Send push information to trust code out-of-band

The trust code used to parse the console output of `docker push` to extract the digest, tag, and size information and determine what to sign. This is fragile and might give an attacker control over what gets signed if the attacker can find a way to influence what gets printed as part of the push output. This commit sends the push metadata out-of-band. It introduces an `Aux` field in JSONMessage that can carry application-specific data alongside progress updates. Instead of parsing formatted output, the client looks in this field to get the digest, size, and tag from the push. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-12-21 15:02:44 -08:00 · 2015-12-21 15:02:44 -08:00 · 1fe4441875
commit 1fe4441875
parent 486bca6d94
5 changed files with 36 additions and 7 deletions
--- a/streamformatter/streamformatter_test.go
+++ b/streamformatter/streamformatter_test.go
@ -73,7 +73,7 @@ func TestJSONFormatProgress(t *testing.T) {
 		Total:   30,
 		Start:   1,
 	}
-	res := sf.FormatProgress("id", "action", progress)
+	res := sf.FormatProgress("id", "action", progress, nil)
 	msg := &jsonmessage.JSONMessage{}
 	if err := json.Unmarshal(res, msg); err != nil {
 		t.Fatal(err)