docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding default to notary key generate and configurable trust dir from 

config

Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (github: endophage)
This commit is contained in:
Diogo Monica 2015-11-09 19:42:50 -08:00 committed by David Lawrence
parent 189118164d
commit 5b7480f599
6 changed files with 91 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored Normal file
View File

Binary file not shown.

4
cmd/notary/cert.go
View File

@ -53,9 +53,9 @@ func certRemove(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
fatalf("Must specify the cert ID or the GUN of the certificates to remove") fatalf("Must specify the cert ID or the GUN of the certificates to remove")
} }
parseConfig() parseConfig()
trustDir := mainViper.GetString("trustDir")
keysPath := filepath.Join(trustDir, notary.PrivDir) keysPath := filepath.Join(trustDir, notary.PrivDir)
fileKeyStore, err := trustmanager.NewKeyFileStore(keysPath, retriever) fileKeyStore, err := trustmanager.NewKeyFileStore(keysPath, retriever)
if err != nil { if err != nil {
@ -122,9 +122,9 @@ func certList(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
os.Exit(1) os.Exit(1)
} }
parseConfig() parseConfig()
trustDir := mainViper.GetString("trustDir")
keysPath := filepath.Join(trustDir, notary.PrivDir) keysPath := filepath.Join(trustDir, notary.PrivDir)
fileKeyStore, err := trustmanager.NewKeyFileStore(keysPath, retriever) fileKeyStore, err := trustmanager.NewKeyFileStore(keysPath, retriever)
if err != nil { if err != nil {

21
cmd/notary/integration_test.go
View File

@ -510,6 +510,27 @@ func TestClientCertInteraction(t *testing.T) {
assertNumCerts(t, tempDir, 0) assertNumCerts(t, tempDir, 0)
} }
// Tests default root key generation
func TestDefaultRootKeyGeneration(t *testing.T) {
// -- setup --
cleanup := setUp(t)
defer cleanup()
tempDir, err := ioutil.TempDir("/tmp", "repo")
assert.NoError(t, err)
defer os.RemoveAll(tempDir)
// -- tests --
// starts out with no keys
assertNumKeys(t, tempDir, 0, 0, true)
// generate root key with no algorithm produces a single ECDSA root key and no other keys
_, err = runCommand(t, tempDir, "key", "generate")
assert.NoError(t, err)
assertNumKeys(t, tempDir, 1, 0, true)
}
func TestMain(m *testing.M) { func TestMain(m *testing.M) {
if testing.Short() { if testing.Short() {
// skip // skip

39
cmd/notary/keys.go
View File

@ -97,7 +97,7 @@ func keysList(cmd *cobra.Command, args []string) {
parseConfig() parseConfig()
stores := getKeyStores(cmd, trustDir, retriever, true) stores := getKeyStores(cmd, mainViper.GetString("trustDir"), retriever, true)
keys := make(map[trustmanager.KeyStore]map[string]string) keys := make(map[trustmanager.KeyStore]map[string]string)
for _, store := range stores { for _, store := range stores {
@ -137,15 +137,19 @@ func keysList(cmd *cobra.Command, args []string) {
} }
func keysGenerateRootKey(cmd *cobra.Command, args []string) { func keysGenerateRootKey(cmd *cobra.Command, args []string) {
if len(args) < 1 { parseConfig()
cmd.Usage()
fatalf("Must specify an Algorithm (RSA, ECDSA)") // If no param is given to generate, generates an ecdsa key by default
algorithm := data.ECDSAKey
// If we were provided an argument lets attempt to use it as an algorithm
if len(args) > 0 {
algorithm = args[0]
} }
algorithm := args[0]
allowedCiphers := map[string]bool{ allowedCiphers := map[string]bool{
"rsa": true, data.ECDSAKey: true,
"ecdsa": true, data.RSAKey: true,
} }
if !allowedCiphers[strings.ToLower(algorithm)] { if !allowedCiphers[strings.ToLower(algorithm)] {
@ -156,7 +160,7 @@ func keysGenerateRootKey(cmd *cobra.Command, args []string) {
cs := cryptoservice.NewCryptoService( cs := cryptoservice.NewCryptoService(
"", "",
getKeyStores(cmd, trustDir, retriever, true)..., getKeyStores(cmd, mainViper.GetString("trustDir"), retriever, true)...,
) )
pubKey, err := cs.Create(data.CanonicalRootRole, algorithm) pubKey, err := cs.Create(data.CanonicalRootRole, algorithm)
@ -174,13 +178,12 @@ func keysExport(cmd *cobra.Command, args []string) {
fatalf("Must specify output filename for export") fatalf("Must specify output filename for export")
} }
exportFilename := args[0]
parseConfig() parseConfig()
exportFilename := args[0]
cs := cryptoservice.NewCryptoService( cs := cryptoservice.NewCryptoService(
"", "",
getKeyStores(cmd, trustDir, retriever, true)..., getKeyStores(cmd, mainViper.GetString("trustDir"), retriever, true)...,
) )
exportFile, err := os.Create(exportFilename) exportFile, err := os.Create(exportFilename)
@ -212,6 +215,8 @@ func keysExportRoot(cmd *cobra.Command, args []string) {
fatalf("Must specify key ID and output filename for export") fatalf("Must specify key ID and output filename for export")
} }
parseConfig()
keyID := args[0] keyID := args[0]
exportFilename := args[1] exportFilename := args[1]
@ -223,7 +228,7 @@ func keysExportRoot(cmd *cobra.Command, args []string) {
cs := cryptoservice.NewCryptoService( cs := cryptoservice.NewCryptoService(
"", "",
getKeyStores(cmd, trustDir, retriever, true)..., getKeyStores(cmd, mainViper.GetString("trustDir"), retriever, true)...,
) )
exportFile, err := os.Create(exportFilename) exportFile, err := os.Create(exportFilename)
@ -258,7 +263,7 @@ func keysImport(cmd *cobra.Command, args []string) {
cs := cryptoservice.NewCryptoService( cs := cryptoservice.NewCryptoService(
"", "",
getKeyStores(cmd, trustDir, retriever, true)..., getKeyStores(cmd, mainViper.GetString("trustDir"), retriever, true)...,
) )
zipReader, err := zip.OpenReader(importFilename) zipReader, err := zip.OpenReader(importFilename)
@ -281,15 +286,15 @@ func keysImportRoot(cmd *cobra.Command, args []string) {
fatalf("Must specify input filename for import") fatalf("Must specify input filename for import")
} }
importFilename := args[0]
parseConfig() parseConfig()
cs := cryptoservice.NewCryptoService( cs := cryptoservice.NewCryptoService(
"", "",
getKeyStores(cmd, trustDir, retriever, true)..., getKeyStores(cmd, mainViper.GetString("trustDir"), retriever, true)...,
) )
importFilename := args[0]
importFile, err := os.Open(importFilename) importFile, err := os.Open(importFilename)
if err != nil { if err != nil {
fatalf("Opening file for import: %v", err) fatalf("Opening file for import: %v", err)
@ -317,7 +322,7 @@ func keysRotate(cmd *cobra.Command, args []string) {
parseConfig() parseConfig()
gun := args[0] gun := args[0]
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, remoteTrustServer, nil, retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, remoteTrustServer, nil, retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }

44
cmd/notary/main.go
View File

@ -43,21 +43,17 @@ func parseConfig() {
logrus.SetOutput(os.Stderr) logrus.SetOutput(os.Stderr)
} }
if trustDir == "" { // Get home directory for current user
// Get home directory for current user homeDir, err := homedir.Dir()
homeDir, err := homedir.Dir() if err != nil {
if err != nil { fatalf("Cannot get current user home directory: %v", err)
fatalf("Cannot get current user home directory: %v", err)
}
if homeDir == "" {
fatalf("Cannot get current user home directory")
}
trustDir = filepath.Join(homeDir, filepath.Dir(configDir))
logrus.Debugf("no trust directory provided, using default: %s", trustDir)
} else {
logrus.Debugf("trust directory provided: %s", trustDir)
} }
if homeDir == "" {
fatalf("Cannot get current user home directory")
}
// By default our trust directory (where keys are stored) is in ~/.notary/
mainViper.SetDefault("trustDir", filepath.Join(homeDir, filepath.Dir(configDir)))
// If there was a commandline configFile set, we parse that. // If there was a commandline configFile set, we parse that.
// If there wasn't we attempt to find it on the default location ~/.notary/config // If there wasn't we attempt to find it on the default location ~/.notary/config
@ -66,7 +62,7 @@ func parseConfig() {
configFileName = strings.TrimSuffix(filepath.Base(configFile), filepath.Ext(configFile)) configFileName = strings.TrimSuffix(filepath.Base(configFile), filepath.Ext(configFile))
configPath = filepath.Dir(configFile) configPath = filepath.Dir(configFile)
} else { } else {
configPath = trustDir configPath = filepath.Join(homeDir, filepath.Dir(configDir))
} }
// Setup the configuration details into viper // Setup the configuration details into viper
@ -75,7 +71,7 @@ func parseConfig() {
mainViper.AddConfigPath(configPath) mainViper.AddConfigPath(configPath)
// Find and read the config file // Find and read the config file
err := mainViper.ReadInConfig() err = mainViper.ReadInConfig()
if err != nil { if err != nil {
logrus.Debugf("configuration file not found, using defaults") logrus.Debugf("configuration file not found, using defaults")
// Ignore if the configuration file doesn't exist, we can use the defaults // Ignore if the configuration file doesn't exist, we can use the defaults
@ -83,6 +79,20 @@ func parseConfig() {
fatalf("Fatal error config file: %v", err) fatalf("Fatal error config file: %v", err)
} }
} }
// At this point we either have the default value or the one set by the config.
// Either way, the command-line flag has precedence and overwrives the value
if trustDir != "" {
mainViper.Set("trustDir", trustDir)
}
// Expands all the possible ~/ that have been given, either through -d or config
// If there is no error, user it, if not, attempt to use whatever the user gave us
expandedTrustDir, err := homedir.Expand(mainViper.GetString("trustDir"))
if err == nil {
mainViper.Set("trustDir", expandedTrustDir)
}
logrus.Debugf("using the following trust directory: %s", mainViper.GetString("trustDir"))
} }
func setupCommand(notaryCmd *cobra.Command) { func setupCommand(notaryCmd *cobra.Command) {
@ -97,7 +107,7 @@ func setupCommand(notaryCmd *cobra.Command) {
notaryCmd.AddCommand(versionCmd) notaryCmd.AddCommand(versionCmd)
notaryCmd.PersistentFlags().StringVarP(&trustDir, "trustdir", "d", "", "Directory where the trust data is persisted to") notaryCmd.PersistentFlags().StringVarP(&trustDir, "trustDir", "d", "", "Directory where the trust data is persisted to")
notaryCmd.PersistentFlags().StringVarP(&configFile, "configFile", "c", "", "Path to the configuration file to use") notaryCmd.PersistentFlags().StringVarP(&configFile, "configFile", "c", "", "Path to the configuration file to use")
notaryCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Verbose output") notaryCmd.PersistentFlags().BoolVarP(&verbose, "verbose", "v", false, "Verbose output")
notaryCmd.PersistentFlags().StringVarP(&remoteTrustServer, "server", "s", "", "Remote trust server location") notaryCmd.PersistentFlags().StringVarP(&remoteTrustServer, "server", "s", "", "Remote trust server location")

35
cmd/notary/tuf.go
View File

@ -86,15 +86,15 @@ func tufAdd(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
fatalf("Must specify a GUN, target, and path to target data") fatalf("Must specify a GUN, target, and path to target data")
} }
parseConfig()
gun := args[0] gun := args[0]
targetName := args[1] targetName := args[1]
targetPath := args[2] targetPath := args[2]
parseConfig()
// no online operations are performed by add so the transport argument // no online operations are performed by add so the transport argument
// should be nil // should be nil
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), nil, retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), nil, retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -118,10 +118,10 @@ func tufInit(cmd *cobra.Command, args []string) {
fatalf("Must specify a GUN") fatalf("Must specify a GUN")
} }
gun := args[0]
parseConfig() parseConfig()
gun := args[0]
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, false), retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), getTransport(gun, false), retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -154,10 +154,10 @@ func tufList(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
fatalf("Must specify a GUN") fatalf("Must specify a GUN")
} }
gun := args[0]
parseConfig() parseConfig()
gun := args[0]
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, true), retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), getTransport(gun, true), retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -179,11 +179,12 @@ func tufLookup(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
fatalf("Must specify a GUN and target") fatalf("Must specify a GUN and target")
} }
gun := args[0]
targetName := args[1]
parseConfig() parseConfig()
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, true), retriever) gun := args[0]
targetName := args[1]
nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), getTransport(gun, true), retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -202,10 +203,10 @@ func tufStatus(cmd *cobra.Command, args []string) {
fatalf("Must specify a GUN") fatalf("Must specify a GUN")
} }
gun := args[0]
parseConfig() parseConfig()
gun := args[0]
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), nil, retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), nil, retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -234,12 +235,12 @@ func tufPublish(cmd *cobra.Command, args []string) {
fatalf("Must specify a GUN") fatalf("Must specify a GUN")
} }
gun := args[0]
parseConfig() parseConfig()
gun := args[0]
cmd.Println("Pushing changes to", gun) cmd.Println("Pushing changes to", gun)
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, false), retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), getTransport(gun, false), retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -255,13 +256,14 @@ func tufRemove(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
fatalf("Must specify a GUN and target") fatalf("Must specify a GUN and target")
} }
parseConfig()
gun := args[0] gun := args[0]
targetName := args[1] targetName := args[1]
parseConfig()
// no online operation are performed by remove so the transport argument // no online operation are performed by remove so the transport argument
// should be nil. // should be nil.
repo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), nil, retriever) repo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), nil, retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }
@ -278,6 +280,7 @@ func verify(cmd *cobra.Command, args []string) {
cmd.Usage() cmd.Usage()
fatalf("Must specify a GUN and target") fatalf("Must specify a GUN and target")
} }
parseConfig() parseConfig()
// Reads all of the data on STDIN // Reads all of the data on STDIN
@ -288,7 +291,7 @@ func verify(cmd *cobra.Command, args []string) {
gun := args[0] gun := args[0]
targetName := args[1] targetName := args[1]
nRepo, err := notaryclient.NewNotaryRepository(trustDir, gun, getRemoteTrustServer(), getTransport(gun, true), retriever) nRepo, err := notaryclient.NewNotaryRepository(mainViper.GetString("trustDir"), gun, getRemoteTrustServer(), getTransport(gun, true), retriever)
if err != nil { if err != nil {
fatalf(err.Error()) fatalf(err.Error())
} }