Notary init without '-s' panics

[rikatz]

Doing some tests here with notary (following this: https://docs.docker.com/notary/advanced_usage/) I've noticed that, when I forget to pass the '-s' argument the client panics, as the following:

$ notary init docker.io/rpkatz/nginx
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime.throw(0x9ae407, 0x2a)
       /usr/local/go/src/runtime/panic.go:566 +0x95
runtime.sigpanic()
       /usr/local/go/src/runtime/sigpanic_unix.go:12 +0x2cc

goroutine 10 [syscall, locked to thread]:
runtime.cgocall(0x8024b0, 0xc4200215f8, 0xc400000000)
       /usr/local/go/src/runtime/cgocall.go:131 +0x110 fp=0xc4200215b0 sp=0xc420021570
net._C2func_getaddrinfo(0x1204d40, 0x0, 0xc4202b0c00, 0xc4200223d0, 0x0, 0x0, 0x0)
       ??:0 +0x68 fp=0xc4200215f8 sp=0xc4200215b0
net.cgoLookupIPCNAME(0xc420255088, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
       /usr/local/go/src/net/cgo_unix.go:146 +0x37c fp=0xc420021718 sp=0xc4200215f8
net.cgoIPLookup(0xc42020d7a0, 0xc420255088, 0xd)
       /usr/local/go/src/net/cgo_unix.go:198 +0x4d fp=0xc4200217a8 sp=0xc420021718
runtime.goexit()
       /usr/local/go/src/runtime/asm_amd64.s:2086 +0x1 fp=0xc4200217b0 sp=0xc4200217a8
created by net.cgoLookupIP
       /usr/local/go/src/net/cgo_unix.go:208 +0xb4

goroutine 1 [select]:
net/http.(*Transport).getConn(0xc4200b6870, 0xc420255120, 0x0, 0xc420255080, 0x5, 0xc420255088, 0x12, 0x0, 0x0, 0x9504c0)
       /usr/local/go/src/net/http/transport.go:890 +0x9cc
net/http.(*Transport).RoundTrip(0xc4200b6870, 0xc4200b6b40, 0xc4200b6b40, 0xc4202b0630, 0xc42024ae80)
       /usr/local/go/src/net/http/transport.go:367 +0x307
github.com/docker/notary/vendor/github.com/docker/distribution/registry/client/transport.(*transport).RoundTrip(0xc42024ae40, 0xc4200b6a50, 0xc42024ae40, 0xecfadbeea, 0xc41cd73c0d)
       /go/src/github.com/docker/notary/vendor/github.com/docker/distribution/registry/client/transport/transport.go:62 +0x106
net/http.send(0xc4200b6960, 0xe04160, 0xc42024ae40, 0xecfadbeea, 0x1cd73c0d, 0xe27900, 0x8, 0xc4200223a8, 0x42c2a8)
       /usr/local/go/src/net/http/client.go:256 +0x15f
net/http.(*Client).send(0xc4201a5930, 0xc4200b6960, 0xecfadbeea, 0x1cd73c0d, 0xe27900, 0xc4200223a8, 0x0, 0x1)
       /usr/local/go/src/net/http/client.go:146 +0x102
net/http.(*Client).doFollowingRedirects(0xc4201a5930, 0xc4200b6960, 0x9e6c88, 0x3, 0x1, 0xc420255080)
       /usr/local/go/src/net/http/client.go:528 +0x5e5
net/http.(*Client).Do(0xc4201a5930, 0xc4200b6960, 0xc420255080, 0x1e, 0x0)
       /usr/local/go/src/net/http/client.go:184 +0x1ea
main.tokenAuth(0x9a43f2, 0x1a, 0xc4200b6870, 0x7ffdd58f57fd, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0)
       /go/src/github.com/docker/notary/cmd/notary/tuf.go:889 +0x433
main.getTransport(0xc4200bd520, 0x7ffdd58f57fd, 0x16, 0x1, 0x8f0820, 0xc42027ec5b, 0xc4201a5aff, 0xc4201a5b18)
       /go/src/github.com/docker/notary/cmd/notary/tuf.go:861 +0x4f4
main.(*tufCommander).tufInit(0xc4200e3ef0, 0xc4202ab000, 0xc42027ec60, 0x1, 0x1, 0x0, 0x0)
       /go/src/github.com/docker/notary/cmd/notary/tuf.go:390 +0xc9
main.(*tufCommander).(main.tufInit)-fm(0xc4202ab000, 0xc42027ec60, 0x1, 0x1, 0x0, 0x0)
       /go/src/github.com/docker/notary/cmd/notary/tuf.go:131 +0x52
github.com/docker/notary/vendor/github.com/spf13/cobra.(*Command).execute(0xc4202ab000, 0xc42027ec00, 0x1, 0x1, 0xc4202ab000, 0xc42027ec00)
       /go/src/github.com/docker/notary/vendor/github.com/spf13/cobra/command.go:561 +0x20c
github.com/docker/notary/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc4200b9200, 0x0, 0x0, 0x0)
       /go/src/github.com/docker/notary/vendor/github.com/spf13/cobra/command.go:651 +0x367
github.com/docker/notary/vendor/github.com/spf13/cobra.(*Command).Execute(0xc4200b9200, 0xc4200b9200, 0xffffffffffffffff)
       /go/src/github.com/docker/notary/vendor/github.com/spf13/cobra/command.go:610 +0x2b
main.main()
       /go/src/github.com/docker/notary/cmd/notary/main.go:200 +0x82

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
       /usr/local/go/src/runtime/asm_amd64.s:2086 +0x1

goroutine 5 [syscall]:
os/signal.signal_recv(0x0)
       /usr/local/go/src/runtime/sigqueue.go:116 +0x157
os/signal.loop()
       /usr/local/go/src/os/signal/signal_unix.go:22 +0x22
created by os/signal.init.1
       /usr/local/go/src/os/signal/signal_unix.go:28 +0x41

goroutine 7 [select]:
net/http.setRequestCancel.func4(0x0, 0xc4202b0630, 0xc42024ae80, 0xc42020d320)
       /usr/local/go/src/net/http/client.go:329 +0x15a
created by net/http.setRequestCancel
       /usr/local/go/src/net/http/client.go:337 +0x29f

goroutine 8 [select]:
net.lookupIPContext(0xe0a720, 0xc42020d6e0, 0xc420255088, 0xd, 0x0, 0x0, 0x0, 0x0, 0x9cb16c57090)
       /usr/local/go/src/net/lookup.go:122 +0x7bc
net.internetAddrList(0xe0a720, 0xc42020d6e0, 0x99546f, 0x3, 0xc420255088, 0x12, 0x0, 0x0, 0x0, 0xecfadbee5, ...)
       /usr/local/go/src/net/ipsock.go:241 +0x5e0
net.resolveAddrList(0xe0a720, 0xc42020d6e0, 0x99596d, 0x4, 0x99546f, 0x3, 0xc420255088, 0x12, 0x0, 0x0, ...)
       /usr/local/go/src/net/dial.go:179 +0x106
net.(*Dialer).DialContext(0xc4201dcaf0, 0xe0a6e0, 0xc42000e4d8, 0x99546f, 0x3, 0xc420255088, 0x12, 0x0, 0x0, 0x0, ...)
       /usr/local/go/src/net/dial.go:329 +0x238
net.(*Dialer).Dial(0xc4201dcaf0, 0x99546f, 0x3, 0xc420255088, 0x12, 0xe288c0, 0x10, 0x100, 0x100)
       /usr/local/go/src/net/dial.go:282 +0x75
net.(*Dialer).Dial-fm(0x99546f, 0x3, 0xc420255088, 0x12, 0x60, 0x0, 0xc42027f101, 0xc42020d620)
       /go/src/github.com/docker/notary/cmd/notary/tuf.go:855 +0x52
net/http.(*Transport).dial(0xc4200b6870, 0xe0a6e0, 0xc42000e4d8, 0x99546f, 0x3, 0xc420255088, 0x12, 0x0, 0x0, 0x0, ...)
       /usr/local/go/src/net/http/transport.go:829 +0x7b
net/http.(*Transport).dialConn(0xc4200b6870, 0xe0a6e0, 0xc42000e4d8, 0x0, 0xc420255080, 0x5, 0xc420255088, 0x12, 0x0, 0x0, ...)
       /usr/local/go/src/net/http/transport.go:967 +0x1a86
net/http.(*Transport).getConn.func4(0xc4200b6870, 0xe0a6e0, 0xc42000e4d8, 0xc4202b06c0, 0xc42020d3e0)
       /usr/local/go/src/net/http/transport.go:885 +0x78
created by net/http.(*Transport).getConn
       /usr/local/go/src/net/http/transport.go:887 +0x3a1

goroutine 9 [select]:
net.cgoLookupIP(0xe0a720, 0xc42020d6e0, 0xc420255088, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
       /usr/local/go/src/net/cgo_unix.go:209 +0x2f5
net.lookupIP(0xe0a720, 0xc42020d6e0, 0xc420255088, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0)
       /usr/local/go/src/net/lookup_unix.go:70 +0xf9
net.glob..func11(0xe0a720, 0xc42020d6e0, 0x9e6b10, 0xc420255088, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0)
       /usr/local/go/src/net/hook.go:19 +0x52
net.lookupIPContext.func1(0xc420021788, 0x593948, 0xc4200b6870, 0xe0a6e0)
       /usr/local/go/src/net/lookup.go:119 +0x5c
internal/singleflight.(*Group).doCall(0xe26a10, 0xc4201dcc30, 0xc420255088, 0xd, 0xc4202b07b0)
       /usr/local/go/src/internal/singleflight/singleflight.go:93 +0x3c
created by internal/singleflight.(*Group).DoChan
       /usr/local/go/src/internal/singleflight/singleflight.go:86 +0x339

Using the command with the '-s' argumment works fine. Probably notary should not panic, but print an error message and exit, right?

Thanks!

[HuKeping]

Properly not a duplicate #1016

[HuKeping]

@rikatz Could you please post the output of notary version and notary --debug init docker.io/rpkatz/nginx here, thanks.

[rikatz]

Sure:

# notary version
notary
 Version:    0.4.2
 Git commit: c8aa8cf

# notary --debug init docker.io/rpkatz/nginx
DEBU[0000] Configuration file not found, using defaults
DEBU[0000] Using the following trust directory: /root/.notary
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x0]

runtime stack:
runtime.throw(0x9ae407, 0x2a)
        /usr/local/go/src/runtime/panic.go:566 +0x95
runtime.sigpanic()
        /usr/local/go/src/runtime/sigpanic_unix.go:12 +0x2cc

goroutine 10 [syscall, locked to thread]:
runtime.cgocall(0x8024b0, 0xc4200235f8, 0xc400000000)
        /usr/local/go/src/runtime/cgocall.go:131 +0x110 fp=0xc4200235b0 sp=0xc420023570
net._C2func_getaddrinfo(0x18d5d40, 0x0, 0xc4202b4c90, 0xc4200243d0, 0x0, 0x0, 0x0)
        ??:0 +0x68 fp=0xc4200235f8 sp=0xc4200235b0
net.cgoLookupIPCNAME(0xc420259168, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/cgo_unix.go:146 +0x37c fp=0xc420023718 sp=0xc4200235f8
net.cgoIPLookup(0xc4202117a0, 0xc420259168, 0xd)
        /usr/local/go/src/net/cgo_unix.go:198 +0x4d fp=0xc4200237a8 sp=0xc420023718
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:2086 +0x1 fp=0xc4200237b0 sp=0xc4200237a8
created by net.cgoLookupIP
        /usr/local/go/src/net/cgo_unix.go:208 +0xb4

goroutine 1 [select]:
net/http.(*Transport).getConn(0xc4200b6870, 0xc420259200, 0x0, 0xc420259160, 0x5, 0xc420259168, 0x12, 0x0, 0x0, 0x9504c0)
        /usr/local/go/src/net/http/transport.go:890 +0x9cc
net/http.(*Transport).RoundTrip(0xc4200b6870, 0xc4200b6b40, 0xc4200b6b40, 0xc4202b46f0, 0xc420245040)
        /usr/local/go/src/net/http/transport.go:367 +0x307
github.com/docker/notary/vendor/github.com/docker/distribution/registry/client/transport.(*transport).RoundTrip(0xc420245000, 0xc4200b6a50, 0xc420245000, 0xecfade931, 0xc4213932ca)
        /go/src/github.com/docker/notary/vendor/github.com/docker/distribution/registry/client/transport/transport.go:62 +0x106
net/http.send(0xc4200b6960, 0xe04160, 0xc420245000, 0xecfade931, 0x213932ca, 0xe27900, 0x8, 0xc4200243a8, 0x42c2a8)
        /usr/local/go/src/net/http/client.go:256 +0x15f
net/http.(*Client).send(0xc4201a9930, 0xc4200b6960, 0xecfade931, 0x213932ca, 0xe27900, 0xc4200243a8, 0x0, 0x1)
        /usr/local/go/src/net/http/client.go:146 +0x102
net/http.(*Client).doFollowingRedirects(0xc4201a9930, 0xc4200b6960, 0x9e6c88, 0x3, 0x1, 0xc420259160)
        /usr/local/go/src/net/http/client.go:528 +0x5e5
net/http.(*Client).Do(0xc4201a9930, 0xc4200b6960, 0xc420259160, 0x1e, 0x0)
        /usr/local/go/src/net/http/client.go:184 +0x1ea
main.tokenAuth(0x9a43f2, 0x1a, 0xc4200b6870, 0x7ffde729b7a2, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/docker/notary/cmd/notary/tuf.go:889 +0x433
main.getTransport(0xc4200bf790, 0x7ffde729b7a2, 0x16, 0x1, 0x8f0820, 0xc420284c4b, 0xc4201a9aff, 0xc4201a9b18)
        /go/src/github.com/docker/notary/cmd/notary/tuf.go:861 +0x4f4
main.(*tufCommander).tufInit(0xc4200e58c0, 0xc4202b1000, 0xc420258d20, 0x1, 0x2, 0x0, 0x0)
        /go/src/github.com/docker/notary/cmd/notary/tuf.go:390 +0xc9
main.(*tufCommander).(main.tufInit)-fm(0xc4202b1000, 0xc420258d20, 0x1, 0x2, 0x0, 0x0)
        /go/src/github.com/docker/notary/cmd/notary/tuf.go:131 +0x52
github.com/docker/notary/vendor/github.com/spf13/cobra.(*Command).execute(0xc4202b1000, 0xc420258be0, 0x2, 0x2, 0xc4202b1000, 0xc420258be0)
        /go/src/github.com/docker/notary/vendor/github.com/spf13/cobra/command.go:561 +0x20c
github.com/docker/notary/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc4200bb200, 0x0, 0x0, 0x0)
        /go/src/github.com/docker/notary/vendor/github.com/spf13/cobra/command.go:651 +0x367
github.com/docker/notary/vendor/github.com/spf13/cobra.(*Command).Execute(0xc4200bb200, 0xc4200bb200, 0xffffffffffffffff)
        /go/src/github.com/docker/notary/vendor/github.com/spf13/cobra/command.go:610 +0x2b
main.main()
        /go/src/github.com/docker/notary/cmd/notary/main.go:200 +0x82

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
        /usr/local/go/src/runtime/asm_amd64.s:2086 +0x1

goroutine 5 [syscall]:
os/signal.signal_recv(0x0)
        /usr/local/go/src/runtime/sigqueue.go:116 +0x157
os/signal.loop()
        /usr/local/go/src/os/signal/signal_unix.go:22 +0x22
created by os/signal.init.1
        /usr/local/go/src/os/signal/signal_unix.go:28 +0x41

goroutine 7 [select]:
net/http.setRequestCancel.func4(0x0, 0xc4202b46f0, 0xc420245040, 0xc420211320)
        /usr/local/go/src/net/http/client.go:329 +0x15a
created by net/http.setRequestCancel
        /usr/local/go/src/net/http/client.go:337 +0x29f

goroutine 8 [select]:
net.lookupIPContext(0xe0a720, 0xc4202116e0, 0xc420259168, 0xd, 0x0, 0x0, 0x0, 0x0, 0x5d46da27a9a)
        /usr/local/go/src/net/lookup.go:122 +0x7bc
net.internetAddrList(0xe0a720, 0xc4202116e0, 0x99546f, 0x3, 0xc420259168, 0x12, 0x0, 0x0, 0x0, 0xecfade92c, ...)
        /usr/local/go/src/net/ipsock.go:241 +0x5e0
net.resolveAddrList(0xe0a720, 0xc4202116e0, 0x99596d, 0x4, 0x99546f, 0x3, 0xc420259168, 0x12, 0x0, 0x0, ...)
        /usr/local/go/src/net/dial.go:179 +0x106
net.(*Dialer).DialContext(0xc4201e0b90, 0xe0a6e0, 0xc4200104c8, 0x99546f, 0x3, 0xc420259168, 0x12, 0x0, 0x0, 0x0, ...)
        /usr/local/go/src/net/dial.go:329 +0x238
net.(*Dialer).Dial(0xc4201e0b90, 0x99546f, 0x3, 0xc420259168, 0x12, 0xe288c0, 0x10, 0x100, 0x100)
        /usr/local/go/src/net/dial.go:282 +0x75
net.(*Dialer).Dial-fm(0x99546f, 0x3, 0xc420259168, 0x12, 0x60, 0x0, 0xc420285101, 0xc420211620)
        /go/src/github.com/docker/notary/cmd/notary/tuf.go:855 +0x52
net/http.(*Transport).dial(0xc4200b6870, 0xe0a6e0, 0xc4200104c8, 0x99546f, 0x3, 0xc420259168, 0x12, 0x0, 0x0, 0x0, ...)
        /usr/local/go/src/net/http/transport.go:829 +0x7b
net/http.(*Transport).dialConn(0xc4200b6870, 0xe0a6e0, 0xc4200104c8, 0x0, 0xc420259160, 0x5, 0xc420259168, 0x12, 0x0, 0x0, ...)
        /usr/local/go/src/net/http/transport.go:967 +0x1a86
net/http.(*Transport).getConn.func4(0xc4200b6870, 0xe0a6e0, 0xc4200104c8, 0xc4202b4780, 0xc4202113e0)
        /usr/local/go/src/net/http/transport.go:885 +0x78
created by net/http.(*Transport).getConn
        /usr/local/go/src/net/http/transport.go:887 +0x3a1

goroutine 9 [select]:
net.cgoLookupIP(0xe0a720, 0xc4202116e0, 0xc420259168, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/cgo_unix.go:209 +0x2f5
net.lookupIP(0xe0a720, 0xc4202116e0, 0xc420259168, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/lookup_unix.go:70 +0xf9
net.glob..func11(0xe0a720, 0xc4202116e0, 0x9e6b10, 0xc420259168, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/local/go/src/net/hook.go:19 +0x52
net.lookupIPContext.func1(0xc420023788, 0x593948, 0xc4200b6870, 0xe0a6e0)
        /usr/local/go/src/net/lookup.go:119 +0x5c
internal/singleflight.(*Group).doCall(0xe26a10, 0xc4201e0cd0, 0xc420259168, 0xd, 0xc4202b4840)
        /usr/local/go/src/internal/singleflight/singleflight.go:93 +0x3c
created by internal/singleflight.(*Group).DoChan
        /usr/local/go/src/internal/singleflight/singleflight.go:86 +0x339

[HuKeping]

It seems like also build with pkcs11 @riyazdf

[riyazdf]

@rikatz: sorry to hear you're running into this - which notary binary are you using (linux/mac/built on your own)? I'm unable to repro on mac, so I'm wondering if it's a linux issue. Also, do you have any existing configuration in ~/.notary?

@HuKeping: where do you see the pkcs11 build information? It seems like this is a panic we're picking up through our own getTransport code, docker/distribution, and net/http from this part of the trace:

net/http.(*Transport).RoundTrip(0xc4200b6870, 0xc4200b6b40, 0xc4200b6b40, 0xc4202b46f0, 0xc420245040)
        /usr/local/go/src/net/http/transport.go:367 +0x307
github.com/docker/notary/vendor/github.com/docker/distribution/registry/client/transport.(*transport).RoundTrip(0xc420245000, 0xc4200b6a50, 0xc420245000, 0xecfade931, 0xc4213932ca)
        /go/src/github.com/docker/notary/vendor/github.com/docker/distribution/registry/client/transport/transport.go:62 +0x106
net/http.send(0xc4200b6960, 0xe04160, 0xc420245000, 0xecfade931, 0x213932ca, 0xe27900, 0x8, 0xc4200243a8, 0x42c2a8)
        /usr/local/go/src/net/http/client.go:256 +0x15f
net/http.(*Client).send(0xc4201a9930, 0xc4200b6960, 0xecfade931, 0x213932ca, 0xe27900, 0xc4200243a8, 0x0, 0x1)
        /usr/local/go/src/net/http/client.go:146 +0x102
net/http.(*Client).doFollowingRedirects(0xc4201a9930, 0xc4200b6960, 0x9e6c88, 0x3, 0x1, 0xc420259160)
        /usr/local/go/src/net/http/client.go:528 +0x5e5
net/http.(*Client).Do(0xc4201a9930, 0xc4200b6960, 0xc420259160, 0x1e, 0x0)
        /usr/local/go/src/net/http/client.go:184 +0x1ea
main.tokenAuth(0x9a43f2, 0x1a, 0xc4200b6870, 0x7ffde729b7a2, 0x16, 0x1, 0x0, 0x0, 0x0, 0x0)
        /go/src/github.com/docker/notary/cmd/notary/tuf.go:889 +0x433

[HuKeping]

it seems like this is a panic we're picking up through our own getTransport code, docker/distribution, and net/http from this part of the trace:

Hi @riyazdf I suppose you get it from the trace of goroutine 1, but it seems golang will print out the trace of all the goroutines if panic happen. Hope I didn't missing anything , it seems OK to me abou the goroutine 1

where do you see the pkcs11 build information?

I'm not very certain about that , but everytime I typed notary --debug XXX , it will debug like

DEBU[0000] Configuration file not found, using defaults 
DEBU[0000] Using the following trust directory: /home/hukeping/.notary 
DEBU[0000] No yubikey found, using alternative key storage: no library found 

which there is not such a message about ... no library found on @rikatz 's log.

[rikatz]

@riyazdf I'm using the binary version for Linux/AMD64, and running on a CentOS 7.2.1511

I've tested on a fresh install Linux here (without the .notary directory) and the error happens.

Note that when I use the correct command (./notary-Linux-amd64 --debug init -s "https://notary.docker.io" docker.io/rpkatz/nginx) the command goes well:

./notary-Linux-amd64 --debug init -s "https://notary.docker.io" docker.io/rpkatz/nginx
DEBU[0000] Configuration file not found, using defaults 
DEBU[0000] Using the following trust directory: /root/.notary 
DEBU[0002] No yubikey found, using alternative key storage: no library found 
DEBU[0002] No yubikey found, using alternative key storage: no library found 
No root keys found. Generating a new root key...
DEBU[0002] generated ECDSA key with keyID: 7d08d9054b75f96e701e5483fd677c066bb83baf45a272a57c948c52a73b1751 
DEBU[0002] generated new ecdsa key for role: root and keyID: 7d08d9054b75f96e701e5483fd677c066bb83baf45a272a57c948c52a73b1751 
DEBU[0002] No yubikey found, using alternative key storage: no library found 
You are about to create a new root signing key passphrase. This passphrase
will be used to protect the most sensitive key in your signing system. Please
choose a long, complex passphrase and be careful to keep the password and the
key file itself secure and backed up. It is highly recommended that you use a
password manager to generate the passphrase and keep it safe. There will be no
way to recover this key. You can find the key in your config directory.
Enter passphrase for new root key with ID 7d08d90: 

[riyazdf]

@rikatz: thanks for the information, I'm able to repro. The default value for the server is -s https://notary-server:4443, and the panic occurs for that value too if you provide it explicitly. I'll dig into this more and report back with any findings/fixes.

It seems that this is an issue with how cgo is looking up hosts without TLDs. For example you'll get the same panic with https://google, and you won't get it with https://notary.server. It seems that the v0.3 linux release also had this issue (though v0.2 does not).

[HuKeping]

@riyazdf how to repro that

[riyazdf]

@HuKeping: I downloaded the linux binary from our releases page to a fresh Ubuntu 16.04 box, and tried a notary list docker.io/library/nginx without starting up a notary server.

The panic is not unique to the init command, since we use https://notary-server:4443 as the default notary server url for all commands if you don't provide one with -s. I wasn't able to find the root cause of this issue just yet, but I suspect we had a vendoring of a new version of distribution or cgo.

[riyazdf]

Ok it seems to be cgo related: when I disable it on the cross build CGO_ENABLED=0, I don't get the error.

# ./notary-cgo-disabled list docker.io/library/nginx

* fatal: client is offline

I'm not sure how to move forward with this; I'm playing with different flags to disable parts of cgo for networking (ex: GODEBUG=netdns=go) but haven't found a fix yet.

[riyazdf]

Fix released in v0.4.3 and patch is carried to master