This repository has been archived by the owner on May 3, 2022. It is now read-only.
remove signing support from duffle commands #693
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
assigned 
michelleN
force-pushed
the
remove-sign
branch
7 times, most recently
from
bf94275 to
1c2e225
Compare
radu-matei
reviewed
Apr 5, 2019
| @@ -25,19 +31,11 @@ func newBundleShowCmd(w io.Writer) *cobra.Command { | |||
| } | |||
|
|
|||
| flags := cmd.Flags() | |||
| flags.BoolVarP(&bsc.insecure, "insecure", "k", false, "Do not verify the bundle (INSECURE)") | |||
| flags.BoolVarP(&bsc.raw, "raw", "r", false, "Display the raw bundle manifest") | |||
There was a problem hiding this comment.
When bundles were signed, bundle show would strip the signature, and --raw would show the entire file, including the signature -- now that there is no signature anymore, wondering what this flag could be used for -- one thing that comes to mind is to show the canonical vs. pretty form for JSN.
That being said, bundle show seems to be broken right now:
$ duffle build examples/helloworld
==> Successfully built bundle helloworld:0.1.0
$ duffle bundle show helloworld:0.1.0
error occurred runtime error: invalid memory address or nil pointer dereference
$ duffle bundle show helloworld:0.1.0 --raw
{"credentials":null,"description":"A short description of your bundle","images":null,"invocationImages":[{"image":"deislabs/helloworld-cnab:2aa903328e18e41014b0c98c43582169639defa2","imageType":"docker"}],"keywords":["helloworld","cnab","tutorial"],"maintainers":[{"email":"[email protected]","name":"John Doe","url":"https://example.com"},{"email":"[email protected]","name":"Jane Doe","url":"https://example.com"}],"name":"helloworld","parameters":null,"version":"0.1.0"}
There was a problem hiding this comment.
- Yes, I think that's a great idea. Let's make the default, the pretty form and have -r show the canonical form? If it's alright to do that in a follow up PR, I'd like to that instead of adding to this gigantic one lol
- I was getting that error earlier and pushed a fix for it with the last commit. Could you try again and let me know if it's still broken for you?
There was a problem hiding this comment.
Sure, let's have that in a follow-up commit.
radu-matei
reviewed
Apr 5, 2019
added 3 commits
April 5, 2019 11:59
+ update loader pkg to support only unsigned loader + update docs
michelleN
force-pushed
the
remove-sign
branch
2 times, most recently
from
a33d460 to
8a1c7d7
Compare
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The Open-PGP based signing mechanism was removed from the CNAB spec as of cnab-spec PR 115. This PR removes signing support from all duffle commands to lay the ground work for implementing the current bundle security section of the CNAB spec.
resolves #696