remove signature support from duffle cmds

cmd/duffle/build.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -15,6 +14,7 @@ import (
 	dockerflags "github.com/docker/cli/cli/flags"
 	"github.com/docker/cli/opts"
 	"github.com/docker/go-connections/tlsconfig"
+	"github.com/docker/go/canonical/json"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 
@@ -28,7 +28,6 @@ import (
 	"github.com/deislabs/duffle/pkg/imagebuilder/mock"
 	"github.com/deislabs/duffle/pkg/ohai"
 	"github.com/deislabs/duffle/pkg/repo"
-	"github.com/deislabs/duffle/pkg/signature"
 )
 
 const buildDesc = `
@@ -50,7 +49,6 @@ type buildCmd struct {
 	out        io.Writer
 	src        string
 	home       home.Home
-	signer     string
 	outputFile string
 
 	// options common to the docker client and the daemon.
@@ -87,7 +85,6 @@ func newBuildCmd(out io.Writer) *cobra.Command {
 	}
 
 	f = cmd.Flags()
-	f.StringVarP(&build.signer, "user", "u", "", "the user ID of the signing key to use. Format is either email address or 'NAME (COMMENT) <EMAIL>'")
 	f.StringVarP(&build.outputFile, "output-file", "o", "", "If set, writes the bundle to this file in addition to saving it to the local store")
 
 	f.BoolVar(&build.dockerClientOptions.Common.Debug, "docker-debug", false, "Enable debug mode")
@@ -152,30 +149,11 @@ func (b *buildCmd) run() (err error) {
 }
 
 func (b *buildCmd) writeBundle(bf *bundle.Bundle) (string, error) {
-	kr, err := signature.LoadKeyRing(b.home.SecretKeyRing())
+	data, err := json.MarshalCanonical(bf)
 	if err != nil {
-		return "", fmt.Errorf("cannot load keyring: %s", err)
-	}
-
-	if kr.Len() == 0 {
-		return "", errors.New("no signing keys are present in the keyring")
-	}
-
-	// Default to the first key in the ring unless the user specifies otherwise.
-	key := kr.Keys()[0]
-	if b.signer != "" {
-		key, err = kr.Key(b.signer)
-		if err != nil {
-			return "", err
-		}
-	}
-
-	sign := signature.NewSigner(key)
-	data, err := sign.Clearsign(bf)
-	data = append(data, '\n')
-	if err != nil {
-		return "", fmt.Errorf("cannot sign bundle: %s", err)
+		return "", err
 	}
+	data = append(data, '\n') //TODO: why?
 
 	digest, err := digest.OfBuffer(data)
 	if err != nil {

cmd/duffle/build_test.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"bytes"
-	"errors"
 	"io"
 	"io/ioutil"
 	"os"
@@ -11,9 +10,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/deislabs/duffle/pkg/duffle/home"
 	"github.com/deislabs/duffle/pkg/repo"
-	"github.com/deislabs/duffle/pkg/signature"
 )
 
 func TestBuild(t *testing.T) {
@@ -54,14 +51,11 @@ func TestBuild(t *testing.T) {
 		out:  out,
 	}
 
-	// Create temporary signing key
-	mockSigningKeyring(testHome.String(), t)
-
 	if err := cmd.run(); err != nil {
 		t.Errorf("Expected no error but got err: %s", err)
 	}
 
-	// Verify that the bundle exists and is signed
+	// Verify that the bundle exists
 	is := assert.New(t)
 
 	index, err := repo.LoadIndex(testHome.Repositories())
@@ -77,22 +71,6 @@ func TestBuild(t *testing.T) {
 
 	loc := filepath.Join(testHome.Bundles(), digest)
 	is.FileExists(loc)
-	data, err := ioutil.ReadFile(loc)
+	_, err = ioutil.ReadFile(loc)
 	is.NoError(err)
-	is.Contains(string(data), "---BEGIN PGP SIGNED MESSAGE----")
-}
-
-func mockSigningKeyring(tempHome string, t *testing.T) {
-	t.Helper()
-	uid, err := signature.ParseUserID("fake <fake@example.com>")
-	if err != nil {
-		t.Fatal(err)
-	}
-	ring := signature.CreateKeyRing(func(a string) ([]byte, error) { return nil, errors.New("not implemented") })
-	key, err := signature.CreateKey(uid)
-	if err != nil {
-		t.Fatal(err)
-	}
-	ring.AddKey(key)
-	ring.SavePrivate(home.Home(tempHome).SecretKeyRing(), true)
 }

cmd/duffle/bundle.go

@@ -21,8 +21,6 @@ func newBundleCmd(w io.Writer) *cobra.Command {
 		newBundleListCmd(w),
 		newInstallCmd(w),
 		newBundleShowCmd(w),
-		newBundleSignCmd(w),
-		newBundleVerifyCmd(w),
 		newBundleRemoveCmd(w),
 	)
 	return cmd

cmd/duffle/bundle_list.go

@@ -34,7 +34,6 @@ type NamedRepository struct {
 	name   string
 	tag    string
 	digest string
-	signed bool
 }
 
 // Name returns the full name.
@@ -57,11 +56,6 @@ func (n *NamedRepository) Digest() string {
 	return n.digest
 }
 
-// IsSigned determines whether or not the bundle is signed.
-func (n *NamedRepository) IsSigned() bool {
-	return n.signed
-}
-
 func newBundleListCmd(w io.Writer) *cobra.Command {
 	var short bool
 	cmd := &cobra.Command{
@@ -83,9 +77,9 @@ func newBundleListCmd(w io.Writer) *cobra.Command {
 			}
 
 			table := uitable.New()
-			table.AddRow("NAME", "VERSION", "DIGEST", "SIGNED?")
+			table.AddRow("NAME", "VERSION", "DIGEST")
 			for _, ref := range references {
-				table.AddRow(ref.Name(), ref.Tag(), ref.Digest(), ref.IsSigned())
+				table.AddRow(ref.Name(), ref.Tag(), ref.Digest())
 			}
 			fmt.Fprintln(w, table)
 
@@ -107,16 +101,14 @@ func searchLocal(home home.Home) (NamedRepositoryList, error) {
 
 	for repo, tagList := range index {
 		for tag, digest := range tagList {
-			isSigned := true
-			_, err := loadBundle(filepath.Join(home.Bundles(), digest), true)
-			if err == ErrNotSigned {
-				isSigned = false
+			_, err := loadBundle(filepath.Join(home.Bundles(), digest))
+			if err != nil {
+				return nil, err
 			}
 			references = append(references, &NamedRepository{
 				repo,
 				tag,
 				digest,
-				isSigned,
 			})
 		}
 	}

cmd/duffle/bundle_remove_test.go

@@ -19,7 +19,7 @@ func TestBundleRemove(t *testing.T) {
 	if err := os.MkdirAll(duffleHome.Bundles(), 0755); err != nil {
 		t.Fatal(err)
 	}
-	if err := copySignedTestBundle(tempDuffleHome); err != nil {
+	if err := copyTestBundle(tempDuffleHome); err != nil {
 		t.Fatal(err)
 	}
 
@@ -33,7 +33,7 @@ func TestBundleRemove(t *testing.T) {
 		t.Errorf("Did not expect error, got %s", err)
 	}
 
-	if _, err := os.Stat(filepath.Join(cmd.home.Bundles(), "foo-1.0.0.cnab")); !os.IsNotExist(err) {
+	if _, err := os.Stat(filepath.Join(cmd.home.Bundles(), "foo-1.0.0.json")); !os.IsNotExist(err) {
 		t.Errorf("Expected bundle file to be removed from local store but was not")
 	}
 }

cmd/duffle/bundle_show.go

@@ -11,10 +11,9 @@ import (
 const bundleShowShortUsage = `return low-level information on application bundles`
 
 type bundleShowCmd struct {
-	name     string
-	insecure bool
-	raw      bool
-	w        io.Writer
+	name string
+	raw  bool
+	w    io.Writer
 }
 
 func newBundleShowCmd(w io.Writer) *cobra.Command {
@@ -34,7 +33,6 @@ func newBundleShowCmd(w io.Writer) *cobra.Command {
 	}
 
 	flags := cmd.Flags()
-	flags.BoolVarP(&bsc.insecure, "insecure", "k", false, "Do not verify the bundle (INSECURE)")
 	flags.BoolVarP(&bsc.raw, "raw", "r", false, "Display the raw bundle manifest")
 
 	return cmd
@@ -51,13 +49,11 @@ func (bsc *bundleShowCmd) usage(bundleSubCommand bool) string {
 	Example:
 		$ duffle %s duffle/example:0.1.0
 
-	To display unsigned bundles, pass the --insecure flag:
-		$ duffle %s duffle/unsinged-example:0.1.0 --insecure
-`, commandName, commandName)
+`, commandName)
 }
 
 func (bsc *bundleShowCmd) run() error {
-	bundleFile, err := getBundleFilepath(bsc.name, homePath(), bsc.insecure)
+	bundleFile, err := getBundleFilepath(bsc.name, homePath())
 	if err != nil {
 		return err
 	}
@@ -72,7 +68,7 @@ func (bsc *bundleShowCmd) run() error {
 		return err
 	}
 
-	bun, err := loadBundle(bundleFile, bsc.insecure)
+	bun, err := loadBundle(bundleFile)
 	if err != nil {
 		return err
 	}