Merge pull request linuxkit#2983 from rn/notary-up

Use NOTARY_AUTH instead of the expect gymnastics
justincormack · Apr 3, 2018 · 28cd642 · 28cd642
2 parents 8b434f4 + d7d072b
commit 28cd642
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 82 deletions.
diff --git a/scripts/push-manifest.sh b/scripts/push-manifest.sh
@@ -64,49 +64,13 @@ fi
 SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2)
 LEN=$(echo "$OUT" | cut -d' ' -f3)
 
-# Notary requires a PTY for username/password so use expect for that.
+# notary 0.6.0 accepts authentication as base64-encoded "username:password"
+export NOTARY_AUTH=$(echo "$USER:$PASS" | base64)
 export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"
-NOTARY_CMD="notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
-             -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
-             -r targets/releases"
 
-echo '
-spawn '"$NOTARY_CMD"'
-set pid [exp_pid]
-set timeout 60
-expect {
-    timeout {
-        puts "Expected username prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    "username: " {
-        send "'"$USER"'\n"
-    }
-}
-expect {
-    timeout {
-        puts "Expected password prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    "password: " {
-        send "'"$PASS"'\n"
-    }
-}
-expect {
-    timeout {
-        puts "Expected password prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    eof {
-    }
-}
-set waitval [wait -i $spawn_id]
-set exval [lindex $waitval 3]
-exit $exval
-' | expect -f -
+notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
+       -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
+       -r targets/releases
 
 echo
 echo "New signed multi-arch image: $REPO:$TAG"

diff --git a/src/cmd/linuxkit/pkglib/manifest_push_script.go b/src/cmd/linuxkit/pkglib/manifest_push_script.go
@@ -67,49 +67,13 @@ fi
 SHA256=$(echo "$OUT" | cut -d' ' -f2 | cut -d':' -f2)
 LEN=$(echo "$OUT" | cut -d' ' -f3)
 
-# Notary requires a PTY for username/password so use expect for that.
+# notary 0.6.0 accepts authentication as base64-encoded "username:password"
+export NOTARY_AUTH=$(echo "$USER:$PASS" | base64)
 export NOTARY_DELEGATION_PASSPHRASE="$DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"
-NOTARY_CMD="notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
-             -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
-             -r targets/releases"
 
-echo '
-spawn '"$NOTARY_CMD"'
-set pid [exp_pid]
-set timeout 60
-expect {
-    timeout {
-        puts "Expected username prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    "username: " {
-        send "'"$USER"'\n"
-    }
-}
-expect {
-    timeout {
-        puts "Expected password prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    "password: " {
-        send "'"$PASS"'\n"
-    }
-}
-expect {
-    timeout {
-        puts "Expected password prompt"
-        exec kill -9 $pid
-        exit 1
-    }
-    eof {
-    }
-}
-set waitval [wait -i $spawn_id]
-set exval [lindex $waitval 3]
-exit $exval
-' | expect -f -
+notary -s https://notary.docker.io -d $HOME/.docker/trust addhash \
+       -p docker.io/$REPO $TAG $LEN --sha256 $SHA256 \
+       -r targets/releases
 
 echo
 echo "New signed multi-arch image: $REPO:$TAG"