fix: change list outcome to signature manifest digest

Signed-off-by: Junjie Gao <[email protected]>
notaryproject · Oct 28, 2022 · 58c9fa8 · 58c9fa8
1 parent 2682b8b
commit 58c9fa8
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 16 deletions.
diff --git a/cmd/notation/list.go b/cmd/notation/list.go
@@ -1,11 +1,15 @@
 package main
 
 import (
+	"context"
 	"errors"
 	"fmt"
 
 	notationRegistry "github.com/notaryproject/notation-go/registry"
+	notationregistry "github.com/notaryproject/notation-go/registry"
 	"github.com/opencontainers/go-digest"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+	artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1"
 	"github.com/spf13/cobra"
 	"oras.land/oras-go/v2/registry"
 )
@@ -53,32 +57,56 @@ func runList(command *cobra.Command, opts *listOpts) error {
 		return err
 	}
 
-	sigManifests, err := sigRepo.ListSignatureManifests(command.Context(), manifestDesc.Digest)
+	// list all signature manifest digest
+	sigManifestDigests, err := listSignatureManifestDigests(command.Context(), manifestDesc.Digest, sigRepo)
 	if err != nil {
-		return fmt.Errorf("lookup signature failure: %v", err)
+		return err
 	}
 
 	// write out
-	return output(manifestDesc.Digest, sigManifests, reference)
+	return printSignatureManifestList(manifestDesc.Digest, sigManifestDigests, reference)
+}
+
+// listSignatureManifestDigests returns the signature manifest digest of
+// the subject manifest.
+//
+// TODO: this is a temporary function and will be replaced after
+// notation-go refactor.
+func listSignatureManifestDigests(ctx context.Context, manifestDigest digest.Digest, sigRepo *notationregistry.RepositoryClient) ([]digest.Digest, error) {
+	var sigManifestDigests []digest.Digest
+	if err := sigRepo.Repository.Referrers(ctx, ocispec.Descriptor{
+		Digest: manifestDigest,
+	}, notationRegistry.ArtifactTypeNotation, func(referrers []artifactspec.Descriptor) error {
+		for _, desc := range referrers {
+			if desc.MediaType != artifactspec.MediaTypeArtifactManifest {
+				continue
+			}
+			sigManifestDigests = append(sigManifestDigests, desc.Digest)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	return sigManifestDigests, nil
 }
 
-func output(digest digest.Digest, sigManifests []notationRegistry.SignatureManifest, reference string) error {
+func printSignatureManifestList(manifestDigest digest.Digest, sigManifestDigests []digest.Digest, reference string) error {
 	ref, err := registry.ParseReference(reference)
 	if err != nil {
 		return err
 	}
 
-	sigCount := len(sigManifests)
+	sigCount := len(sigManifestDigests)
 	if sigCount > 0 {
 		// print title
-		fmt.Printf("%s/%s@%s\n", ref.Registry, ref.Repository, digest)
+		fmt.Printf("%s/%s@%s\n", ref.Registry, ref.Repository, manifestDigest)
 		fmt.Printf("└── %s\n", notationRegistry.ArtifactTypeNotation)
 
-		for _, sigManifest := range sigManifests[:sigCount-1] {
-			// print each signature digest
-			fmt.Printf("    ├── %s\n", sigManifest.Blob.Digest)
+		// print each signature digest
+		for _, sigManifestDigest := range sigManifestDigests[:sigCount-1] {
+			fmt.Printf("    ├── %s\n", sigManifestDigest)
 		}
-		fmt.Printf("    └── %s\n", sigManifests[sigCount-1].Blob.Digest)
+		fmt.Printf("    └── %s\n", sigManifestDigests[sigCount-1])
 	}
 	return nil
 }
diff --git a/cmd/notation/registry.go b/cmd/notation/registry.go
@@ -14,7 +14,7 @@ import (
 	"oras.land/oras-go/v2/registry/remote/auth"
 )
 
-func getSignatureRepository(opts *SecureFlagOpts, reference string) (notationregistry.SignatureRepository, error) {
+func getSignatureRepository(opts *SecureFlagOpts, reference string) (*notationregistry.RepositoryClient, error) {
 	ref, err := registry.ParseReference(reference)
 	if err != nil {
 		return nil, err

diff --git a/go.mod b/go.mod
@@ -8,6 +8,8 @@ require (
 	github.com/notaryproject/notation-core-go v0.1.0-alpha.4
 	github.com/notaryproject/notation-go v0.11.0-alpha.4
 	github.com/opencontainers/go-digest v1.0.0
+	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799
+	github.com/oras-project/artifacts-spec v1.0.0-rc.2
 	github.com/spf13/cobra v1.6.0
 	github.com/spf13/pflag v1.0.5
 	github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83
@@ -22,8 +24,6 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 // indirect
-	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 // indirect
-	github.com/oras-project/artifacts-spec v1.0.0-rc.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect

diff --git a/specs/commandline/list.md b/specs/commandline/list.md
@@ -6,13 +6,13 @@ Use `notation list` to list all the signatures associated with signed artifact.
 
 `Tags` are mutable, but `Digests` uniquely and immutably identify an artifact. If a tag is used to identify a signed artifact, notation resolves the tag to the `digest` first.
 
-Upon successful execution, both the digest of the signed artifact and the digests of signatures associated with signed artifact are printed out as following:
+Upon successful execution, both the digest of the signed artifact and the digests of signatures manifest associated with signed artifact are printed out as following:
 
 ```shell
 <registry>/<repository>@<digest>
 └── application/vnd.cncf.notary.v2.signature
-    ├──<digest_of_signature>
-    └──<digest_of_signature>
+    ├──<digest_of_signature_manifest>
+    └──<digest_of_signature_manifest>
 ```
 
 ## Outline