Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to extract the digest, tag, and size information and determine what to sign. This is fragile and might give an attacker control over what gets signed if the attacker can find a way to influence what gets printed as part of the push output. This commit sends the push metadata out-of-band. It introduces an `Aux` field in JSONMessage that can carry application-specific data alongside progress updates. Instead of parsing formatted output, the client looks in this field to get the digest, size, and tag from the push. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This commit is contained in:
Aaron Lehmann
parent
486bca6d94
commit
1fe4441875
5 changed files with 36 additions and 7 deletions
|
|
@ -16,6 +16,10 @@ type Progress struct {
|
|||
Current int64
|
||||
Total int64
|
||||
|
||||
// Aux contains extra information not presented to the user, such as
|
||||
// digests for push signing.
|
||||
Aux interface{}
|
||||
|
||||
LastUpdate bool
|
||||
}
|
||||
|
||||
|
|
@ -61,3 +65,9 @@ func Message(out Output, id, message string) {
|
|||
func Messagef(out Output, id, format string, a ...interface{}) {
|
||||
Message(out, id, fmt.Sprintf(format, a...))
|
||||
}
|
||||
|
||||
// Aux sends auxiliary information over a progress interface, which will not be
|
||||
// formatted for the UI. This is used for things such as push signing.
|
||||
func Aux(out Output, a interface{}) {
|
||||
out.WriteProgress(Progress{Aux: a})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue