github.com/campoy/docker@v1.8.0-rc1/integration-cli/trust_server.go (about) 1 package main 2 3 import ( 4 "fmt" 5 "io/ioutil" 6 "net" 7 "net/http" 8 "os" 9 "os/exec" 10 "path/filepath" 11 "strings" 12 "time" 13 14 "github.com/docker/docker/pkg/tlsconfig" 15 "github.com/go-check/check" 16 ) 17 18 var notaryBinary = "notary-server" 19 20 type testNotary struct { 21 cmd *exec.Cmd 22 dir string 23 } 24 25 func newTestNotary(c *check.C) (*testNotary, error) { 26 template := `{ 27 "server": { 28 "addr": "%s", 29 "tls_key_file": "fixtures/notary/localhost.key", 30 "tls_cert_file": "fixtures/notary/localhost.cert" 31 }, 32 "trust_service": { 33 "type": "local", 34 "hostname": "", 35 "port": "" 36 }, 37 "logging": { 38 "level": 5 39 } 40 }` 41 tmp, err := ioutil.TempDir("", "notary-test-") 42 if err != nil { 43 return nil, err 44 } 45 confPath := filepath.Join(tmp, "config.json") 46 config, err := os.Create(confPath) 47 if err != nil { 48 return nil, err 49 } 50 if _, err := fmt.Fprintf(config, template, "localhost:4443"); err != nil { 51 os.RemoveAll(tmp) 52 return nil, err 53 } 54 55 cmd := exec.Command(notaryBinary, "-config", confPath) 56 if err := cmd.Start(); err != nil { 57 os.RemoveAll(tmp) 58 if os.IsNotExist(err) { 59 c.Skip(err.Error()) 60 } 61 return nil, err 62 } 63 64 testNotary := &testNotary{ 65 cmd: cmd, 66 dir: tmp, 67 } 68 69 // Wait for notary to be ready to serve requests. 70 for i := 1; i <= 5; i++ { 71 if err = testNotary.Ping(); err == nil { 72 break 73 } 74 time.Sleep(10 * time.Millisecond * time.Duration(i*i)) 75 } 76 77 if err != nil { 78 c.Fatalf("Timeout waiting for test notary to become available: %s", err) 79 } 80 81 return testNotary, nil 82 } 83 84 func (t *testNotary) address() string { 85 return "localhost:4443" 86 } 87 88 func (t *testNotary) Ping() error { 89 tlsConfig := tlsconfig.ClientDefault 90 tlsConfig.InsecureSkipVerify = true 91 client := http.Client{ 92 Transport: &http.Transport{ 93 Proxy: http.ProxyFromEnvironment, 94 Dial: (&net.Dialer{ 95 Timeout: 30 * time.Second, 96 KeepAlive: 30 * time.Second, 97 }).Dial, 98 TLSHandshakeTimeout: 10 * time.Second, 99 TLSClientConfig: &tlsConfig, 100 }, 101 } 102 resp, err := client.Get(fmt.Sprintf("https://%s/v2/", t.address())) 103 if err != nil { 104 return err 105 } 106 if resp.StatusCode != 200 { 107 return fmt.Errorf("notary ping replied with an unexpected status code %d", resp.StatusCode) 108 } 109 return nil 110 } 111 112 func (t *testNotary) Close() { 113 t.cmd.Process.Kill() 114 os.RemoveAll(t.dir) 115 } 116 117 func (s *DockerTrustSuite) trustedCmd(cmd *exec.Cmd) { 118 pwd := "12345678" 119 trustCmdEnv(cmd, s.not.address(), pwd, pwd, pwd) 120 } 121 122 func (s *DockerTrustSuite) trustedCmdWithServer(cmd *exec.Cmd, server string) { 123 pwd := "12345678" 124 trustCmdEnv(cmd, server, pwd, pwd, pwd) 125 } 126 127 func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, snapshotPwd, targetPwd string) { 128 trustCmdEnv(cmd, s.not.address(), rootPwd, snapshotPwd, targetPwd) 129 } 130 131 func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) { 132 env := []string{ 133 "DOCKER_CONTENT_TRUST=1", 134 fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server), 135 fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd), 136 fmt.Sprintf("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd), 137 fmt.Sprintf("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE=%s", targetPwd), 138 } 139 cmd.Env = append(os.Environ(), env...) 140 } 141 142 func (s *DockerTrustSuite) setupTrustedImage(c *check.C, name string) string { 143 repoName := fmt.Sprintf("%v/dockercli/%s:latest", privateRegistryURL, name) 144 // tag the image and upload it to the private registry 145 dockerCmd(c, "tag", "busybox", repoName) 146 147 pushCmd := exec.Command(dockerBinary, "push", repoName) 148 s.trustedCmd(pushCmd) 149 out, _, err := runCommandWithOutput(pushCmd) 150 if err != nil { 151 c.Fatalf("Error running trusted push: %s\n%s", err, out) 152 } 153 if !strings.Contains(string(out), "Signing and pushing trust metadata") { 154 c.Fatalf("Missing expected output on trusted push:\n%s", out) 155 } 156 157 if out, status := dockerCmd(c, "rmi", repoName); status != 0 { 158 c.Fatalf("Error removing image %q\n%s", repoName, out) 159 } 160 161 return repoName 162 }