fix flag descriptions for content-trust

Commit ed13c3abfb242905ec012e8255dc6f26dcf122f6 added flags
for Docker Content Trust. Depending on the `verify` boolean,
the message is "Skip image verification", or "Skip image signing".
"Signing" is intended for `docker push` / `docker plugin push`.

During the migration to Cobra, this boolean got flipped for
`docker push` (9640e3a4514f96a890310757a09fd77a3c70e931),
causing `docker push` to show the incorrect flag description.

This patch changes the flags to use the correct description
for `docker push`, and `docker plugin push`.

To prevent this confusion in future, the boolean argument
is removed, and a `AddTrustSigningFlags()` function is added.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

cli/command/container/create.go

@@ -52,7 +52,7 @@ func NewCreateCommand(dockerCli *command.DockerCli) *cobra.Command {
 	// with hostname
 	flags.Bool("help", false, "Print usage")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	copts = addFlags(flags)
 	return cmd
 }

cli/command/container/run.go

@@ -61,7 +61,7 @@ func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command {
 	// with hostname
 	flags.Bool("help", false, "Print usage")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 	copts = addFlags(flags)
 	return cmd
 }

cli/command/image/build.go

@@ -108,7 +108,7 @@ func NewBuildCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.StringSliceVar(&options.securityOpt, "security-opt", []string{}, "Security options")
 	flags.StringVar(&options.networkMode, "network", "default", "Set the networking mode for the RUN instructions during build")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 
 	flags.BoolVar(&options.squash, "squash", false, "Squash newly built layers into a single new layer")
 	flags.SetAnnotation("squash", "experimental", nil)

cli/command/image/pull.go

@@ -36,7 +36,7 @@ func NewPullCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags := cmd.Flags()
 
 	flags.BoolVarP(&opts.all, "all-tags", "a", false, "Download all tagged images in the repository")
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 
 	return cmd
 }

cli/command/image/push.go

@@ -24,7 +24,7 @@ func NewPushCommand(dockerCli *command.DockerCli) *cobra.Command {
 
 	flags := cmd.Flags()
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustSigningFlags(flags)
 
 	return cmd
 }

cli/command/plugin/install.go

@@ -47,7 +47,7 @@ func newInstallCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags.BoolVar(&options.disable, "disable", false, "Do not enable the plugin on install")
 	flags.StringVar(&options.alias, "alias", "", "Local name for plugin")
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustVerificationFlags(flags)
 
 	return cmd
 }

cli/command/plugin/push.go

@@ -26,7 +26,7 @@ func newPushCommand(dockerCli *command.DockerCli) *cobra.Command {
 
 	flags := cmd.Flags()
 
-	command.AddTrustedFlags(flags, true)
+	command.AddTrustSigningFlags(flags)
 
 	return cmd
 }

cli/command/trust.go

@@ -12,13 +12,20 @@ var (
 	untrusted bool
 )
 
-// AddTrustedFlags adds content trust flags to the current command flagset
-func AddTrustedFlags(fs *pflag.FlagSet, verify bool) {
-	trusted, message := setupTrustedFlag(verify)
-	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, message)
+// AddTrustVerificationFlags adds content trust flags to the provided flagset
+func AddTrustVerificationFlags(fs *pflag.FlagSet) {
+	trusted := getDefaultTrustState()
+	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image verification")
 }
 
-func setupTrustedFlag(verify bool) (bool, string) {
+// AddTrustSigningFlags adds "signing" flags to the provided flagset
+func AddTrustSigningFlags(fs *pflag.FlagSet) {
+	trusted := getDefaultTrustState()
+	fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image signing")
+}
+
+// getDefaultTrustState returns true if content trust is enabled through the $DOCKER_CONTENT_TRUST environment variable.
+func getDefaultTrustState() bool {
 	var trusted bool
 	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
 		if t, err := strconv.ParseBool(e); t || err != nil {
@@ -26,14 +33,11 @@ func setupTrustedFlag(verify bool) (bool, string) {
 			trusted = true
 		}
 	}
-	message := "Skip image signing"
-	if verify {
-		message = "Skip image verification"
-	}
-	return trusted, message
+	return trusted
 }
 
-// IsTrusted returns true if content trust is enabled
+// IsTrusted returns true if content trust is enabled, either through the $DOCKER_CONTENT_TRUST environment variable,
+// or through `--disabled-content-trust=false` on a command.
 func IsTrusted() bool {
 	return !untrusted
 }

docs/reference/commandline/plugin_push.md

@@ -14,12 +14,13 @@ keywords: "plugin, push"
 -->
 
 ```markdown
-Usage:  docker plugin push PLUGIN[:TAG]
+Usage:	docker plugin push PLUGIN[:TAG]
 
 Push a plugin to a registry
 
 Options:
-      --help       Print usage
+      --disable-content-trust   Skip image signing (default true)
+      --help                    Print usage
 ```
 
 Use `docker plugin create` to create the plugin. Once the plugin is ready for distribution,

docs/reference/commandline/push.md

@@ -21,7 +21,7 @@ Usage:  docker push [OPTIONS] NAME[:TAG]
 Push an image or a repository to a registry
 
 Options:
-      --disable-content-trust   Skip image verification (default true)
+      --disable-content-trust   Skip image signing (default true)
       --help                    Print usage
 ```