github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 01:59:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2983 from rn/notary-up

Browse Source 
Use NOTARY_AUTH instead of the expect gymnastics
This commit is contained in:
Rolf Neugebauer 2018-04-03 17:39:49 +01:00 committed by GitHub
commit 28cd642798
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
scripts/push-manifest.sh
View File

@ -64,49 +64,13 @@ fi
SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2) SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2)
LEN=$(echo "$OUT" | cut -d' ' -f3) LEN=$(echo "$OUT" | cut -d' ' -f3)
# Notary requires a PTY for username/password so use expect for that. # notary 0.6.0 accepts authentication as base64-encoded "username:password"
export NOTARY_AUTH=$(echo "$USER:$PASS" | base64)
export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE" export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"
NOTARY_CMD="notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
-p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
-r targets/releases"
echo ' notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
spawn '"$NOTARY_CMD"' -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
set pid [exp_pid] -r targets/releases
set timeout 60
expect {
timeout {
puts "Expected username prompt"
exec kill -9 $pid
exit 1
}
"username: " {
send "'"$USER"'\n"
}
}
expect {
timeout {
puts "Expected password prompt"
exec kill -9 $pid
exit 1
}
"password: " {
send "'"$PASS"'\n"
}
}
expect {
timeout {
puts "Expected password prompt"
exec kill -9 $pid
exit 1
}
eof {
}
}
set waitval [wait -i $spawn_id]
set exval [lindex $waitval 3]
exit $exval
' | expect -f -
echo echo
echo "New signed multi-arch image: $REPO:$TAG" echo "New signed multi-arch image: $REPO:$TAG"

46
src/cmd/linuxkit/pkglib/manifest_push_script.go
View File

@ -67,49 +67,13 @@ fi
SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2) SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2)
LEN=$(echo "$OUT" | cut -d' ' -f3) LEN=$(echo "$OUT" | cut -d' ' -f3)
# Notary requires a PTY for username/password so use expect for that. # notary 0.6.0 accepts authentication as base64-encoded "username:password"
export NOTARY_AUTH=$(echo "$USER:$PASS" | base64)
export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE" export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"
NOTARY_CMD="notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
-p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
-r targets/releases"
echo ' notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
spawn '"$NOTARY_CMD"' -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
set pid [exp_pid] -r targets/releases
set timeout 60
expect {
timeout {
puts "Expected username prompt"
exec kill -9 $pid
exit 1
}
"username: " {
send "'"$USER"'\n"
}
}
expect {
timeout {
puts "Expected password prompt"
exec kill -9 $pid
exit 1
}
"password: " {
send "'"$PASS"'\n"
}
}
expect {
timeout {
puts "Expected password prompt"
exec kill -9 $pid
exit 1
}
eof {
}
}
set waitval [wait -i $spawn_id]
set exval [lindex $waitval 3]
exit $exval
' | expect -f -
echo echo
echo "New signed multi-arch image: $REPO:$TAG" echo "New signed multi-arch image: $REPO:$TAG"