Merge pull request #1420 from dmcgowan/configurable-trust-key

Add option to disable signatures
2016-02-10 16:15:59 -08:00 · 2016-02-10 16:15:59 -08:00 · 2177a6a1bf
commit 2177a6a1bf
parent 3cf01ffa1f 956ece5c70
4 changed files with 115 additions and 33 deletions
--- a/docs/storage/registry.go
+++ b/docs/storage/registry.go
@ -6,6 +6,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/distribution/registry/storage/cache"
 	storagedriver "github.com/docker/distribution/registry/storage/driver"
+	"github.com/docker/libtrust"
 )

 // registry is the top-level implementation of Registry for use in the storage
@ -17,6 +18,8 @@ type registry struct {
 	blobDescriptorCacheProvider cache.BlobDescriptorCacheProvider
 	deleteEnabled               bool
 	resumableDigestEnabled      bool
+	schema1SignaturesEnabled    bool
+	schema1SigningKey           libtrust.PrivateKey
 }

 // RegistryOption is the type used for functional options for NewRegistry.
@ -43,6 +46,24 @@ func DisableDigestResumption(registry *registry) error {
 	return nil
 }

+// DisableSchema1Signatures is a functional option for NewRegistry. It disables
+// signature storage and ensures all schema1 manifests will only be returned
+// with a signature from a provided signing key.
+func DisableSchema1Signatures(registry *registry) error {
+	registry.schema1SignaturesEnabled = false
+	return nil
+}
+
+// Schema1SigningKey returns a functional option for NewRegistry. It sets the
+// signing key for adding a signature to all schema1 manifests. This should be
+// used in conjunction with disabling signature store.
+func Schema1SigningKey(key libtrust.PrivateKey) RegistryOption {
+	return func(registry *registry) error {
+		registry.schema1SigningKey = key
+		return nil
+	}
+}
+
 // BlobDescriptorCacheProvider returns a functional option for
 // NewRegistry. It creates a cached blob statter for use by the
 // registry.
@ -85,8 +106,9 @@ func NewRegistry(ctx context.Context, driver storagedriver.StorageDriver, option
 			statter: statter,
 			pathFn:  bs.path,
 		},
-		statter:                statter,
-		resumableDigestEnabled: true,
+		statter:                  statter,
+		resumableDigestEnabled:   true,
+		schema1SignaturesEnabled: true,
 	}

 	for _, option := range options {