use ad-hoc libtrust key

thaJeztah · thaJeztah · commit 8feeaecb84ca · 2022-11-28T20:29:19.000+01:00
This is only used for tests, and the key is not verified anymore, so
instead of creating a key and storing it, we can just use an ad-hoc
one.

Signed-off-by: Sebastiaan van Stijn &lt;github@gone.nl&gt;
diff --git a/cmd/dockerd/options.go b/cmd/dockerd/options.go
@@ -65,8 +65,6 @@ func (o *daemonOptions) installFlags(flags *pflag.FlagSet) {
 	flags.BoolVar(&o.TLS, FlagTLS, DefaultTLSValue, "Use TLS; implied by --tlsverify")
 	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify || DefaultTLSValue, "Use TLS and verify the remote")
 
-	// TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
-
 	o.TLSOptions = &tlsconfig.Options{}
 	tlsOptions := o.TLSOptions
 	flags.StringVar(&tlsOptions.CAFile, "tlscacert", filepath.Join(dockerCertPath, DefaultCaFile), "Trust certs signed only by this CA")
diff --git a/daemon/daemon.go b/daemon/daemon.go
@@ -1058,19 +1058,6 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 			ContentNamespace:          config.ContainerdNamespace,
 		}
 
-		// This is a temporary environment variables used in CI to allow pushing
-		// manifest v2 schema 1 images to test-registries used for testing *pulling*
-		// these images.
-		if os.Getenv("DOCKER_ALLOW_SCHEMA1_PUSH_DONOTUSE") != "" {
-			// Previously, this was stored in the daemon's config-directory, but
-			// as pushing V1 is deprecated, and we only need this file during
-			// our integration tests, just store it within the "trust" directory.
-			imgSvcConfig.TrustKey, err = loadOrCreateTrustKey(filepath.Join(config.Root, "trust", "key.json"))
-			if err != nil {
-				return nil, err
-			}
-		}
-
 		// containerd is not currently supported with Windows.
 		// So sometimes d.containerdCli will be nil
 		// In that case we'll create a local content store... but otherwise we'll use containerd
diff --git a/daemon/images/image_push.go b/daemon/images/image_push.go
@@ -54,7 +54,6 @@ func (i *ImageService) PushImage(ctx context.Context, image, tag string, metaHea
 		},
 		ConfigMediaType: schema2.MediaTypeImageConfig,
 		LayerStores:     distribution.NewLayerProvidersFromStore(i.layerStore),
-		TrustKey:        i.trustKey,
 		UploadManager:   i.uploadManager,
 	}
 
diff --git a/daemon/images/service.go b/daemon/images/service.go
@@ -16,7 +16,6 @@ import (
 	"github.com/docker/docker/layer"
 	dockerreference "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/docker/libtrust"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/singleflight"
@@ -44,7 +43,6 @@ type ImageServiceConfig struct {
 	MaxDownloadAttempts       int
 	ReferenceStore            dockerreference.Store
 	RegistryService           registry.Service
-	TrustKey                  libtrust.PrivateKey
 	ContentStore              content.Store
 	Leases                    leases.Manager
 	ContentNamespace          string
@@ -61,7 +59,6 @@ func NewImageService(config ImageServiceConfig) *ImageService {
 		layerStore:                config.LayerStore,
 		referenceStore:            config.ReferenceStore,
 		registryService:           config.RegistryService,
-		trustKey:                  config.TrustKey,
 		uploadManager:             xfer.NewLayerUploadManager(config.MaxConcurrentUploads),
 		leases:                    config.Leases,
 		content:                   config.ContentStore,
@@ -80,7 +77,6 @@ type ImageService struct {
 	pruneRunning              int32
 	referenceStore            dockerreference.Store
 	registryService           registry.Service
-	trustKey                  libtrust.PrivateKey
 	uploadManager             *xfer.LayerUploadManager
 	leases                    leases.Manager
 	content                   content.Store
diff --git a/daemon/trustkey.go b/daemon/trustkey.go
diff --git a/daemon/trustkey_test.go b/daemon/trustkey_test.go
diff --git a/distribution/config.go b/distribution/config.go
@@ -17,7 +17,6 @@ import (
 	"github.com/docker/docker/pkg/system"
 	refstore "github.com/docker/docker/reference"
 	registrypkg "github.com/docker/docker/registry"
-	"github.com/docker/libtrust"
 	"github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -74,9 +73,6 @@ type ImagePushConfig struct {
 	ConfigMediaType string
 	// LayerStores manages layers.
 	LayerStores PushLayerProvider
-	// TrustKey is the private key for legacy signatures. This is typically
-	// an ephemeral key, since these signatures are no longer verified.
-	TrustKey libtrust.PrivateKey
 	// UploadManager dispatches uploads.
 	UploadManager *xfer.LayerUploadManager
 }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,6 @@ func (i *ImageService) PushImage(ctx context.Context, image, tag string, metaHea`
`54`	`54`	`},`
`55`	`55`	`ConfigMediaType: schema2.MediaTypeImageConfig,`
`56`	`56`	`LayerStores: distribution.NewLayerProvidersFromStore(i.layerStore),`
`57`		`- TrustKey: i.trustKey,`
`58`	`57`	`UploadManager: i.uploadManager,`
`59`	`58`	`}`
`60`	`59`