implement docker trust as plugin

Just a quick experiment to see if we can move the `trust` subcommands
to a plugin, so that the subcommands can be installed separate from
the `docker trust` integration in push/pull (for situations where
trust verification happens on the daemon side).

    make binary
    go build -o /usr/libexec/docker/cli-plugins/docker-trust ./cmd/docker-trust

    docker info
    Client:
     Version:    28.2.0-dev
     Context:    default
     Debug Mode: false
     Plugins:
      buildx: Docker Buildx (Docker Inc.)
        Version:  v0.24.0
        Path:     /usr/libexec/docker/cli-plugins/docker-buildx
      trust: Manage trust on Docker images (Docker Inc.)
        Version:  unknown-version
        Path:     /usr/libexec/docker/cli-plugins/docker-trust

    docker trust --help
    Usage:  docker trust [OPTIONS] COMMAND

    Extended build capabilities with BuildKit

    Options:
      -D, --debug   Enable debug logging

    Management Commands:
      key         Manage keys for signing Docker images
      signer      Manage entities who can sign Docker images

    Commands:
      inspect     Return low-level information about keys and signatures
      revoke      Remove trust for an image
      sign        Sign an image

    Run 'docker trust COMMAND --help' for more information on a command.

Signed-off-by: Sebastiaan van Stijn <[email protected]>

Author: thaJeztah

cli/command/commands/commands.go

@@ -20,7 +20,6 @@ import (
 	"github.com/docker/cli/cli/command/stack"
 	"github.com/docker/cli/cli/command/swarm"
 	"github.com/docker/cli/cli/command/system"
-	"github.com/docker/cli/cli/command/trust"
 	"github.com/docker/cli/cli/command/volume"
 	"github.com/spf13/cobra"
 )
@@ -53,7 +52,6 @@ func AddCommands(cmd *cobra.Command, dockerCli command.Cli) {
 		network.NewNetworkCommand(dockerCli),
 		plugin.NewPluginCommand(dockerCli),
 		system.NewSystemCommand(dockerCli),
-		trust.NewTrustCommand(dockerCli),
 		volume.NewVolumeCommand(dockerCli),
 
 		// orchestration (swarm) commands

cmd/docker-trust/main.go

@@ -0,0 +1,114 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"syscall"
+
+	cerrdefs "github.com/containerd/errdefs"
+	"github.com/docker/cli/cli"
+	"github.com/docker/cli/cli-plugins/metadata"
+	"github.com/docker/cli/cli-plugins/plugin"
+	"github.com/docker/cli/cli/command"
+	"github.com/docker/cli/cli/version"
+	"github.com/docker/cli/cmd/docker-trust/trust"
+	"go.opentelemetry.io/otel"
+)
+
+func runStandalone(cmd *command.DockerCli) error {
+	defer flushMetrics(cmd)
+	executable := os.Args[0]
+	rootCmd := trust.NewRootCmd(filepath.Base(executable), false, cmd)
+	return rootCmd.Execute()
+}
+
+// flushMetrics will manually flush metrics from the configured
+// meter provider. This is needed when running in standalone mode
+// because the meter provider is initialized by the cli library,
+// but the mechanism for forcing it to report is not presently
+// exposed and not invoked when run in standalone mode.
+// There are plans to fix that in the next release, but this is
+// needed temporarily until the API for this is more thorough.
+func flushMetrics(cmd *command.DockerCli) {
+	if mp, ok := cmd.MeterProvider().(command.MeterProvider); ok {
+		if err := mp.ForceFlush(context.Background()); err != nil {
+			otel.Handle(err)
+		}
+	}
+}
+
+func runPlugin(cmd *command.DockerCli) error {
+	rootCmd := trust.NewRootCmd("trust", true, cmd)
+	return plugin.RunPlugin(cmd, rootCmd, metadata.Metadata{
+		SchemaVersion: "0.1.0",
+		Vendor:        "Docker Inc.",
+		Version:       version.Version,
+	})
+}
+
+func run(cmd *command.DockerCli) error {
+	if plugin.RunningStandalone() {
+		return runStandalone(cmd)
+	}
+	return runPlugin(cmd)
+}
+
+type errCtxSignalTerminated struct {
+	signal os.Signal
+}
+
+func (errCtxSignalTerminated) Error() string {
+	return ""
+}
+
+func main() {
+	cmd, err := command.NewDockerCli()
+	if err != nil {
+		_, _ = fmt.Fprintln(os.Stderr, err)
+		os.Exit(1)
+	}
+
+	if err = run(cmd); err == nil {
+		return
+	}
+
+	if errors.As(err, &errCtxSignalTerminated{}) {
+		os.Exit(getExitCode(err))
+	}
+
+	if !cerrdefs.IsCanceled(err) {
+		if err.Error() != "" {
+			_, _ = fmt.Fprintln(cmd.Err(), err)
+		}
+		os.Exit(getExitCode(err))
+	}
+}
+
+// getExitCode returns the exit-code to use for the given error.
+// If err is a [cli.StatusError] and has a StatusCode set, it uses the
+// status-code from it, otherwise it returns "1" for any error.
+func getExitCode(err error) int {
+	if err == nil {
+		return 0
+	}
+
+	var userTerminatedErr errCtxSignalTerminated
+	if errors.As(err, &userTerminatedErr) {
+		s, ok := userTerminatedErr.signal.(syscall.Signal)
+		if !ok {
+			return 1
+		}
+		return 128 + int(s)
+	}
+
+	var stErr cli.StatusError
+	if errors.As(err, &stErr) && stErr.StatusCode != 0 { // FIXME(thaJeztah): StatusCode should never be used with a zero status-code. Check if we do this anywhere.
+		return stErr.StatusCode
+	}
+
+	// No status-code provided; all errors should have a non-zero exit code.
+	return 1
+}

cli/command/trust/cmd.go renamed to cmd/docker-trust/trust/cmd.go

@@ -0,0 +1,82 @@
+package trust
+
+import (
+	"fmt"
+
+	"github.com/docker/cli-docs-tool/annotation"
+	"github.com/docker/cli/cli"
+	"github.com/docker/cli/cli-plugins/plugin"
+	"github.com/docker/cli/cli/command"
+	"github.com/docker/cli/cli/debug"
+	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+func NewRootCmd(name string, isPlugin bool, dockerCLI *command.DockerCli) *cobra.Command {
+	var opt rootOptions
+	cmd := &cobra.Command{
+		Use:   name,
+		Short: "Manage trust on Docker images",
+		Long:  `Extended build capabilities with BuildKit`,
+		Annotations: map[string]string{
+			annotation.CodeDelimiter: `"`,
+		},
+		CompletionOptions: cobra.CompletionOptions{
+			HiddenDefaultCmd: true,
+		},
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			if opt.debug {
+				debug.Enable()
+			}
+			// cmd.SetContext(appcontext.Context())
+			if !isPlugin {
+				// InstallFlags and SetDefaultOptions are necessary to match
+				// the plugin mode behavior to handle env vars such as
+				// DOCKER_TLS, DOCKER_TLS_VERIFY, ... and we also need to use a
+				// new flagset to avoid conflict with the global debug flag
+				// that we already handle in the root command otherwise it
+				// would panic.
+				nflags := pflag.NewFlagSet(cmd.DisplayName(), pflag.ContinueOnError)
+				options := cliflags.NewClientOptions()
+				options.InstallFlags(nflags)
+				options.SetDefaultOptions(nflags)
+				return dockerCLI.Initialize(options)
+			}
+			return plugin.PersistentPreRunE(cmd, args)
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				return cmd.Help()
+			}
+			_ = cmd.Help()
+			return cli.StatusError{
+				StatusCode: 1,
+				Status:     fmt.Sprintf("ERROR: unknown command: %q", args[0]),
+			}
+		},
+	}
+	if !isPlugin {
+		// match plugin behavior for standalone mode
+		// https://github.com/docker/cli/blob/6c9eb708fa6d17765d71965f90e1c59cea686ee9/cli-plugins/plugin/plugin.go#L117-L127
+		cmd.SilenceUsage = true
+		cmd.SilenceErrors = true
+		cmd.TraverseChildren = true
+		cmd.DisableFlagsInUseLine = true
+		cli.DisableFlagsInUseLine(cmd)
+	}
+
+	cmd.AddCommand(
+		newRevokeCommand(dockerCLI),
+		newSignCommand(dockerCLI),
+		newTrustKeyCommand(dockerCLI),
+		newTrustSignerCommand(dockerCLI),
+		newInspectCommand(dockerCLI),
+	)
+
+	return cmd
+}
+
+type rootOptions struct {
+	debug bool
+}