remove signature package

+ update loader pkg to support only unsigned loader + update docs
cnabio · Apr 5, 2019 · cfd40da · cfd40da
1 parent 7dac1b3
commit cfd40da
Show file tree

Hide file tree

Showing 48 changed files with 88 additions and 2,185 deletions.
diff --git a/cmd/duffle/export.go b/cmd/duffle/export.go
@@ -78,7 +78,7 @@ func (ex *exportCmd) run() error {
 	return nil
 }
 
-func (ex *exportCmd) Export(bundlefile string, l loader.Loader) error {
+func (ex *exportCmd) Export(bundlefile string, l loader.BundleLoader) error {
 	exp, err := packager.NewExporter(bundlefile, ex.dest, ex.home.Logs(), l, ex.thin)
 	if err != nil {
 		return fmt.Errorf("Unable to set up exporter: %s", err)
@@ -92,13 +92,14 @@ func (ex *exportCmd) Export(bundlefile string, l loader.Loader) error {
 	return nil
 }
 
-func (ex *exportCmd) setup() (string, loader.Loader, error) {
+func (ex *exportCmd) setup() (string, loader.BundleLoader, error) {
+	l := loader.New()
 	bundlefile, err := resolveBundleFilePath(ex.bundle, ex.home.String(), ex.bundleIsFile)
 	if err != nil {
-		return "", nil, err
+		return "", l, err
 	}
 
-	return bundlefile, loader.NewDetectingLoader(), nil
+	return bundlefile, l, nil
 }
 
 func resolveBundleFilePath(bun, homePath string, bundleIsFile bool) (string, error) {

diff --git a/cmd/duffle/import.go b/cmd/duffle/import.go
@@ -62,7 +62,7 @@ func (im *importCmd) run() error {
 		return err
 	}
 
-	l := loader.NewDetectingLoader()
+	l := loader.NewLoader()
 	imp, err := packager.NewImporter(source, dest, l, im.verbose)
 	if err != nil {
 		return err

diff --git a/cmd/duffle/main.go b/cmd/duffle/main.go
@@ -124,7 +124,7 @@ func prepareDriver(driverName string) (driver.Driver, error) {
 }
 
 func loadBundle(bundleFile string) (*bundle.Bundle, error) {
-	l := loader.NewDetectingLoader()
+	l := loader.NewLoader()
 
 	// Issue #439: Errors that come back from the loader can be
 	// pretty opaque.

diff --git a/docs/README.md b/docs/README.md
@@ -4,7 +4,6 @@ The following documentation is available:
 
 1. Guides
     1. [Bundle development guide](guides/bundle-guide.md)
-    2. [Signing and verifying guide](guides/signing-guide.md)
 2. [Duffle Proposals](./proposal/200-duffle.md): The CNAB reference implementation
     1. [Credential Sets](./proposal/201-credentialset.md)
     2. [Drivers](./proposal/202-drivers.md)

diff --git a/docs/guides/bundle-guide.md b/docs/guides/bundle-guide.md
@@ -95,9 +95,6 @@ After the bundle has been built, we can inspect the bundle:
 
 ```console
 $ duffle show helloworld:0.1.0 -r
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 {
   "name": "helloworld",
   "version": "0.1.0",
@@ -112,23 +109,8 @@ Hash: SHA256
   "parameters": null,
   "credentials": null
 }
------BEGIN PGP SIGNATURE-----
-
-wsDcBAEBCAAQBQJb9ErXCRA58VPKJbKbxwAARqYMADtWlk3aLj/NVxNpd3GaqlI6
-tUiW/1T5zIFEWYsJgSC3ammN9z266Uf2q+tDC+jt7A5+sZTGHujn/8FCuURLRkp7
-UVU7ot1xJb8nWUyDLeZjX6yG+eI7XbqjIbt17+bp59XYVRlgJtT1/gLxqm1gh8IQ
-D2TLeuOdfI3bstupFEN7AoZWPG5XTYbtQCC9TdBLw70LLGl2f7L4Ll7RFDEJEjx+
-NVCjJEWaYAw7DP1kHUpl67vhkFVeptnbr99uC9aEFUo6fImeuczIU0S9K9g+2Vxf
-wcs+XgWKDBkAN9hF/tnaIVsIeHrPJZ9oviEbYDeVqIKUlUBBbNblVTVnjC7shfjF
-1SQ4AGhkIgf9gFan7KkERlAp3dcjh5XDgZ7/ijVGGItlbIE1p8+KBm2FRwJfox69
-L9aitybWBnt5EIm3w4YIYsMuMZuPM/0taoKH9nzNv4lQsKYqeX6tOD36aDx4fys1
-NSKekvE5KfHYU3t+3rUtJRphoVsSr3cNFldsVCVuzQ==
-=iFSF
------END PGP SIGNATURE-----
 ```
 
-As shown by the output, `duffle build` cryptographically signs the bundle to ensure that it has not been tampered with.
-
 ## Watch it Work
 
 ```console

diff --git a/docs/guides/signing-guide.md b/docs/guides/signing-guide.md
diff --git a/docs/proposal/200-duffle.md b/docs/proposal/200-duffle.md
@@ -74,7 +74,7 @@ For operations that execute this installation image (install, upgrade, etc.), th
 
 - Load the parameters and credential set definitions
 - Load the claim (if necessary)
-- Load the `bundle.json`. If signed, verify it before parsing the body
+- Load the `bundle.json`.
 - Locate the invocation image
 - Validate the parameters and credentials
 - Prepare the invocation image, mounting the parameters and credentials, as well as the claim data

diff --git a/pkg/bundle/bundle.go b/pkg/bundle/bundle.go
@@ -25,7 +25,6 @@ type Bundle struct {
 	Credentials      map[string]Location            `json:"credentials" mapstructure:"credentials"`
 }
 
-//Unmarshal unmarshals a Bundle that was not signed.
 func Unmarshal(data []byte) (*Bundle, error) {
 	b := &Bundle{}
 	return b, json.Unmarshal(data, b)
@@ -40,15 +39,14 @@ func ParseReader(r io.Reader) (Bundle, error) {
 
 // WriteFile serializes the bundle and writes it to a file as JSON.
 func (b Bundle) WriteFile(dest string, mode os.FileMode) error {
-	// FIXME: The marshal here should exactly match the Marshal in the signature code.
 	d, err := json.MarshalCanonical(b)
 	if err != nil {
 		return err
 	}
 	return ioutil.WriteFile(dest, d, mode)
 }
 
-// WriteTo writes unsigned JSON to an io.Writer using the standard formatting.
+// WriteTo writes JSON to an io.Writer using the standard formatting.
 func (b Bundle) WriteTo(w io.Writer) (int64, error) {
 	d, err := json.MarshalCanonical(b)
 	if err != nil {

diff --git a/pkg/loader/detecting_loader.go b/pkg/loader/detecting_loader.go
diff --git a/pkg/loader/detecting_loader_test.go b/pkg/loader/detecting_loader_test.go