Fixes #10442
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
... | ... |
@@ -17,7 +17,6 @@ import ( |
17 | 17 |
flag "github.com/docker/docker/pkg/mflag" |
18 | 18 |
"github.com/docker/docker/pkg/term" |
19 | 19 |
"github.com/docker/docker/registry" |
20 |
- "github.com/docker/libtrust" |
|
21 | 20 |
) |
22 | 21 |
|
23 | 22 |
type DockerCli struct { |
... | ... |
@@ -27,7 +26,7 @@ type DockerCli struct { |
27 | 27 |
in io.ReadCloser |
28 | 28 |
out io.Writer |
29 | 29 |
err io.Writer |
30 |
- key libtrust.PrivateKey |
|
30 |
+ keyFile string |
|
31 | 31 |
tlsConfig *tls.Config |
32 | 32 |
scheme string |
33 | 33 |
// inFd holds file descriptor of the client's STDIN, if it's a valid file |
... | ... |
@@ -122,7 +121,7 @@ func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error { |
122 | 122 |
return nil |
123 | 123 |
} |
124 | 124 |
|
125 |
-func NewDockerCli(in io.ReadCloser, out, err io.Writer, key libtrust.PrivateKey, proto, addr string, tlsConfig *tls.Config) *DockerCli { |
|
125 |
+func NewDockerCli(in io.ReadCloser, out, err io.Writer, keyFile string, proto, addr string, tlsConfig *tls.Config) *DockerCli { |
|
126 | 126 |
var ( |
127 | 127 |
inFd uintptr |
128 | 128 |
outFd uintptr |
... | ... |
@@ -177,7 +176,7 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, key libtrust.PrivateKey, |
177 | 177 |
in: in, |
178 | 178 |
out: out, |
179 | 179 |
err: err, |
180 |
- key: key, |
|
180 |
+ keyFile: keyFile, |
|
181 | 181 |
inFd: inFd, |
182 | 182 |
outFd: outFd, |
183 | 183 |
isTerminalIn: isTerminalIn, |
... | ... |
@@ -1191,6 +1191,10 @@ func (cli *DockerCli) CmdPush(args ...string) error { |
1191 | 1191 |
name := cmd.Arg(0) |
1192 | 1192 |
|
1193 | 1193 |
cli.LoadConfigFile() |
1194 |
+ trustKey, err := api.LoadOrCreateTrustKey(cli.keyFile) |
|
1195 |
+ if err != nil { |
|
1196 |
+ log.Fatal(err) |
|
1197 |
+ } |
|
1194 | 1198 |
|
1195 | 1199 |
remote, tag := parsers.ParseRepositoryTag(name) |
1196 | 1200 |
|
... | ... |
@@ -1225,7 +1229,7 @@ func (cli *DockerCli) CmdPush(args ...string) error { |
1225 | 1225 |
if err != nil { |
1226 | 1226 |
return err |
1227 | 1227 |
} |
1228 |
- err = js.Sign(cli.key) |
|
1228 |
+ err = js.Sign(trustKey) |
|
1229 | 1229 |
if err != nil { |
1230 | 1230 |
return err |
1231 | 1231 |
} |
... | ... |
@@ -79,11 +79,6 @@ func main() { |
79 | 79 |
} |
80 | 80 |
protoAddrParts := strings.SplitN(flHosts[0], "://", 2) |
81 | 81 |
|
82 |
- trustKey, err := api.LoadOrCreateTrustKey(*flTrustKey) |
|
83 |
- if err != nil { |
|
84 |
- log.Fatal(err) |
|
85 |
- } |
|
86 |
- |
|
87 | 82 |
var ( |
88 | 83 |
cli *client.DockerCli |
89 | 84 |
tlsConfig tls.Config |
... | ... |
@@ -125,9 +120,9 @@ func main() { |
125 | 125 |
} |
126 | 126 |
|
127 | 127 |
if *flTls || *flTlsVerify { |
128 |
- cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig) |
|
128 |
+ cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig) |
|
129 | 129 |
} else { |
130 |
- cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], nil) |
|
130 |
+ cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, *flTrustKey, protoAddrParts[0], protoAddrParts[1], nil) |
|
131 | 131 |
} |
132 | 132 |
|
133 | 133 |
if err := cli.Cmd(flag.Args()...); err != nil { |
... | ... |
@@ -383,6 +383,9 @@ func TestDaemonKeyMigration(t *testing.T) { |
383 | 383 |
if err != nil { |
384 | 384 |
t.Fatalf("Error generating private key: %s", err) |
385 | 385 |
} |
386 |
+ if err := os.MkdirAll(filepath.Join(os.Getenv("HOME"), ".docker"), 0755); err != nil { |
|
387 |
+ t.Fatalf("Error creating .docker directory: %s", err) |
|
388 |
+ } |
|
386 | 389 |
if err := libtrust.SaveKey(filepath.Join(os.Getenv("HOME"), ".docker", "key.json"), k1); err != nil { |
387 | 390 |
t.Fatalf("Error saving private key: %s", err) |
388 | 391 |
} |
... | ... |
@@ -14,7 +14,6 @@ import ( |
14 | 14 |
"github.com/docker/docker/daemon" |
15 | 15 |
"github.com/docker/docker/pkg/term" |
16 | 16 |
"github.com/docker/docker/utils" |
17 |
- "github.com/docker/libtrust" |
|
18 | 17 |
"github.com/kr/pty" |
19 | 18 |
) |
20 | 19 |
|
... | ... |
@@ -122,12 +121,7 @@ func TestRunDetach(t *testing.T) { |
122 | 122 |
t.Fatal(err) |
123 | 123 |
} |
124 | 124 |
|
125 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
126 |
- if err != nil { |
|
127 |
- t.Fatal(err) |
|
128 |
- } |
|
129 |
- |
|
130 |
- cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
125 |
+ cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
131 | 126 |
defer cleanup(globalEngine, t) |
132 | 127 |
|
133 | 128 |
ch := make(chan struct{}) |
... | ... |
@@ -177,12 +171,7 @@ func TestAttachDetach(t *testing.T) { |
177 | 177 |
t.Fatal(err) |
178 | 178 |
} |
179 | 179 |
|
180 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
181 |
- if err != nil { |
|
182 |
- t.Fatal(err) |
|
183 |
- } |
|
184 |
- |
|
185 |
- cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
180 |
+ cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
186 | 181 |
defer cleanup(globalEngine, t) |
187 | 182 |
|
188 | 183 |
ch := make(chan struct{}) |
... | ... |
@@ -219,7 +208,7 @@ func TestAttachDetach(t *testing.T) { |
219 | 219 |
t.Fatal(err) |
220 | 220 |
} |
221 | 221 |
|
222 |
- cli = client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
222 |
+ cli = client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
223 | 223 |
|
224 | 224 |
ch = make(chan struct{}) |
225 | 225 |
go func() { |
... | ... |
@@ -270,12 +259,7 @@ func TestAttachDetachTruncatedID(t *testing.T) { |
270 | 270 |
t.Fatal(err) |
271 | 271 |
} |
272 | 272 |
|
273 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
274 |
- if err != nil { |
|
275 |
- t.Fatal(err) |
|
276 |
- } |
|
277 |
- |
|
278 |
- cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
273 |
+ cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
279 | 274 |
defer cleanup(globalEngine, t) |
280 | 275 |
|
281 | 276 |
// Discard the CmdRun output |
... | ... |
@@ -297,7 +281,7 @@ func TestAttachDetachTruncatedID(t *testing.T) { |
297 | 297 |
t.Fatal(err) |
298 | 298 |
} |
299 | 299 |
|
300 |
- cli = client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
300 |
+ cli = client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
301 | 301 |
|
302 | 302 |
ch := make(chan struct{}) |
303 | 303 |
go func() { |
... | ... |
@@ -347,12 +331,7 @@ func TestAttachDisconnect(t *testing.T) { |
347 | 347 |
t.Fatal(err) |
348 | 348 |
} |
349 | 349 |
|
350 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
351 |
- if err != nil { |
|
352 |
- t.Fatal(err) |
|
353 |
- } |
|
354 |
- |
|
355 |
- cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
350 |
+ cli := client.NewDockerCli(tty, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
356 | 351 |
defer cleanup(globalEngine, t) |
357 | 352 |
|
358 | 353 |
go func() { |
... | ... |
@@ -421,11 +400,8 @@ func TestAttachDisconnect(t *testing.T) { |
421 | 421 |
func TestRunAutoRemove(t *testing.T) { |
422 | 422 |
t.Skip("Fixme. Skipping test for now, race condition") |
423 | 423 |
stdout, stdoutPipe := io.Pipe() |
424 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
425 |
- if err != nil { |
|
426 |
- t.Fatal(err) |
|
427 |
- } |
|
428 |
- cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, key, testDaemonProto, testDaemonAddr, nil) |
|
424 |
+ |
|
425 |
+ cli := client.NewDockerCli(nil, stdoutPipe, ioutil.Discard, "", testDaemonProto, testDaemonAddr, nil) |
|
429 | 426 |
defer cleanup(globalEngine, t) |
430 | 427 |
|
431 | 428 |
c := make(chan struct{}) |
... | ... |
@@ -9,7 +9,6 @@ import ( |
9 | 9 |
"time" |
10 | 10 |
|
11 | 11 |
"github.com/docker/docker/api/client" |
12 |
- "github.com/docker/libtrust" |
|
13 | 12 |
) |
14 | 13 |
|
15 | 14 |
const ( |
... | ... |
@@ -38,11 +37,7 @@ func getTlsConfig(certFile, keyFile string, t *testing.T) *tls.Config { |
38 | 38 |
|
39 | 39 |
// TestHttpsInfo connects via two-way authenticated HTTPS to the info endpoint |
40 | 40 |
func TestHttpsInfo(t *testing.T) { |
41 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
42 |
- if err != nil { |
|
43 |
- t.Fatal(err) |
|
44 |
- } |
|
45 |
- cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, key, testDaemonProto, |
|
41 |
+ cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto, |
|
46 | 42 |
testDaemonHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t)) |
47 | 43 |
|
48 | 44 |
setTimeout(t, "Reading command output time out", 10*time.Second, func() { |
... | ... |
@@ -55,11 +50,7 @@ func TestHttpsInfo(t *testing.T) { |
55 | 55 |
// TestHttpsInfoRogueCert connects via two-way authenticated HTTPS to the info endpoint |
56 | 56 |
// by using a rogue client certificate and checks that it fails with the expected error. |
57 | 57 |
func TestHttpsInfoRogueCert(t *testing.T) { |
58 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
59 |
- if err != nil { |
|
60 |
- t.Fatal(err) |
|
61 |
- } |
|
62 |
- cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, key, testDaemonProto, |
|
58 |
+ cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto, |
|
63 | 59 |
testDaemonHttpsAddr, getTlsConfig("client-rogue-cert.pem", "client-rogue-key.pem", t)) |
64 | 60 |
|
65 | 61 |
setTimeout(t, "Reading command output time out", 10*time.Second, func() { |
... | ... |
@@ -76,11 +67,7 @@ func TestHttpsInfoRogueCert(t *testing.T) { |
76 | 76 |
// TestHttpsInfoRogueServerCert connects via two-way authenticated HTTPS to the info endpoint |
77 | 77 |
// which provides a rogue server certificate and checks that it fails with the expected error |
78 | 78 |
func TestHttpsInfoRogueServerCert(t *testing.T) { |
79 |
- key, err := libtrust.GenerateECP256PrivateKey() |
|
80 |
- if err != nil { |
|
81 |
- t.Fatal(err) |
|
82 |
- } |
|
83 |
- cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, key, testDaemonProto, |
|
79 |
+ cli := client.NewDockerCli(nil, ioutil.Discard, ioutil.Discard, "", testDaemonProto, |
|
84 | 80 |
testDaemonRogueHttpsAddr, getTlsConfig("client-cert.pem", "client-key.pem", t)) |
85 | 81 |
|
86 | 82 |
setTimeout(t, "Reading command output time out", 10*time.Second, func() { |