func init() { yubikey.SetYubikeyKeyMode(yubikey.KeymodeNone) regRetriver := passphrase.PromptRetriever() _retriever := func(k, a string, c bool, n int) (string, bool, error) { if k == "Yubikey" { return regRetriver(k, a, c, n) } return testPassphrase, false, nil } // best effort at removing keys here, so nil is fine s, err := yubikey.NewYubiKeyStore(nil, _retriever) if err != nil { for k := range s.ListKeys() { s.RemoveKey(k) } } NewNotaryCommand = func() *cobra.Command { commander := ¬aryCommander{ getRetriever: func() passphrase.Retriever { return _retriever }, } return commander.GetCommand() } }
func getPassphraseRetriever() passphrase.Retriever { baseRetriever := passphrase.PromptRetriever() env := map[string]string{ "root": os.Getenv("NOTARY_ROOT_PASSPHRASE"), "targets": os.Getenv("NOTARY_TARGETS_PASSPHRASE"), "snapshot": os.Getenv("NOTARY_SNAPSHOT_PASSPHRASE"), } return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) { if v := env[alias]; v != "" { return v, numAttempts > 1, nil } return baseRetriever(keyName, alias, createNew, numAttempts) } }
func getPassphraseRetriever() notary.PassRetriever { baseRetriever := passphrase.PromptRetriever() env := map[string]string{ "root": os.Getenv("NOTARY_ROOT_PASSPHRASE"), "targets": os.Getenv("NOTARY_TARGETS_PASSPHRASE"), "snapshot": os.Getenv("NOTARY_SNAPSHOT_PASSPHRASE"), "delegation": os.Getenv("NOTARY_DELEGATION_PASSPHRASE"), } return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) { if v := env[alias]; v != "" { return v, numAttempts > 1, nil } // For delegation roles, we can also try the "delegation" alias if it is specified // Note that we don't check if the role name is for a delegation to allow for names like "user" // since delegation keys can be shared across repositories if v := env["delegation"]; v != "" { return v, numAttempts > 1, nil } return baseRetriever(keyName, alias, createNew, numAttempts) } }