diff --git a/cmd/notation/main.go b/cmd/notation/main.go index f4341da28..8d5be0e74 100644 --- a/cmd/notation/main.go +++ b/cmd/notation/main.go @@ -16,6 +16,7 @@ package main import ( "os" + "github.com/notaryproject/notation-go/dir" "github.com/notaryproject/notation/cmd/notation/cert" "github.com/notaryproject/notation/cmd/notation/plugin" "github.com/notaryproject/notation/cmd/notation/policy" @@ -32,6 +33,16 @@ func main() { // to avoid leaking credentials os.Unsetenv(defaultUsernameEnv) os.Unsetenv(defaultPasswordEnv) + + // update Notation config directory + if notationConfig := os.Getenv("NOTATION_CONFIG"); notationConfig != "" { + dir.UserConfigDir = notationConfig + } + + // update Notation Libexec directory (for plugins) + if notationLibexec := os.Getenv("NOTATION_LIBEXEC"); notationLibexec != "" { + dir.UserLibexecDir = notationLibexec + } }, } cmd.AddCommand( diff --git a/test/e2e/suite/command/verify.go b/test/e2e/suite/command/verify.go index d8e794948..7df83ee3d 100644 --- a/test/e2e/suite/command/verify.go +++ b/test/e2e/suite/command/verify.go @@ -155,4 +155,26 @@ var _ = Describe("notation verify", func() { NoMatchErrKeyWords(HTTPSRequest) }) }) + + It("incorrect NOTATION_CONFIG path", func() { + Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { + notation.Exec("sign", artifact.ReferenceWithDigest()). + MatchKeyWords(SignSuccessfully) + + vhost.UpdateEnv(map[string]string{"NOTATION_CONFIG": "/not/exist"}) + notation.ExpectFailure().Exec("verify", artifact.ReferenceWithDigest(), "-v"). + MatchErrKeyWords("trust policy is not present") + }) + }) + + It("correct NOTATION_CONFIG path", func() { + Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { + notation.Exec("sign", artifact.ReferenceWithDigest()). + MatchKeyWords(SignSuccessfully) + + vhost.UpdateEnv(map[string]string{"NOTATION_CONFIG": vhost.AbsolutePath(NotationDirName)}) + notation.Exec("verify", artifact.ReferenceWithDigest(), "-v"). + MatchKeyWords(VerifySuccessfully) + }) + }) }) diff --git a/test/e2e/suite/plugin/sign.go b/test/e2e/suite/plugin/sign.go index 3dc118f7e..2f6eea071 100644 --- a/test/e2e/suite/plugin/sign.go +++ b/test/e2e/suite/plugin/sign.go @@ -265,4 +265,38 @@ var _ = Describe("notation plugin sign", func() { Expect(descriptors[0].Annotations).Should(HaveKeyWithValue("k1", "v1")) }) }) + + It("incorrect NOTATION_LIBEXEC path", func() { + Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { + // setup incorrect NOTATION_LIBEXEC path + vhost.SetOption(AddPlugin(NotationE2EPluginPath)) + notation.Exec("key", "add", "plugin-key", "--id", "key1", "--plugin", "e2e-plugin", + "--plugin-config", string(CapabilityEnvelopeGenerator)+"=true", + "--plugin-config", TamperAnnotation+"=k1=v1"). + MatchKeyWords("plugin-key") + + vhost.UpdateEnv(map[string]string{"NOTATION_LIBEXEC": "/not/exist"}) + + // run signing + notation.ExpectFailure().Exec("sign", artifact.ReferenceWithDigest(), "--key", "plugin-key", "-d"). + MatchErrKeyWords("no such file or directory") + }) + }) + + It("correct NOTATION_LIBEXEC path", func() { + Host(BaseOptions(), func(notation *utils.ExecOpts, artifact *Artifact, vhost *utils.VirtualHost) { + // setup incorrect NOTATION_LIBEXEC path + vhost.SetOption(AddPlugin(NotationE2EPluginPath)) + notation.Exec("key", "add", "plugin-key", "--id", "key1", "--plugin", "e2e-plugin", + "--plugin-config", string(CapabilityEnvelopeGenerator)+"=true", + "--plugin-config", TamperAnnotation+"=k1=v1"). + MatchKeyWords("plugin-key") + + vhost.UpdateEnv(map[string]string{"NOTATION_LIBEXEC": vhost.AbsolutePath(NotationDirName)}) + + // run signing + notation.Exec("sign", artifact.ReferenceWithDigest(), "--key", "plugin-key", "-d"). + MatchKeyWords("Successfully signed") + }) + }) })