cli/trust: Server: accept registry hostname

The IndexInfo was only used to detect if the target was an official
image, which we can deduct from the hostname. Adding some normalizing
just in case (but we should only get "docker.io" here).

Signed-off-by: Sebastiaan van Stijn <[email protected]>

Author: thaJeztah

cli/trust/trust.go

@@ -79,7 +79,7 @@ func certificateDirectory(server string) (string, error) {
 }
 
 // Server returns the base URL for the trust server.
-func Server(index *registrytypes.IndexInfo) (string, error) {
+func Server(indexName string) (string, error) {
 	if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
 		urlObj, err := url.Parse(s)
 		if err != nil || urlObj.Scheme != "https" {
@@ -88,10 +88,10 @@ func Server(index *registrytypes.IndexInfo) (string, error) {
 
 		return s, nil
 	}
-	if index.Official {
+	if indexName == "docker.io" || indexName == "index.docker.io" {
 		return NotaryServer, nil
 	}
-	return "https://" + index.Name, nil
+	return "https://" + indexName, nil
 }
 
 type simpleCredentialStore struct {
@@ -117,7 +117,7 @@ const dctDeprecation = `WARNING: Docker is retiring DCT for Docker Official Imag
 // information needed to operate on a notary repository.
 // It creates an HTTP transport providing authentication support.
 func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *RepositoryInfo, authConfig *registrytypes.AuthConfig, actions ...string) (client.Repository, error) {
-	server, err := Server(repoInfo.Index)
+	server, err := Server(repoInfo.Index.Name)
 	if err != nil {
 		return nil, err
 	}

cli/trust/trust_test.go

@@ -4,7 +4,6 @@ import (
 	"testing"
 
 	"github.com/distribution/reference"
-	registrytypes "github.com/moby/moby/api/types/registry"
 	"github.com/opencontainers/go-digest"
 	"github.com/theupdateframework/notary/client"
 	"github.com/theupdateframework/notary/trustpinning"
@@ -56,32 +55,32 @@ func TestGetSignableRolesError(t *testing.T) {
 
 func TestENVTrustServer(t *testing.T) {
 	t.Setenv("DOCKER_CONTENT_TRUST_SERVER", "https://notary-test.example.com:5000")
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
-	output, err := Server(indexInfo)
+	output, err := Server("testserver")
 	const expected = "https://notary-test.example.com:5000"
 	assert.NilError(t, err)
 	assert.Equal(t, output, expected)
 }
 
 func TestHTTPENVTrustServer(t *testing.T) {
 	t.Setenv("DOCKER_CONTENT_TRUST_SERVER", "http://notary-test.example.com:5000")
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver"}
-	_, err := Server(indexInfo)
+	_, err := Server("testserver")
 	const expected = "valid https URL required for trust server"
 	assert.ErrorContains(t, err, expected, "Expected error with invalid scheme")
 }
 
 func TestOfficialTrustServer(t *testing.T) {
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: true}
-	output, err := Server(indexInfo)
+	output, err := Server("docker.io")
 	const expected = NotaryServer
 	assert.NilError(t, err)
 	assert.Equal(t, output, expected)
+
+	output, err = Server("index.docker.io")
+	assert.NilError(t, err)
+	assert.Equal(t, output, expected)
 }
 
 func TestNonOfficialTrustServer(t *testing.T) {
-	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: false}
-	output, err := Server(indexInfo)
+	output, err := Server("testserver")
 	const expected = "https://testserver"
 	assert.NilError(t, err)
 	assert.Equal(t, output, expected)