docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove symlinks from notary-client repo creation 

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2015-10-21 14:21:10 -07:00
parent efb71c9ef1
commit 402c704798
2 changed files with 11 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
client/client.go
View File

@ -23,6 +23,7 @@ import (
"github.com/endophage/gotuf/keys" "github.com/endophage/gotuf/keys"
"github.com/endophage/gotuf/signed" "github.com/endophage/gotuf/signed"
"github.com/endophage/gotuf/store" "github.com/endophage/gotuf/store"
tufutils "github.com/endophage/gotuf/utils"
) )
const maxSize = 5 << 20 const maxSize = 5 << 20
@ -162,15 +163,6 @@ func (r *NotaryRepository) Initialize(uCryptoService *cryptoservice.UnlockedCryp
// Generate a x509Key using the rootCert as the public key // Generate a x509Key using the rootCert as the public key
rootKey := data.NewPublicKey(algorithmType, trustmanager.CertToPEM(rootCert)) rootKey := data.NewPublicKey(algorithmType, trustmanager.CertToPEM(rootCert))
// Creates a symlink between the certificate ID and the real public key it
// is associated with. This is used to be able to retrieve the root private key
// associated with a particular certificate
logrus.Debugf("Linking %s to %s.", rootKey.ID(), uCryptoService.ID())
err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID()+"_root", rootKey.ID()+"_root")
if err != nil {
return err
}
// All the timestamp keys are generated by the remote server. // All the timestamp keys are generated by the remote server.
remote, err := getRemoteStore(r.baseURL, r.gun, r.roundTrip) remote, err := getRemoteStore(r.baseURL, r.gun, r.roundTrip)
if err != nil { if err != nil {
@ -400,7 +392,16 @@ func (r *NotaryRepository) Publish() error {
return err return err
} }
rootKeyID := r.tufRepo.Root.Signed.Roles["root"].KeyIDs[0] rootKeyID := r.tufRepo.Root.Signed.Roles["root"].KeyIDs[0]
rootCryptoService, err := r.KeyStoreManager.GetRootCryptoService(rootKeyID) rootKey, ok := r.tufRepo.Root.Signed.Keys[rootKeyID]
if !ok {
return errors.New(
"Root was signed with %s, which is not in its list of keys.")
}
canonicalRootID, err := tufutils.CanonicalKeyID(rootKey)
if err != nil {
return err
}
rootCryptoService, err := r.KeyStoreManager.GetRootCryptoService(canonicalRootID)
if err != nil { if err != nil {
return err return err
} }

7
client/client_test.go
View File

@ -108,19 +108,12 @@ func testInitRepo(t *testing.T, rootType data.KeyAlgorithm) {
_, err = os.Stat(filepath.Join(tempBaseDir, "private", "root_keys", rootKeyFilename)) _, err = os.Stat(filepath.Join(tempBaseDir, "private", "root_keys", rootKeyFilename))
assert.NoError(t, err, "missing root key") assert.NoError(t, err, "missing root key")
// Also expect a symlink from the key ID of the certificate key to this
// root key
certificates := repo.KeyStoreManager.TrustedCertificateStore().GetCertificates() certificates := repo.KeyStoreManager.TrustedCertificateStore().GetCertificates()
assert.Len(t, certificates, 1, "unexpected number of certificates") assert.Len(t, certificates, 1, "unexpected number of certificates")
certID, err := trustmanager.FingerprintCert(certificates[0]) certID, err := trustmanager.FingerprintCert(certificates[0])
assert.NoError(t, err, "unable to fingerprint the certificate") assert.NoError(t, err, "unable to fingerprint the certificate")
actualDest, err := os.Readlink(filepath.Join(tempBaseDir, "private", "root_keys", certID+"_root"+".key"))
assert.NoError(t, err, "missing symlink to root key")
assert.Equal(t, rootKeyFilename, actualDest, "symlink to root key has wrong destination")
// There should be a trusted certificate // There should be a trusted certificate
_, err = os.Stat(filepath.Join(tempBaseDir, "trusted_certificates", filepath.FromSlash(gun), certID+".crt")) _, err = os.Stat(filepath.Join(tempBaseDir, "trusted_certificates", filepath.FromSlash(gun), certID+".crt"))
assert.NoError(t, err, "missing trusted certificate") assert.NoError(t, err, "missing trusted certificate")