docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implementing ListTargets

This commit is contained in:
Diogo Monica 2015-07-06 22:23:04 -07:00
parent 30c0856266
commit 93f7d9911f
3 changed files with 37 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
client/client.go
View File

@ -10,7 +10,6 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"os" "os"
"path"
"path/filepath" "path/filepath"
"time" "time"
@ -21,8 +20,6 @@ import (
"github.com/endophage/gotuf/keys" "github.com/endophage/gotuf/keys"
"github.com/endophage/gotuf/signed" "github.com/endophage/gotuf/signed"
"github.com/endophage/gotuf/store" "github.com/endophage/gotuf/store"
"github.com/spf13/viper"
) )
// Default paths should end with a '/' so directory creation works correctly // Default paths should end with a '/' so directory creation works correctly
@ -55,6 +52,7 @@ type Repository interface {
} }
type NotaryClient struct { type NotaryClient struct {
baseDir string
caStore trustmanager.X509Store caStore trustmanager.X509Store
certificateStore trustmanager.X509Store certificateStore trustmanager.X509Store
rootKeyStore trustmanager.EncryptedFileStore rootKeyStore trustmanager.EncryptedFileStore
@ -63,6 +61,7 @@ type NotaryClient struct {
type NotaryRepository struct { type NotaryRepository struct {
Gun string Gun string
baseURL string baseURL string
tufRepoPath string
transport http.RoundTripper transport http.RoundTripper
signer *signed.Signer signer *signed.Signer
tufRepo *tuf.TufRepo tufRepo *tuf.TufRepo
@ -97,8 +96,11 @@ func NewTarget(targetName string, targetPath string) (*Target, error) {
// NewClient is a helper method that returns a new notary Client, given a config // NewClient is a helper method that returns a new notary Client, given a config
// file. It makes the assumption that the base directory for the config file will // file. It makes the assumption that the base directory for the config file will
// be the place where trust information is being cached locally. // be the place where trust information is being cached locally.
func NewClient(trustDir, rootKeysDir string) (*NotaryClient, error) { func NewClient(baseDir string) (*NotaryClient, error) {
nClient := &NotaryClient{} trustDir := filepath.Join(baseDir, trustDir)
rootKeysDir := filepath.Join(baseDir, rootKeysDir)
nClient := &NotaryClient{baseDir: baseDir}
err := nClient.loadKeys(trustDir, rootKeysDir) err := nClient.loadKeys(trustDir, rootKeysDir)
if err != nil { if err != nil {
@ -183,7 +185,7 @@ func (r *NotaryRepository) Initialize(rootKey *data.PublicKey) error {
r.tufRepo = tuf.NewTufRepo(kdb, r.signer) r.tufRepo = tuf.NewTufRepo(kdb, r.signer)
r.fileStore, err = store.NewFilesystemStore( r.fileStore, err = store.NewFilesystemStore(
path.Join(viper.GetString("tufDir")), r.tufRepoPath,
"metadata", "metadata",
"json", "json",
"targets", "targets",
@ -232,12 +234,13 @@ func (r *NotaryRepository) ListTargets() ([]*Target, error) {
return nil, err return nil, err
} }
// TODO(diogo): return hashes targetList := make([]*Target, 0)
for name, meta := range r.tufRepo.Targets["targets"].Signed.Targets { for name, meta := range r.tufRepo.Targets["targets"].Signed.Targets {
fmt.Println(name, " ", meta.Hashes["sha256"], " ", meta.Length) target := &Target{Name: name, Hashes: meta.Hashes, Length: meta.Length}
targetList = append(targetList, target)
} }
return nil, nil return targetList, nil
} }
// GetTargetByName returns a target given a name // GetTargetByName returns a target given a name
@ -299,7 +302,7 @@ func (r *NotaryRepository) Publish() error {
func (r *NotaryRepository) bootstrapRepo() error { func (r *NotaryRepository) bootstrapRepo() error {
fileStore, err := store.NewFilesystemStore( fileStore, err := store.NewFilesystemStore(
path.Join(viper.GetString("tufDir")), r.tufRepoPath,
"metadata", "metadata",
"json", "json",
"targets", "targets",
@ -415,7 +418,7 @@ func (r *NotaryRepository) ValidateRoot(root *data.Signed) error {
for _, fingerprint := range rootSigned.Roles["root"].KeyIDs { for _, fingerprint := range rootSigned.Roles["root"].KeyIDs {
// TODO(dlaw): currently assuming only one cert contained in // TODO(dlaw): currently assuming only one cert contained in
// public key entry. Need to fix when we want to pass in chains. // public key entry. Need to fix when we want to pass in chains.
k, _ := pem.Decode([]byte(rootSigned.Keys["kid"].Public())) k, _ := pem.Decode([]byte(rootSigned.Keys[fingerprint].Public()))
decodedCerts, err := x509.ParseCertificates(k.Bytes) decodedCerts, err := x509.ParseCertificates(k.Bytes)
if err != nil { if err != nil {
@ -508,7 +511,7 @@ func (c *NotaryClient) GenRootKey(passphrase string) (*data.PublicKey, error) {
// GetRepository returns a new repository // GetRepository returns a new repository
func (c *NotaryClient) GetRepository(gun string, baseURL string, transport http.RoundTripper) (*NotaryRepository, error) { func (c *NotaryClient) GetRepository(gun string, baseURL string, transport http.RoundTripper) (*NotaryRepository, error) {
privKeyStore, err := trustmanager.NewKeyFileStore(viper.GetString("privDir")) privKeyStore, err := trustmanager.NewKeyFileStore(filepath.Join(c.baseDir, privDir))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -517,6 +520,7 @@ func (c *NotaryClient) GetRepository(gun string, baseURL string, transport http.
return &NotaryRepository{Gun: gun, return &NotaryRepository{Gun: gun,
baseURL: baseURL, baseURL: baseURL,
tufRepoPath: filepath.Join(c.baseDir, tufDir),
transport: transport, transport: transport,
signer: signer, signer: signer,
caStore: c.caStore, caStore: c.caStore,

25
cmd/notary/main.go
View File

@ -18,9 +18,9 @@ import (
const configFileName string = "config" const configFileName string = "config"
const configPath string = ".docker/trust/" const configPath string = ".docker/trust/"
const trustDir string = configPath + "trusted_certificates/" const trustDir string = "trusted_certificates/"
const privDir string = configPath + "private/" const privDir string = "private/"
const rootKeysDir string = configPath + "root_keys/" const rootKeysDir string = "root_keys/"
var rawOutput bool var rawOutput bool
var nClient *notaryclient.NotaryClient var nClient *notaryclient.NotaryClient
@ -58,12 +58,11 @@ func init() {
} }
// Set up the defaults for our config // Set up the defaults for our config
viper.SetDefault("trustDir", path.Join(homeDir, path.Dir(trustDir))) viper.SetDefault("baseTrustDir", path.Join(homeDir, path.Dir(configPath)))
// Get the final value for the CA directory // Get the final value for the CA directory
finalTrustDir := viper.GetString("trustDir") finalTrustDir := path.Join(viper.GetString("baseTrustDir"), trustDir)
finalPrivDir := viper.GetString("privDir") finalPrivDir := path.Join(viper.GetString("baseTrustDir"), privDir)
finalRootKeysDir := viper.GetString("rootKeysDir")
// Load all CAs that aren't expired and don't use SHA1 // Load all CAs that aren't expired and don't use SHA1
caStore, err = trustmanager.NewX509FilteredFileStore(finalTrustDir, func(cert *x509.Certificate) bool { caStore, err = trustmanager.NewX509FilteredFileStore(finalTrustDir, func(cert *x509.Certificate) bool {
@ -74,7 +73,7 @@ func init() {
cert.SignatureAlgorithm != x509.ECDSAWithSHA1 cert.SignatureAlgorithm != x509.ECDSAWithSHA1
}) })
if err != nil { if err != nil {
fatalf("could not create X509FileStore: %v", err) fatalf("could not create CA X509FileStore: %v", err)
} }
// Load all individual (nonCA) certificates that aren't expired and don't use SHA1 // Load all individual (nonCA) certificates that aren't expired and don't use SHA1
@ -86,20 +85,18 @@ func init() {
cert.SignatureAlgorithm != x509.ECDSAWithSHA1 cert.SignatureAlgorithm != x509.ECDSAWithSHA1
}) })
if err != nil { if err != nil {
fatalf("could not create X509FileStore: %v", err) fatalf("could not create Certificate X509FileStore: %v", err)
} }
privKeyStore, err = trustmanager.NewKeyFileStore(finalPrivDir) privKeyStore, err = trustmanager.NewKeyFileStore(finalPrivDir)
if err != nil { if err != nil {
fatalf("could not create FileStore: %v", err) fatalf("could not create KeyFileStore: %v", err)
} }
// TODO(diogo): Client should receive the config nClient, err = notaryclient.NewClient(viper.GetString("baseTrustDir"))
nClient, err = notaryclient.NewClient(finalTrustDir, finalRootKeysDir)
if err != nil { if err != nil {
fatalf("could not create FileStore: %v", err) fatalf("could not create Notary Client: %v", err)
} }
} }
func main() { func main() {

12
cmd/notary/tuf.go
View File

@ -122,8 +122,16 @@ func tufList(cmd *cobra.Command, args []string) {
fatalf(err.Error()) fatalf(err.Error())
} }
// TODO(diogo): Parse Targets and print them // Retreive the remote list of signed targets
_, _ = repo.ListTargets() targetList, err := repo.ListTargets()
if err != nil {
fatalf(err.Error())
}
// Print all the available targets
for _, t := range targetList {
fmt.Println(t.Name, " ", t.Hashes["sha256"], " ", t.Length)
}
} }
func tufLookup(cmd *cobra.Command, args []string) { func tufLookup(cmd *cobra.Command, args []string) {