fermayo/generate-delegation-key.sh

## generate-delegation-key.sh
REPO="dockercloud/client-proxy"
alias notary='notary -s https://notary.docker.io -d ~/.docker/trust'

# First you need to import the root key for Docker Cloud
notary key import 70340602d65cb8b39db81ca680269d93272b0925e279ec171c0f33d165977405.key

# Create target key for $REPO
notary init docker.io/$REPO
notary key rotate docker.io/$REPO snapshot -r

# Generate a new delegation key
openssl genrsa -out delegation.key 2048
openssl req -new -sha256 -key delegation.key -out delegation.csr -subj "/C=US/ST=CA/L=San Francisco/O=Docker Inc/OU=Docker Cloud/CN=${REPO/\//_}"
openssl x509 -req -days 36500 -in delegation.csr -signkey delegation.key -out delegation.crt -sha256

# Add the key to the repo
notary delegation add docker.io/$REPO targets/releases delegation.crt --all-paths
notary publish docker.io/$REPO

# Import the key to notary
# Write down the key ID ($DELEGATION_KEY_ID) and the passphrase ($DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE)
notary key import delegation.key --role user

# Environment variables to set in the Docker Cloud build:
# $DOCKER_CONTENT_TRUST_DELEGATION_KEY = awk 1 ORS='\\n' <(notary key export --key $DELEGATION_KEY_ID)
# $DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE

## push
#!/bin/bash
# Place this script in hooks/push

if [ ! -z "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" ]; then
	echo "=> Using Notary to sign built image"
	mkdir -p /root/.docker/trust/private/tuf_keys
	echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" > /root/.docker/trust/private/$(echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" | grep path | awk '{print $2}').key
	DOCKER_CONTENT_TRUST=1 docker push $IMAGE_NAME
else
	docker push $IMAGE_NAME
fi
	REPO="dockercloud/client-proxy"
	alias notary='notary -s https://notary.docker.io -d ~/.docker/trust'

	# First you need to import the root key for Docker Cloud
	notary key import 70340602d65cb8b39db81ca680269d93272b0925e279ec171c0f33d165977405.key

	# Create target key for $REPO
	notary init docker.io/$REPO
	notary key rotate docker.io/$REPO snapshot -r

	# Generate a new delegation key
	openssl genrsa -out delegation.key 2048
	openssl req -new -sha256 -key delegation.key -out delegation.csr -subj "/C=US/ST=CA/L=San Francisco/O=Docker Inc/OU=Docker Cloud/CN=${REPO/\//_}"
	openssl x509 -req -days 36500 -in delegation.csr -signkey delegation.key -out delegation.crt -sha256

	# Add the key to the repo
	notary delegation add docker.io/$REPO targets/releases delegation.crt --all-paths
	notary publish docker.io/$REPO

	# Import the key to notary
	# Write down the key ID ($DELEGATION_KEY_ID) and the passphrase ($DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE)
	notary key import delegation.key --role user

	# Environment variables to set in the Docker Cloud build:
	# $DOCKER_CONTENT_TRUST_DELEGATION_KEY = awk 1 ORS='\\n' <(notary key export --key $DELEGATION_KEY_ID)
	# $DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE
	#!/bin/bash
	# Place this script in hooks/push

	if [ ! -z "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" ]; then
	echo "=> Using Notary to sign built image"
	mkdir -p /root/.docker/trust/private/tuf_keys
	echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" > /root/.docker/trust/private/$(echo -e "$DOCKER_CONTENT_TRUST_DELEGATION_KEY" \| grep path \| awk '{print $2}').key
	DOCKER_CONTENT_TRUST=1 docker push $IMAGE_NAME
	else
	docker push $IMAGE_NAME
	fi