }
// The command line uses NotaryRepository's RotateKey - this is just testing // that multiple keys can be rotated at once locally func TestRotateKeyBothKeys(t *testing.T) { setUp(t) // Temporary directory where test files will be created tempBaseDir, err := ioutil.TempDir("/tmp", "notary-test-") defer os.RemoveAll(tempBaseDir) require.NoError(t, err, "failed to create a temporary directory: %s", err) gun := "docker.com/notary" ret := passphrase.ConstantRetriever("pass") ts, initialKeys := setUpRepo(t, tempBaseDir, gun, ret) defer ts.Close() k := &keyCommander{ configGetter: func() (*viper.Viper, error) { v := viper.New() v.SetDefault("trust_dir", tempBaseDir) v.SetDefault("remote_server.url", ts.URL) return v, nil }, getRetriever: func() notary.PassRetriever { return ret }, } require.NoError(t, k.keysRotate(&cobra.Command{}, []string{gun, data.CanonicalTargetsRole})) require.NoError(t, k.keysRotate(&cobra.Command{}, []string{gun, data.CanonicalSnapshotRole})) repo, err := client.NewNotaryRepository(tempBaseDir, gun, ts.URL, nil, ret, trustpinning.TrustPinConfig{}) require.NoError(t, err, "error creating repo: %s", err) cl, err := repo.GetChangelist() require.NoError(t, err, "unable to get changelist: %v", err) require.Len(t, cl.List(), 0) // two new keys have been created, and the old keys should still be gone newKeys := repo.CryptoService.ListAllKeys() // there should be 3 keys - snapshot, targets, and root require.Len(t, newKeys, 3) // the old snapshot/targets keys should be gone for keyID, role := range initialKeys { r, ok := newKeys[keyID] switch r { case data.CanonicalSnapshotRole, data.CanonicalTargetsRole: require.False(t, ok, "original key %s still there", keyID) case data.CanonicalRootRole: require.Equal(t, role, r) require.True(t, ok, "old root key has changed") } } found := make(map[string]bool) for _, role := range newKeys { found[role] = true } require.True(t, found[data.CanonicalTargetsRole], "targets key was not created") require.True(t, found[data.CanonicalSnapshotRole], "snapshot key was not created") require.True(t, found[data.CanonicalRootRole], "root key was removed somehow") }
// The command line uses NotaryRepository's RotateKey - this is just testing // that the correct config variables are passed for the client to rotate // both the targets and snapshot key, and create them locally func TestRotateKeyBothKeys(t *testing.T) { // Temporary directory where test files will be created tempBaseDir, err := ioutil.TempDir("/tmp", "notary-test-") defer os.RemoveAll(tempBaseDir) assert.NoError(t, err, "failed to create a temporary directory: %s", err) gun := "docker.com/notary" ret := passphrase.ConstantRetriever("pass") ts, initialKeys := setUpRepo(t, tempBaseDir, gun, ret) // we won't need this anymore since we are creating keys locally ts.Close() k := &keyCommander{ configGetter: func() (*viper.Viper, error) { v := viper.New() v.SetDefault("trust_dir", tempBaseDir) // won't need a remote server URL, since we are creating local keys return v, nil }, getRetriever: func() passphrase.Retriever { return ret }, } err = k.keysRotate(&cobra.Command{}, []string{gun}) assert.NoError(t, err) repo, err := client.NewNotaryRepository(tempBaseDir, gun, ts.URL, nil, ret) assert.NoError(t, err, "error creating repo: %s", err) cl, err := repo.GetChangelist() assert.NoError(t, err, "unable to get changelist: %v", err) assert.Len(t, cl.List(), 2) // two new keys have been created, and the old keys should still be there newKeys := repo.CryptoService.ListAllKeys() for keyID, role := range initialKeys { r, ok := newKeys[keyID] assert.True(t, ok, "original key %s missing", keyID) assert.Equal(t, role, r) delete(newKeys, keyID) } // there should be 2 keys left assert.Len(t, newKeys, 2) // one for each role var targetsFound, snapshotFound bool for _, role := range newKeys { switch role { case data.CanonicalTargetsRole: targetsFound = true case data.CanonicalSnapshotRole: snapshotFound = true } } assert.True(t, targetsFound, "targets key was not created") assert.True(t, snapshotFound, "snapshot key was not created") }
// The command line uses NotaryRepository's RotateKey - this is just testing // that the correct config variables are passed for the client to request a key // from the remote server. func TestRotateKeyRemoteServerManagesKey(t *testing.T) { for _, role := range []string{data.CanonicalSnapshotRole, data.CanonicalTimestampRole} { setUp(t) // Temporary directory where test files will be created tempBaseDir, err := ioutil.TempDir("/tmp", "notary-test-") defer os.RemoveAll(tempBaseDir) require.NoError(t, err, "failed to create a temporary directory: %s", err) gun := "docker.com/notary" ret := passphrase.ConstantRetriever("pass") ts, initialKeys := setUpRepo(t, tempBaseDir, gun, ret) defer ts.Close() require.Len(t, initialKeys, 3) k := &keyCommander{ configGetter: func() (*viper.Viper, error) { v := viper.New() v.SetDefault("trust_dir", tempBaseDir) v.SetDefault("remote_server.url", ts.URL) return v, nil }, getRetriever: func() notary.PassRetriever { return ret }, rotateKeyServerManaged: true, } require.NoError(t, k.keysRotate(&cobra.Command{}, []string{gun, role, "-r"})) repo, err := client.NewNotaryRepository(tempBaseDir, gun, ts.URL, http.DefaultTransport, ret, trustpinning.TrustPinConfig{}) require.NoError(t, err, "error creating repo: %s", err) cl, err := repo.GetChangelist() require.NoError(t, err, "unable to get changelist: %v", err) require.Len(t, cl.List(), 0, "expected the changes to have been published") finalKeys := repo.CryptoService.ListAllKeys() // no keys have been created, since a remote key was specified if role == data.CanonicalSnapshotRole { require.Len(t, finalKeys, 2) for k, r := range initialKeys { if r != data.CanonicalSnapshotRole { _, ok := finalKeys[k] require.True(t, ok) } } } else { require.Len(t, finalKeys, 3) for k := range initialKeys { _, ok := finalKeys[k] require.True(t, ok) } } } }
func (k *keyCommander) keysRotate(cmd *cobra.Command, args []string) error { if len(args) < 1 { cmd.Usage() return fmt.Errorf("Must specify a GUN") } rotateKeyRole := strings.ToLower(k.rotateKeyRole) var rolesToRotate []string switch rotateKeyRole { case "": rolesToRotate = []string{data.CanonicalSnapshotRole, data.CanonicalTargetsRole} case data.CanonicalSnapshotRole: rolesToRotate = []string{data.CanonicalSnapshotRole} case data.CanonicalTargetsRole: rolesToRotate = []string{data.CanonicalTargetsRole} default: return fmt.Errorf("key rotation not supported for %s keys", k.rotateKeyRole) } if k.rotateKeyServerManaged && rotateKeyRole != data.CanonicalSnapshotRole { return fmt.Errorf( "remote signing/key management is only supported for the snapshot key") } config, err := k.configGetter() if err != nil { return err } gun := args[0] var rt http.RoundTripper if k.rotateKeyServerManaged { // this does not actually push the changes, just creates the keys, but // it creates a key remotely so it needs a transport rt, err = getTransport(config, gun, false) if err != nil { return err } } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, k.getRetriever()) if err != nil { return err } for _, role := range rolesToRotate { if err := nRepo.RotateKey(role, k.rotateKeyServerManaged); err != nil { return err } } return nil }
func (t *tufCommander) tufInit(cmd *cobra.Command, args []string) error { if len(args) < 1 { cmd.Usage() return fmt.Errorf("Must specify a GUN") } config, err := t.configGetter() if err != nil { return err } gun := args[0] rt, err := getTransport(config, gun, false) if err != nil { return err } trustPin, err := getTrustPinning(config) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever, trustPin) if err != nil { return err } rootKeyList := nRepo.CryptoService.ListKeys(data.CanonicalRootRole) var rootKeyID string if len(rootKeyList) < 1 { cmd.Println("No root keys found. Generating a new root key...") rootPublicKey, err := nRepo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey) rootKeyID = rootPublicKey.ID() if err != nil { return err } } else { // Choses the first root key available, which is initialization specific // but should return the HW one first. rootKeyID = rootKeyList[0] cmd.Printf("Root key found, using: %s\n", rootKeyID) } if err = nRepo.Initialize(rootKeyID); err != nil { return err } return nil }
func keysRotate(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("must specify a GUN and target") } parseConfig() gun := args[0] nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, nil, retriever) if err != nil { fatalf(err.Error()) } if err := nRepo.RotateKeys(); err != nil { fatalf(err.Error()) } }
func (k *keyCommander) keysRotate(cmd *cobra.Command, args []string) error { if len(args) < 2 { cmd.Usage() return fmt.Errorf("Must specify a GUN and a key role to rotate") } config, err := k.configGetter() if err != nil { return err } gun := args[0] rotateKeyRole := args[1] rt, err := getTransport(config, gun, readWrite) if err != nil { return err } trustPin, err := getTrustPinning(config) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, k.getRetriever(), trustPin) if err != nil { return err } if rotateKeyRole == data.CanonicalRootRole { cmd.Print("Warning: you are about to rotate your root key.\n\n" + "You must use your old key to sign this root rotation. We recommend that\n" + "you sign all your future root changes with this key as well, so that\n" + "clients can have a smoother update process. Please do not delete\n" + "this key after rotating.\n\n" + "Are you sure you want to proceed? (yes/no) ") if !askConfirm(k.input) { fmt.Fprintln(cmd.Out(), "\nAborting action.") return nil } } return nRepo.RotateKey(rotateKeyRole, k.rotateKeyServerManaged) }
func tufInit(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify a GUN") } gun := args[0] nRepo, err := notaryclient.NewNotaryRepository(viper.GetString("baseTrustDir"), gun, hardcodedBaseURL, getInsecureTransport()) if err != nil { fatalf(err.Error()) } keysList := nRepo.KeyStoreManager.RootKeyStore().ListKeys() var passphrase string var rootKeyID string if len(keysList) < 1 { fmt.Println("No root keys found. Generating a new root key...") passphrase, err = passphraseRetriever() if err != nil { fatalf(err.Error()) } rootKeyID, err = nRepo.KeyStoreManager.GenRootKey("ECDSA", passphrase) if err != nil { fatalf(err.Error()) } } else { rootKeyID = keysList[0] fmt.Println("Root key found.") fmt.Printf("Enter passphrase for: %s (%d)\n", rootKeyID, len(rootKeyID)) passphrase, err = passphraseRetriever() if err != nil { fatalf(err.Error()) } } rootCryptoService, err := nRepo.KeyStoreManager.GetRootCryptoService(rootKeyID, passphrase) if err != nil { fatalf(err.Error()) } nRepo.Initialize(rootCryptoService) if err != nil { fatalf(err.Error()) } }
func (t *tufCommander) tufVerify(cmd *cobra.Command, args []string) error { if len(args) < 2 { cmd.Usage() return fmt.Errorf("Must specify a GUN and target") } config, err := t.configGetter() if err != nil { return err } payload, err := getPayload(t) if err != nil { return err } gun := args[0] targetName := args[1] rt, err := getTransport(config, gun, true) if err != nil { return err } trustPin, err := getTrustPinning(config) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever, trustPin) if err != nil { return err } target, err := nRepo.GetTargetByName(targetName) if err != nil { return fmt.Errorf("error retrieving target by name:%s, error:%v", targetName, err) } if err := data.CheckHashes(payload, targetName, target.Hashes); err != nil { return fmt.Errorf("data not present in the trusted collection, %v", err) } return feedback(t, payload) }
func (t *tufCommander) tufVerify(cmd *cobra.Command, args []string) error { if len(args) < 2 { cmd.Usage() return fmt.Errorf("Must specify a GUN and target") } config, err := t.configGetter() if err != nil { return err } // Reads all of the data on STDIN payload, err := ioutil.ReadAll(os.Stdin) if err != nil { return fmt.Errorf("Error reading content from STDIN: %v", err) } gun := args[0] targetName := args[1] rt, err := getTransport(config, gun, true) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, t.retriever) if err != nil { return err } target, err := nRepo.GetTargetByName(targetName) if err != nil { return fmt.Errorf("error retrieving target by name:%s, error:%v", targetName, err) } // Create hasher and hash data stdinHash := sha256.Sum256(payload) serverHash := target.Hashes["sha256"] if subtle.ConstantTimeCompare(stdinHash[:], serverHash) == 0 { return fmt.Errorf("notary: data not present in the trusted collection") } _, _ = os.Stdout.Write(payload) return nil }
func tufInit(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify a GUN") } gun := args[0] parseConfig() nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, false), retriever) if err != nil { fatalf(err.Error()) } keysMap := nRepo.KeyStoreManager.RootKeyStore().ListKeys() var rootKeyID string if len(keysMap) < 1 { fmt.Println("No root keys found. Generating a new root key...") rootKeyID, err = nRepo.KeyStoreManager.GenRootKey("ECDSA") if err != nil { fatalf(err.Error()) } } else { // TODO(diogo): ask which root key to use for keyID := range keysMap { rootKeyID = keyID } fmt.Printf("Root key found, using: %s\n", rootKeyID) } rootCryptoService, err := nRepo.KeyStoreManager.GetRootCryptoService(rootKeyID) if err != nil { fatalf(err.Error()) } err = nRepo.Initialize(rootCryptoService) if err != nil { fatalf(err.Error()) } }
func tufPublish(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify a GUN") } gun := args[0] fmt.Println("Pushing changes to ", gun, ".") repo, err := notaryclient.NewNotaryRepository(viper.GetString("baseTrustDir"), gun, hardcodedBaseURL, getInsecureTransport()) if err != nil { fatalf(err.Error()) } err = repo.Publish(passphraseRetriever) if err != nil { fatalf(err.Error()) } }
// delegationsList lists all the delegations for a particular GUN func (d *delegationCommander) delegationsList(cmd *cobra.Command, args []string) error { if len(args) != 1 { cmd.Usage() return fmt.Errorf( "Please provide a Global Unique Name as an argument to list") } config, err := d.configGetter() if err != nil { return err } gun := args[0] rt, err := getTransport(config, gun, true) if err != nil { return err } trustPin, err := getTrustPinning(config) if err != nil { return err } // initialize repo with transport to get latest state of the world before listing delegations nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), rt, d.retriever, trustPin) if err != nil { return err } delegationRoles, err := nRepo.GetDelegationRoles() if err != nil { return fmt.Errorf("Error retrieving delegation roles for repository %s: %v", gun, err) } cmd.Println("") prettyPrintRoles(delegationRoles, cmd.Out(), "delegations") cmd.Println("") return nil }
func (t *tufCommander) tufStatus(cmd *cobra.Command, args []string) error { if len(args) < 1 { cmd.Usage() return fmt.Errorf("Must specify a GUN") } config, err := t.configGetter() if err != nil { return err } gun := args[0] trustPin, err := getTrustPinning(config) if err != nil { return err } nRepo, err := notaryclient.NewNotaryRepository( config.GetString("trust_dir"), gun, getRemoteTrustServer(config), nil, t.retriever, trustPin) if err != nil { return err } cl, err := nRepo.GetChangelist() if err != nil { return err } if len(cl.List()) == 0 { cmd.Printf("No unpublished changes for %s\n", gun) return nil } cmd.Printf("Unpublished changes for %s:\n\n", gun) cmd.Printf("%-10s%-10s%-12s%s\n", "action", "scope", "type", "path") cmd.Println("----------------------------------------------------") for _, ch := range cl.List() { cmd.Printf("%-10s%-10s%-12s%s\n", ch.Action(), ch.Scope(), ch.Type(), ch.Path()) } return nil }
func tufRemove(cmd *cobra.Command, args []string) { if len(args) < 2 { cmd.Usage() fatalf("must specify a GUN and target") } gun := args[0] targetName := args[1] parseConfig() repo, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, getTransport(), retriever) if err != nil { fatalf(err.Error()) } err = repo.RemoveTarget(targetName) if err != nil { fatalf(err.Error()) } fmt.Printf("Removal of %s from %s staged for next publish.\n", targetName, gun) }
func tufList(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify a GUN") } parseConfig() gun := args[0] nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trust_dir"), gun, getRemoteTrustServer(), getTransport(gun, true), retriever) if err != nil { fatalf(err.Error()) } // Retreive the remote list of signed targets targetList, err := nRepo.ListTargets() if err != nil { fatalf(err.Error()) } prettyPrintTargets(targetList, cmd.Out()) }
func tufLookup(cmd *cobra.Command, args []string) { if len(args) < 2 { cmd.Usage() fatalf("must specify a GUN and target") } gun := args[0] targetName := args[1] parseConfig() nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, true), retriever) if err != nil { fatalf(err.Error()) } target, err := nRepo.GetTargetByName(targetName) if err != nil { fatalf(err.Error()) } fmt.Println(target.Name, fmt.Sprintf("sha256:%x", target.Hashes["sha256"]), target.Length) }
func tufPublish(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("Must specify a GUN") } gun := args[0] parseConfig() fmt.Println("Pushing changes to ", gun, ".") nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, false), retriever) if err != nil { fatalf(err.Error()) } err = nRepo.Publish() if err != nil { fatalf(err.Error()) } }