-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle delegation roles when signing images with notary #568
Conversation
7c383a6
to
595e804
Compare
02b776c
to
0d28038
Compare
@@ -39,28 +41,34 @@ func (a *AuthenticatingRoundTripper) RoundTrip(req *http.Request) (*http.Respons | |||
|
|||
header := resp.Header.Get("www-authenticate") | |||
parts := strings.SplitN(header, " ", 2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should len(parts) == 2
be checked?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not checking it here because I assume the response is well formed as Bearer options...
. That seems like a fair assumption to me, but I totally hear you.
#### Generate Signing Key | ||
To generate a singing key, use the following commands from the [Docker Content Trust](https://docs.docker.com/engine/security/trust/#signing-images-with-docker-content-trust) documentation: | ||
```shell script | ||
% export DOCKER_CONTENT_TRUST_SERVER=<notary-server-url> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason to recommend the docker cli here vs notary?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using the docker CLI is significantly easier. I also suspect thats what most users will use.
@@ -103,6 +111,15 @@ func (a *AuthenticatingRoundTripper) RoundTrip(req *http.Request) (*http.Respons | |||
return a.WrappedRoundTripper.RoundTrip(req) | |||
} | |||
|
|||
func extractBearerOption(kind string, from string) (string, error) { | |||
r := regexp.MustCompile(fmt.Sprintf(`%s="(.*?)"`, kind)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting evolution here as the result of multiple scopes.
No description provided.