Commit graph

4 commits

Author SHA1 Message Date
Aaron Lehmann
1fe4441875 Send push information to trust code out-of-band
The trust code used to parse the console output of `docker push` to
extract the digest, tag, and size information and determine what to
sign. This is fragile and might give an attacker control over what gets
signed if the attacker can find a way to influence what gets printed as
part of the push output.

This commit sends the push metadata out-of-band. It introduces an `Aux`
field in JSONMessage that can carry application-specific data alongside
progress updates. Instead of parsing formatted output, the client looks
in this field to get the digest, size, and tag from the push.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2016-01-08 10:57:50 -08:00
Antonio Murdaca
cc22fd7990 Refactor pkg/stremformatter with custom constructors instead of passing a boolean
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-05-13 00:09:41 +02:00
Antonio Murdaca
221acfd266 Add minor stylistic fixes
Signed-off-by: Antonio Murdaca <me@runcom.ninja>
2015-04-16 21:22:32 +02:00
bobby abbott
98e8ec854e Fixes hacks from progressreader refactor
related to #10959

Signed-off-by: bobby abbott <ttobbaybbob@gmail.com>
2015-03-25 18:21:02 -07:00