6 "github.com/docker/notary/client/changelist"
7 "github.com/docker/notary/tuf"
8 "github.com/docker/notary/tuf/data"
11 // Witness creates change objects to witness (i.e. re-sign) the given
12 // roles on the next publish. One change is created per role
13 func (r *NotaryRepository) Witness(roles ...string) ([]string, error) {
14 cl, err := changelist.NewFileChangelist(filepath.Join(r.tufRepoPath, "changelist"))
20 successful := make([]string, 0, len(roles))
21 for _, role := range roles {
23 c := changelist.NewTUFChange(
24 changelist.ActionUpdate,
26 changelist.TypeWitness,
34 successful = append(successful, role)
36 return successful, err
39 func witnessTargets(repo *tuf.Repo, invalid *tuf.Repo, role string) error {
40 if r, ok := repo.Targets[role]; ok {
41 // role is already valid, mark for re-signing/updating
46 if roleObj, err := repo.GetDelegationRole(role); err == nil && invalid != nil {
47 // A role with a threshold > len(keys) is technically invalid, but we let it build in the builder because
48 // we want to be able to download the role (which may still have targets on it), add more keys, and then
49 // witness the role, thus bringing it back to valid. However, if no keys have been added before witnessing,
50 // then it is still an invalid role, and can't be witnessed because nothing can bring it back to valid.
51 if roleObj.Threshold > len(roleObj.Keys) {
52 return data.ErrInvalidRole{
54 Reason: "role does not specify enough valid signing keys to meet its required threshold",
57 if r, ok := invalid.Targets[role]; ok {
58 // role is recognized but invalid, move to valid data and mark for re-signing
59 repo.Targets[role] = r
64 // role isn't recognized, even as invalid
65 return data.ErrInvalidRole{
67 Reason: "this role is not known",