From 2de53a896266b79c72501658c1a006df0b07b276 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Tue, 3 Apr 2018 16:02:42 +0100
Subject: [PATCH] script: Update push-manifest.sh to use NOTARY_AUTH

Prior to notary 0.6.0, notary expected a terminal and only accepted
username/password interactively. With notary 0.6.0 this can now be
passed as en environment variable 'NOTARY_AUTH' in the form of
a base64 encoded 'username:password'.

This commit removes the ugly 'expect' hack in favour of the much
cleaner use of an environment variable.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 scripts/push-manifest.sh | 46 +++++-----------------------------------
 1 file changed, 5 insertions(+), 41 deletions(-)

diff --git a/scripts/push-manifest.sh b/scripts/push-manifest.sh
index 9600f7978..edb499375 100755
--- a/scripts/push-manifest.sh
+++ b/scripts/push-manifest.sh
@@ -64,49 +64,13 @@ fi
 SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2)
 LEN=$(echo "$OUT" | cut -d' ' -f3)
 
-# Notary requires a PTY for username/password so use expect for that.
+# notary 0.6.0 accepts authentication as base64-encoded "username:password"
+export NOTARY_AUTH=$(echo "$USER:$PASS" | base64)
 export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"
-NOTARY_CMD="notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
-             -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
-             -r targets/releases"
 
-echo '
-spawn '"$NOTARY_CMD"'
-set pid [exp_pid]
-set timeout 60
-expect {
-    timeout {
-        puts "Expected username prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    "username: " {
-        send "'"$USER"'\n"
-    }
-}
-expect {
-    timeout {
-        puts "Expected password prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    "password: " {
-        send "'"$PASS"'\n"
-    }
-}
-expect {
-    timeout {
-        puts "Expected password prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    eof {
-    }
-}
-set waitval [wait -i $spawn_id]
-set exval [lindex $waitval 3]
-exit $exval
-' | expect -f -
+notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
+       -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
+       -r targets/releases
 
 echo
 echo "New signed multi-arch image: $REPO:$TAG"