mirror of https://github.com/docker/docs.git
Remove symlinks from notary-client repo creation
Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li
parent
efb71c9ef1
commit
402c704798
|
|
@ -23,6 +23,7 @@ import (
|
|||
"github.com/endophage/gotuf/keys"
|
||||
"github.com/endophage/gotuf/signed"
|
||||
"github.com/endophage/gotuf/store"
|
||||
tufutils "github.com/endophage/gotuf/utils"
|
||||
)
|
||||
|
||||
const maxSize = 5 << 20
|
||||
|
|
@ -162,15 +163,6 @@ func (r *NotaryRepository) Initialize(uCryptoService *cryptoservice.UnlockedCryp
|
|||
// Generate a x509Key using the rootCert as the public key
|
||||
rootKey := data.NewPublicKey(algorithmType, trustmanager.CertToPEM(rootCert))
|
||||
|
||||
// Creates a symlink between the certificate ID and the real public key it
|
||||
// is associated with. This is used to be able to retrieve the root private key
|
||||
// associated with a particular certificate
|
||||
logrus.Debugf("Linking %s to %s.", rootKey.ID(), uCryptoService.ID())
|
||||
err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID()+"_root", rootKey.ID()+"_root")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// All the timestamp keys are generated by the remote server.
|
||||
remote, err := getRemoteStore(r.baseURL, r.gun, r.roundTrip)
|
||||
if err != nil {
|
||||
|
|
@ -400,7 +392,16 @@ func (r *NotaryRepository) Publish() error {
|
|||
return err
|
||||
}
|
||||
rootKeyID := r.tufRepo.Root.Signed.Roles["root"].KeyIDs[0]
|
||||
rootCryptoService, err := r.KeyStoreManager.GetRootCryptoService(rootKeyID)
|
||||
rootKey, ok := r.tufRepo.Root.Signed.Keys[rootKeyID]
|
||||
if !ok {
|
||||
return errors.New(
|
||||
"Root was signed with %s, which is not in its list of keys.")
|
||||
}
|
||||
canonicalRootID, err := tufutils.CanonicalKeyID(rootKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
rootCryptoService, err := r.KeyStoreManager.GetRootCryptoService(canonicalRootID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -108,19 +108,12 @@ func testInitRepo(t *testing.T, rootType data.KeyAlgorithm) {
|
|||
_, err = os.Stat(filepath.Join(tempBaseDir, "private", "root_keys", rootKeyFilename))
|
||||
assert.NoError(t, err, "missing root key")
|
||||
|
||||
// Also expect a symlink from the key ID of the certificate key to this
|
||||
// root key
|
||||
certificates := repo.KeyStoreManager.TrustedCertificateStore().GetCertificates()
|
||||
assert.Len(t, certificates, 1, "unexpected number of certificates")
|
||||
|
||||
certID, err := trustmanager.FingerprintCert(certificates[0])
|
||||
assert.NoError(t, err, "unable to fingerprint the certificate")
|
||||
|
||||
actualDest, err := os.Readlink(filepath.Join(tempBaseDir, "private", "root_keys", certID+"_root"+".key"))
|
||||
assert.NoError(t, err, "missing symlink to root key")
|
||||
|
||||
assert.Equal(t, rootKeyFilename, actualDest, "symlink to root key has wrong destination")
|
||||
|
||||
// There should be a trusted certificate
|
||||
_, err = os.Stat(filepath.Join(tempBaseDir, "trusted_certificates", filepath.FromSlash(gun), certID+".crt"))
|
||||
assert.NoError(t, err, "missing trusted certificate")
|
||||
|
|
|
|||
Loading…
Reference in New Issue