notary: delegation roles doesn't publish successfully

There is a targets role which has three delegations roles targets/distribution, targets/docker, targets/notary under the GUN huawei.com:

$ notary delegation list huawei.com

          ROLE                    PATHS                                        KEY IDS                                THRESHOLD  
---------------------------------------------------------------------------------------------------------------------------------
  targets/distribution   huawei.com/distribution   bcfe06daf6db5916baa4f1389e32ebf282c17593f0b67e996fb46b4714fe99cd   1          
  targets/docker         huawei.com/docker         fff2024979a5282ca697b3b231f87499fbe8082cc2be7555329aa5d1bead5007   1          
  targets/notary         huawei.com/notary         6f5c271304f639c25df19b2da725d876ab04e62525cece6a01050c8cee15e4ff   1

After I publish content(the README.MD of each repo) with delegation roles respectively , I get:

$ notary list huawei.com

               NAME                                             DIGEST                                SIZE (BYTES)           ROLE          
-------------------------------------------------------------------------------------------------------------------------------------------
  huawei.com/distribution/readme   d28f42179340667755eb8ae29101437ce5c60cec099d8d4820e4f4dd67b663f1   4984           targets/distribution  
  huawei.com/docker/readme         495cefcebf8b2ed4de71a4e54f2b11c2533114fe9e884dc1be4502ac2ba6d7de   13755          targets/docker        
  huawei.com/notary/readme         9d9e890af64dd0f44b8a1538ff5fa0511cc31bf1ab89f3a3522a9a581a70fad8   6563           targets/notary

Then I publish the huawei.com/docker/readme with the targets role, which I get:

$ notary list huawei.com

               NAME                                             DIGEST                                SIZE (BYTES)           ROLE          
-------------------------------------------------------------------------------------------------------------------------------------------
  huawei.com/distribution/readme   d28f42179340667755eb8ae29101437ce5c60cec099d8d4820e4f4dd67b663f1   4984           targets/distribution  
  huawei.com/docker/readme         495cefcebf8b2ed4de71a4e54f2b11c2533114fe9e884dc1be4502ac2ba6d7de   13755          targets               
  huawei.com/notary/readme         9d9e890af64dd0f44b8a1538ff5fa0511cc31bf1ab89f3a3522a9a581a70fad8   6563           targets/notary

Notice that the ROLE has changed from targets/docker to targets which I suppose is as expected since it was published by the targets role.

And here comes the problem, when I re-published it with the targets/docker role, the publishing process seems successfully(at least no error shown out), but the result was not expected.

$ notary list huawei.com

               NAME                                             DIGEST                                SIZE (BYTES)           ROLE          
-------------------------------------------------------------------------------------------------------------------------------------------
  huawei.com/distribution/readme   d28f42179340667755eb8ae29101437ce5c60cec099d8d4820e4f4dd67b663f1   4984           targets/distribution  
  huawei.com/docker/readme         495cefcebf8b2ed4de71a4e54f2b11c2533114fe9e884dc1be4502ac2ba6d7de   13755          targets               
  huawei.com/notary/readme         9d9e890af64dd0f44b8a1538ff5fa0511cc31bf1ab89f3a3522a9a581a70fad8   6563           targets/notary

The ROLE is still targets not targets/docker and of course the DIGEST remains the same as well.

Is this intended or something wrong happened?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 18 (18 by maintainers)

Most upvoted comments

I’m interested with both and going to extend verify with flag --role first.

+1
HuKeping on Jul 27, 2016
Read more comments on GitHub
← notary: Debugging "no valid signing keys for delegation roles" error
notary: Error establishing connection to trust repository →