Send push information to trust code out-of-band

The trust code used to parse the console output of `docker push` to extract the digest, tag, and size information and determine what to sign. This is fragile and might give an attacker control over what gets signed if the attacker can find a way to influence what gets printed as part of the push output. This commit sends the push metadata out-of-band. It introduces an `Aux` field in JSONMessage that can carry application-specific data alongside progress updates. Instead of parsing formatted output, the client looks in this field to get the digest, size, and tag from the push. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> Upstream-commit: 65370be888d940899593a001024f53d6b83b4bb0 Component: engine
2015-12-21 15:02:44 -08:00
parent 61116ea963
commit d54e9ca21b
13 changed files with 88 additions and 82 deletions
--- a/components/engine/api/client/pull.go
+++ b/components/engine/api/client/pull.go
@ -83,5 +83,5 @@ func (cli *DockerCli) imagePullPrivileged(authConfig types.AuthConfig, imageID,
 	}
 	defer responseBody.Close()

-	return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut)
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil)
 }