fermayo · January 11, 2017 22:45
diff --git a/generate-delegation-key.sh b/generate-delegation-key.sh
 REPO="dockercloud/client-proxy"
 alias notary='notary -s https://notary.docker.io -d ~/.docker/trust'

 # First you need to import the root key for Docker Cloud
 notary key import 70340602d65cb8b39db81ca680269d93272b0925e279ec171c0f33d165977405.key

 # Create target key for $REPO
 notary init docker.io/$REPO
 notary key rotate docker.io/$REPO snapshot -r

 # Generate a new delegation key
 openssl genrsa -out delegation.key 2048
 openssl req -new -sha256 -key delegation.key -out delegation.csr -subj "/C=US/ST=CA/L=San Francisco/O=Docker Inc/OU=Docker Cloud/CN=${REPO/\//_}"
 openssl x509 -req -days 36500 -in delegation.csr -signkey delegation.key -out delegation.crt -sha256

 # Add the key to the repo
 notary delegation add docker.io/$REPO targets/releases delegation.crt --all-paths
 notary publish docker.io/$REPO

 # Import the key to notary
 # Write down the key ID ($DELEGATION_KEY_ID) and the passphrase ($DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE)
 notary key import delegation.key --role user

 # Environment variables to set in the Docker Cloud build:
 # $DOCKER_CONTENT_TRUST_DELEGATION_KEY = awk 1 ORS='\\n' <(notary key export --key $DELEGATION_KEY_ID)
 # $DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE
diff --git a/push b/push
 #!/bin/bash
 # Place this script in hooks/push

 if [ ! -z "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" ]; then
 	echo "=> Using Notary to sign built image"
 	mkdir -p /root/.docker/trust/private/tuf_keys
 	echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" > /root/.docker/trust/private/$(echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" | grep path | awk '{print $2}').key
 	DOCKER_CONTENT_TRUST=1 docker push $IMAGE_NAME
 else
 	docker push $IMAGE_NAME
 fi
	REPO="dockercloud/client-proxy"
	alias notary='notary -s https://notary.docker.io -d ~/.docker/trust'

	# First you need to import the root key for Docker Cloud
	notary key import 70340602d65cb8b39db81ca680269d93272b0925e279ec171c0f33d165977405.key

	# Create target key for $REPO
	notary init docker.io/$REPO
	notary key rotate docker.io/$REPO snapshot -r

	# Generate a new delegation key
	openssl genrsa -out delegation.key 2048
	openssl req -new -sha256 -key delegation.key -out delegation.csr -subj "/C=US/ST=CA/L=San Francisco/O=Docker Inc/OU=Docker Cloud/CN=${REPO/\//_}"
	openssl x509 -req -days 36500 -in delegation.csr -signkey delegation.key -out delegation.crt -sha256

	# Add the key to the repo
	notary delegation add docker.io/$REPO targets/releases delegation.crt --all-paths
	notary publish docker.io/$REPO

	# Import the key to notary
	# Write down the key ID ($DELEGATION_KEY_ID) and the passphrase ($DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE)
	notary key import delegation.key --role user

	# Environment variables to set in the Docker Cloud build:
	# $DOCKER_CONTENT_TRUST_DELEGATION_KEY = awk 1 ORS='\\n' <(notary key export --key $DELEGATION_KEY_ID)
	# $DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE
	#!/bin/bash
	# Place this script in hooks/push

	if [ ! -z "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" ]; then
	echo "=> Using Notary to sign built image"
	mkdir -p /root/.docker/trust/private/tuf_keys
	echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" > /root/.docker/trust/private/$(echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" \| grep path \| awk '{print $2}').key
	DOCKER_CONTENT_TRUST=1 docker push $IMAGE_NAME
	else
	docker push $IMAGE_NAME
	fi