updating notary releases #2345
Merged
updating notary releases #2345
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/notary_server-0.3.0/Dockerfile b/notary_server-0.4.2/Dockerfile
similarity index 100%
copy from notary_server-0.3.0/Dockerfile
copy to notary_server-0.4.2/Dockerfile
diff --git a/notary_server-0.3.0/entrypoint.sh b/notary_server-0.4.2/entrypoint.sh
similarity index 100%
copy from notary_server-0.3.0/entrypoint.sh
copy to notary_server-0.4.2/entrypoint.sh
diff --git a/notary_signer-0.3.0/notary-signer b/notary_server-0.4.2/notary-server
similarity index 52%
copy from notary_signer-0.3.0/notary-signer
copy to notary_server-0.4.2/notary-server
index d823c74..f0ab8de 100755
Binary files a/notary_signer-0.3.0/notary-signer and b/notary_server-0.4.2/notary-server differ
diff --git a/notary_server-0.3.0/server-config.json b/notary_server-0.4.2/server-config.json
similarity index 55%
copy from notary_server-0.3.0/server-config.json
copy to notary_server-0.4.2/server-config.json
index fd27566..21a6410 100644
--- a/notary_server-0.3.0/server-config.json
+++ b/notary_server-0.4.2/server-config.json
@@ -5,13 +5,13 @@
"tls_cert_file": "/certs/notary-server.crt"
},
"trust_service": {
- "type": "remote",
- "hostname": "notarysigner",
- "port": "7899",
- "tls_ca_file": "/certs/root-ca.crt",
- "key_algorithm": "ecdsa",
- "tls_client_cert": "/certs/notary-server.crt",
- "tls_client_key": "/certs/notary-server.key"
+ "type": "remote",
+ "hostname": "notarysigner",
+ "port": "7899",
+ "tls_ca_file": "/certs/root-ca.crt",
+ "key_algorithm": "ecdsa",
+ "tls_client_cert": "/certs/notary-server.crt",
+ "tls_client_key": "/certs/notary-server.key"
},
"logging": {
"level": "info"
diff --git a/notary_server-0.3.0/Dockerfile b/notary_server-0.5.0/Dockerfile
similarity index 100%
copy from notary_server-0.3.0/Dockerfile
copy to notary_server-0.5.0/Dockerfile
diff --git a/notary_server-0.3.0/entrypoint.sh b/notary_server-0.5.0/entrypoint.sh
similarity index 100%
copy from notary_server-0.3.0/entrypoint.sh
copy to notary_server-0.5.0/entrypoint.sh
diff --git a/notary_signer-0.3.0/notary-signer b/notary_server-0.5.0/notary-server
similarity index 53%
copy from notary_signer-0.3.0/notary-signer
copy to notary_server-0.5.0/notary-server
index d823c74..34c837d 100755
Binary files a/notary_signer-0.3.0/notary-signer and b/notary_server-0.5.0/notary-server differ
diff --git a/notary_server-0.3.0/server-config.json b/notary_server-0.5.0/server-config.json
similarity index 55%
copy from notary_server-0.3.0/server-config.json
copy to notary_server-0.5.0/server-config.json
index fd27566..21a6410 100644
--- a/notary_server-0.3.0/server-config.json
+++ b/notary_server-0.5.0/server-config.json
@@ -5,13 +5,13 @@
"tls_cert_file": "/certs/notary-server.crt"
},
"trust_service": {
- "type": "remote",
- "hostname": "notarysigner",
- "port": "7899",
- "tls_ca_file": "/certs/root-ca.crt",
- "key_algorithm": "ecdsa",
- "tls_client_cert": "/certs/notary-server.crt",
- "tls_client_key": "/certs/notary-server.key"
+ "type": "remote",
+ "hostname": "notarysigner",
+ "port": "7899",
+ "tls_ca_file": "/certs/root-ca.crt",
+ "key_algorithm": "ecdsa",
+ "tls_client_cert": "/certs/notary-server.crt",
+ "tls_client_key": "/certs/notary-server.key"
},
"logging": {
"level": "info"
diff --git a/notary_signer-0.3.0/Dockerfile b/notary_signer-0.4.2/Dockerfile
similarity index 100%
copy from notary_signer-0.3.0/Dockerfile
copy to notary_signer-0.4.2/Dockerfile
diff --git a/notary_signer-0.3.0/entrypoint.sh b/notary_signer-0.4.2/entrypoint.sh
similarity index 100%
copy from notary_signer-0.3.0/entrypoint.sh
copy to notary_signer-0.4.2/entrypoint.sh
diff --git a/notary_signer-0.3.0/notary-signer b/notary_signer-0.4.2/notary-signer
similarity index 48%
copy from notary_signer-0.3.0/notary-signer
copy to notary_signer-0.4.2/notary-signer
index d823c74..3bee300 100755
Binary files a/notary_signer-0.3.0/notary-signer and b/notary_signer-0.4.2/notary-signer differ
diff --git a/notary_signer-0.3.0/signer-config.json b/notary_signer-0.4.2/signer-config.json
similarity index 100%
copy from notary_signer-0.3.0/signer-config.json
copy to notary_signer-0.4.2/signer-config.json
diff --git a/notary_signer-0.3.0/Dockerfile b/notary_signer-0.5.0/Dockerfile
similarity index 100%
copy from notary_signer-0.3.0/Dockerfile
copy to notary_signer-0.5.0/Dockerfile
diff --git a/notary_signer-0.3.0/entrypoint.sh b/notary_signer-0.5.0/entrypoint.sh
similarity index 100%
copy from notary_signer-0.3.0/entrypoint.sh
copy to notary_signer-0.5.0/entrypoint.sh
diff --git a/notary_signer-0.3.0/notary-signer b/notary_signer-0.5.0/notary-signer
similarity index 49%
copy from notary_signer-0.3.0/notary-signer
copy to notary_signer-0.5.0/notary-signer
index d823c74..e1b06a6 100755
Binary files a/notary_signer-0.3.0/notary-signer and b/notary_signer-0.5.0/notary-signer differ
diff --git a/notary_signer-0.3.0/signer-config.json b/notary_signer-0.5.0/signer-config.json
similarity index 100%
copy from notary_signer-0.3.0/signer-config.json
copy to notary_signer-0.5.0/signer-config.json |
|
Build test of #2345; 2e6ea85 ( $ bashbrew build notary:server
warning: insecure protocol git:// detected: git://github.com/docker/notary-official-images
Building bashbrew/cache:aa067be954aedcd66880c6a9d5c2819cdf316a62819448c9ffa224d8c65c24b6 (notary:server)
Tagging notary:server
Tagging notary:server-0.5.0
$ test/run.sh notary:server
testing notary:server
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:signer
warning: insecure protocol git:// detected: git://github.com/docker/notary-official-images
Building bashbrew/cache:35a75e0df3bc79cbdc970c4fd12997768a4f7dd166336a4a30195a42d0ba5bad (notary:signer)
Tagging notary:signer
Tagging notary:signer-0.5.0
$ test/run.sh notary:signer
testing notary:signer
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:server-0.4.2
warning: insecure protocol git:// detected: git://github.com/docker/notary-official-images
Building bashbrew/cache:570ef0d77d26216f7ae1ef6af5ac4af0dc3dc34d524bd7bde133502c2cca6cc6 (notary:server-0.4.2)
Tagging notary:server-0.4.2
$ test/run.sh notary:server-0.4.2
testing notary:server-0.4.2
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:signer-0.4.2
warning: insecure protocol git:// detected: git://github.com/docker/notary-official-images
Building bashbrew/cache:ce0836f7a41c136eb67e872eb8c09ece7218971e1795c70829015b3f7882eae7 (notary:signer-0.4.2)
Tagging notary:signer-0.4.2
$ test/run.sh notary:signer-0.4.2
testing notary:signer-0.4.2
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:server-0.3.0
Building bashbrew/cache:e5da41307a18d2c8b9fdb60e12f062bd89d67c1d2c3de24aecab0d6ebd02101a (notary:server-0.3.0)
Tagging notary:server-0.3.0
$ test/run.sh notary:server-0.3.0
testing notary:server-0.3.0
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:signer-0.3.0
Building bashbrew/cache:6fd80a1e485fdfccf78341372cbeec644cdd20200a43f67b83a61617bce501dc (notary:signer-0.3.0)
Tagging notary:signer-0.3.0
$ test/run.sh notary:signer-0.3.0
testing notary:signer-0.3.0
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:server-0.2.0
Building bashbrew/cache:f46aa8afe50c293d01c3a7f3b6abbfa91ef1fd04ae086af9a96f11922255f8e1 (notary:server-0.2.0)
Tagging notary:server-0.2.0
$ test/run.sh notary:server-0.2.0
testing notary:server-0.2.0
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
$ bashbrew build notary:signer-0.2.0
Building bashbrew/cache:aa234f21a393bc4e9b2e8b4f0a95987e6580bd36eb4a91b1ea7c9cf85ec2371f (notary:signer-0.2.0)
Tagging notary:signer-0.2.0
$ test/run.sh notary:signer-0.2.0
testing notary:signer-0.2.0
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
|
yosifkit
reviewed
Nov 14, 2016
| signer: git://github.com/docker/notary-official-images@v0.5.0 notary-signer | ||
| signer-0.5.0: git://github.com/docker/notary-official-images@v0.5.0 notary-signer | ||
| server-0.4.2: git://github.com/docker/notary-official-images@v0.4.2 notary-server | ||
| signer-0.4.2: git://github.com/docker/notary-official-images@v0.4.2 notary-signer |
There was a problem hiding this comment.
Using Git tags instead of explicit Git commit references is supported for the deprecated format only, but is heavily discouraged.
cc @tianon
There was a problem hiding this comment.
ugh... we've had specific requests in other places to prefer semantically versioned tags. We now use them exclusively for docker/docker
There was a problem hiding this comment.
Ouch, yeah, I can understand for docker/docker -- there it makes sense to declare a relationship between Docker and Notary based on version numbers, but here we prefer explicit commits to ensure that we're building exactly what was intended and that it hasn't changed in between unintentionally or maliciously (since this is really a "deployment" manifest, not a dependency relation). 😞
Does that make more sense?
There was a problem hiding this comment.
Yes and no. We specifically message "use notary version X with docker version Y" and that includes server and signer. We release all 3 notary components together and everything else we do, the images we deploy to production, the notary client binary, and our vendoring into other docker projects, is done using the same semantic tag.
At the end of the day it's kind of meaningless anyway. The docker/notary-official-image repo just contains opaque binaries with no tie-back to the source they were built from.
There was a problem hiding this comment.
(Just please don't ever re-push these tags 😅)
There was a problem hiding this comment.
We wont 👍
The docker/notary-official-image repo is literally one commit per semver tag and a tag for every commit. We only update it as and when a new release needs to go out.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Official images for notary 0.4.2 and 0.5.0
We skipped over 0.4.0 and 0.4.1 because we cut those then found build compatibility issues with other docker tools that depended on notary.