mirror of https://github.com/docker/docs.git
list works
This commit is contained in:
David Lawrence
parent
322f60b1ba
commit
e434232709
|
|
@ -47,7 +47,7 @@
|
|||
},
|
||||
{
|
||||
"ImportPath": "github.com/endophage/gotuf",
|
||||
"Rev": "4e1cdf8615f2039032f44b575cb48842a523919f"
|
||||
"Rev": "de9ae3ede560ae61c3653aa98a5c07587bbb04a7"
|
||||
},
|
||||
{
|
||||
"ImportPath": "github.com/go-sql-driver/mysql",
|
||||
|
|
|
|||
|
|
@ -57,12 +57,12 @@ func (c *Client) Update() error {
|
|||
func (c *Client) update() error {
|
||||
err := c.downloadTimestamp()
|
||||
if err != nil {
|
||||
logrus.Errorf("Client Update (Timestamp):", err)
|
||||
logrus.Errorf("Client Update (Timestamp): ", err.Error())
|
||||
return err
|
||||
}
|
||||
err = c.downloadSnapshot()
|
||||
if err != nil {
|
||||
logrus.Errorf("Client Update (Snapshot):", err)
|
||||
logrus.Errorf("Client Update (Snapshot): ", err.Error())
|
||||
return err
|
||||
}
|
||||
err = c.checkRoot()
|
||||
|
|
@ -71,7 +71,7 @@ func (c *Client) update() error {
|
|||
}
|
||||
err = c.downloadTargets("targets")
|
||||
if err != nil {
|
||||
logrus.Errorf("Client Update (Targets):", err)
|
||||
logrus.Errorf("Client Update (Targets): ", err.Error())
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
|
@ -130,7 +130,7 @@ func (c *Client) downloadTimestamp() error {
|
|||
// downloadSnapshot is responsible for downloading the snapshot.json
|
||||
func (c *Client) downloadSnapshot() error {
|
||||
role := data.RoleName("snapshot")
|
||||
size := c.local.Timestamp.Signed.Meta[role+".txt"].Length
|
||||
size := c.local.Timestamp.Signed.Meta[role].Length
|
||||
raw, err := c.remote.GetMeta(role, size)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -185,7 +185,7 @@ func (c Client) GetTargetsFile(roleName string, keyIDs []string, snapshotMeta da
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
r, err := c.remote.GetMeta(rolePath, snapshotMeta[roleName+".txt"].Length)
|
||||
r, err := c.remote.GetMeta(rolePath, snapshotMeta[roleName].Length)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ func NewTimestamp(snapshot *Signed) (*SignedTimestamp, error) {
|
|||
Version: 0,
|
||||
Expires: DefaultExpires("timestamp").String(),
|
||||
Meta: Files{
|
||||
ValidRoles["timestamp"]: snapshotMeta,
|
||||
ValidRoles["snapshot"]: snapshotMeta,
|
||||
},
|
||||
},
|
||||
}, nil
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import (
|
|||
var Verifiers = map[string]Verifier{
|
||||
"ed25519": Ed25519Verifier{},
|
||||
"rsa": RSAVerifier{},
|
||||
"rsassa-pkcs1-v1_5-sign": RSAPemVerifier{},
|
||||
"rsassa-pkcs1-v1_5-sign": RSAPemVerifier{}, // RSASSA-PKCS1-V1_5-SIGN
|
||||
"pycrypto-pkcs#1 pss": RSAPSSVerifier{},
|
||||
}
|
||||
|
||||
|
|
@ -95,20 +95,20 @@ func (v RSAPemVerifier) Verify(key data.Key, sig []byte, msg []byte) error {
|
|||
digest := sha256.Sum256(msg)
|
||||
|
||||
k, _ := pem.Decode([]byte(key.Public()))
|
||||
pub, err := x509.ParsePKIXPublicKey(k.Bytes)
|
||||
cert, err := x509.ParseCertificate(k.Bytes)
|
||||
if err != nil {
|
||||
logrus.Infof("Failed to parse public key: %s\n", err)
|
||||
logrus.Errorf("Failed to parse public key: %s\n", err.Error())
|
||||
return ErrInvalid
|
||||
}
|
||||
|
||||
rsaPub, ok := pub.(*rsa.PublicKey)
|
||||
rsaPub, ok := cert.PublicKey.(*rsa.PublicKey)
|
||||
if !ok {
|
||||
logrus.Infof("Value returned from ParsePKIXPublicKey was not an RSA public key")
|
||||
return ErrInvalid
|
||||
}
|
||||
|
||||
if err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, digest[:], sig); err != nil {
|
||||
logrus.Infof("Failed verification: %s", err)
|
||||
logrus.Errorf("Failed verification: %s", err.Error())
|
||||
return ErrInvalid
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -89,24 +89,24 @@ func VerifySignatures(s *data.Signed, role string, db *keys.KeyDB) error {
|
|||
valid := make(map[string]struct{})
|
||||
for _, sig := range s.Signatures {
|
||||
if !roleData.ValidKey(sig.KeyID) {
|
||||
logrus.Infof("continuing b/c keyid was invalid: %s for roledata %s\n", sig.KeyID, roleData)
|
||||
logrus.Debugf("continuing b/c keyid was invalid: %s for roledata %s\n", sig.KeyID, roleData)
|
||||
continue
|
||||
}
|
||||
key := db.GetKey(sig.KeyID)
|
||||
if key == nil {
|
||||
logrus.Infof("continuing b/c keyid lookup was nil: %s\n", sig.KeyID)
|
||||
logrus.Debugf("continuing b/c keyid lookup was nil: %s\n", sig.KeyID)
|
||||
continue
|
||||
}
|
||||
// make method lookup consistent with case uniformity.
|
||||
method := strings.ToLower(sig.Method)
|
||||
verifier, ok := Verifiers[method]
|
||||
if !ok {
|
||||
logrus.Infof("continuing b/c signing method is not supported: %s\n", sig.Method)
|
||||
logrus.Debugf("continuing b/c signing method is not supported: %s\n", sig.Method)
|
||||
continue
|
||||
}
|
||||
|
||||
if err := verifier.Verify(key, sig.Signature, msg); err != nil {
|
||||
logrus.Infof("continuing b/c signature was invalid\n")
|
||||
logrus.Debugf("continuing b/c signature was invalid\n")
|
||||
continue
|
||||
}
|
||||
valid[sig.KeyID] = struct{}{}
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ import (
|
|||
"encoding/json"
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
|
|
@ -244,8 +243,7 @@ func (tr *TufRepo) SetRoot(s *data.Signed) error {
|
|||
logrus.Debug("Given Key ID:", kid, "\nGenerated Key ID:", key.ID())
|
||||
}
|
||||
for roleName, role := range r.Signed.Roles {
|
||||
roleName = strings.TrimSuffix(roleName, ".txt")
|
||||
rol, err := data.NewRole(
|
||||
baseRole, err := data.NewRole(
|
||||
roleName,
|
||||
role.Threshold,
|
||||
role.KeyIDs,
|
||||
|
|
@ -255,7 +253,7 @@ func (tr *TufRepo) SetRoot(s *data.Signed) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = tr.keysDB.AddRole(rol)
|
||||
err = tr.keysDB.AddRole(baseRole)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,11 @@ import (
|
|||
)
|
||||
|
||||
func Download(url url.URL) (*http.Response, error) {
|
||||
return http.Get(url.String())
|
||||
tr := &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
}
|
||||
client := &http.Client{Transport: tr}
|
||||
return client.Get(url.String())
|
||||
}
|
||||
|
||||
func Upload(url string, body io.Reader) (*http.Response, error) {
|
||||
|
|
|
|||
|
|
@ -40,42 +40,42 @@ func init() {
|
|||
}
|
||||
|
||||
var cmdTufAdd = &cobra.Command{
|
||||
Use: "add [ QDN ] <target> <file path>",
|
||||
Use: "add [ GUN ] <target> <file path>",
|
||||
Short: "pushes local updates.",
|
||||
Long: "pushes all local updates within a specific TUF repo to remote trust server.",
|
||||
Run: tufAdd,
|
||||
}
|
||||
|
||||
var cmdTufRemove = &cobra.Command{
|
||||
Use: "remove [ QDN ] <target>",
|
||||
Use: "remove [ GUN ] <target>",
|
||||
Short: "Removes a target from the TUF repo.",
|
||||
Long: "removes a target from the local TUF repo identified by a Qualified Docker Name.",
|
||||
Run: tufRemove,
|
||||
}
|
||||
|
||||
var cmdTufInit = &cobra.Command{
|
||||
Use: "init [ QDN ]",
|
||||
Use: "init [ GUN ]",
|
||||
Short: "initializes the local TUF repository.",
|
||||
Long: "creates locally the initial set of TUF metadata for the Qualified Docker Name.",
|
||||
Run: tufInit,
|
||||
}
|
||||
|
||||
var cmdTufList = &cobra.Command{
|
||||
Use: "list [ QDN ]",
|
||||
Use: "list [ GUN ]",
|
||||
Short: "Lists all targets in a TUF repository.",
|
||||
Long: "lists all the targets in the TUF repository identified by the Qualified Docker Name.",
|
||||
Run: tufList,
|
||||
}
|
||||
|
||||
var cmdTufLookup = &cobra.Command{
|
||||
Use: "lookup [ QDN ] <target name>",
|
||||
Use: "lookup [ GUN ] <target name>",
|
||||
Short: "Looks up a specific TUF target in a repository.",
|
||||
Long: "looks up a TUF target in a repository given a Qualified Docker Name.",
|
||||
Run: tufLookup,
|
||||
}
|
||||
|
||||
var cmdTufPush = &cobra.Command{
|
||||
Use: "push [ QDN ]",
|
||||
Use: "push [ GUN ]",
|
||||
Short: "initializes the local TUF repository.",
|
||||
Long: "creates locally the initial set of TUF metadata for the Qualified Docker Name.",
|
||||
Run: tufPush,
|
||||
|
|
@ -84,7 +84,7 @@ var cmdTufPush = &cobra.Command{
|
|||
func tufAdd(cmd *cobra.Command, args []string) {
|
||||
if len(args) < 3 {
|
||||
cmd.Usage()
|
||||
fatalf("must specify a QDN, target name, and local path to target data")
|
||||
fatalf("must specify a GUN, target name, and local path to target data")
|
||||
}
|
||||
|
||||
gun := args[0]
|
||||
|
|
@ -212,24 +212,65 @@ func tufInit(cmd *cobra.Command, args []string) {
|
|||
func tufList(cmd *cobra.Command, args []string) {
|
||||
if len(args) < 1 {
|
||||
cmd.Usage()
|
||||
fatalf("must specify a QDN")
|
||||
fatalf("must specify a GUN")
|
||||
}
|
||||
gun := args[0]
|
||||
kdb := keys.NewDB()
|
||||
repo := tuf.NewTufRepo(kdb, nil)
|
||||
|
||||
remote, err := store.NewHTTPStore(
|
||||
"https://vetinari:4443/v2/"+gun+"/_trust/tuf/",
|
||||
"",
|
||||
"json",
|
||||
"",
|
||||
)
|
||||
rootJSON, err := remote.GetMeta("root", 5<<20)
|
||||
if err != nil {
|
||||
fmt.Println("Couldn't get initial root")
|
||||
fatalf(err.Error())
|
||||
}
|
||||
root := &data.Signed{}
|
||||
err = json.Unmarshal(rootJSON, root)
|
||||
if err != nil {
|
||||
fmt.Println("Couldn't parse initial root")
|
||||
fatalf(err.Error())
|
||||
}
|
||||
// TODO: Validate the root file against the key store
|
||||
err = repo.SetRoot(root)
|
||||
if err != nil {
|
||||
fmt.Println("Error setting root")
|
||||
fatalf(err.Error())
|
||||
}
|
||||
|
||||
c := client.NewClient(
|
||||
repo,
|
||||
remote,
|
||||
kdb,
|
||||
)
|
||||
|
||||
err = c.Update()
|
||||
if err != nil {
|
||||
fmt.Println("Update failed")
|
||||
fatalf(err.Error())
|
||||
}
|
||||
for name, meta := range repo.Targets["targets"].Signed.Targets {
|
||||
fmt.Println(name, " ", meta.Hashes["sha256"], " ", meta.Length)
|
||||
}
|
||||
}
|
||||
|
||||
func tufLookup(cmd *cobra.Command, args []string) {
|
||||
if len(args) < 2 {
|
||||
cmd.Usage()
|
||||
fatalf("must specify a QDN and target path to look up.")
|
||||
fatalf("must specify a GUN and target path to look up.")
|
||||
}
|
||||
|
||||
fmt.Println("Remote trust server configured: " + remoteTrustServer)
|
||||
qdn := args[0]
|
||||
gun := args[0]
|
||||
targetName := args[1]
|
||||
kdb := keys.NewDB()
|
||||
repo := tuf.NewTufRepo(kdb, nil)
|
||||
|
||||
remote, err := store.NewHTTPStore(
|
||||
"https://localhost:4443/v2"+qdn+"/_trust/tuf/",
|
||||
"https://localhost:4443/v2"+gun+"/_trust/tuf/",
|
||||
"",
|
||||
"json",
|
||||
"",
|
||||
|
|
@ -262,7 +303,7 @@ func tufLookup(cmd *cobra.Command, args []string) {
|
|||
func tufPush(cmd *cobra.Command, args []string) {
|
||||
if len(args) < 1 {
|
||||
cmd.Usage()
|
||||
fatalf("must specify a QDN")
|
||||
fatalf("must specify a GUN")
|
||||
}
|
||||
|
||||
gun := args[0]
|
||||
|
|
@ -318,7 +359,7 @@ func tufPush(cmd *cobra.Command, args []string) {
|
|||
func tufRemove(cmd *cobra.Command, args []string) {
|
||||
if len(args) < 1 {
|
||||
cmd.Usage()
|
||||
fatalf("must specify a QDN")
|
||||
fatalf("must specify a GUN")
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/endophage/gotuf/data"
|
||||
"github.com/gorilla/mux"
|
||||
"golang.org/x/net/context"
|
||||
|
|
@ -98,6 +99,7 @@ func GetHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) *er
|
|||
qdn := vars["imageName"]
|
||||
tufRole := vars["tufRole"]
|
||||
data, err := store.GetCurrent(qdn, tufRole)
|
||||
logrus.Debug("JSON: ", string(data))
|
||||
if err != nil {
|
||||
return &errors.HTTPError{
|
||||
HTTPStatus: http.StatusInternalServerError,
|
||||
|
|
@ -112,6 +114,7 @@ func GetHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) *er
|
|||
Err: err,
|
||||
}
|
||||
}
|
||||
|
||||
logrus.Debug("Writing data")
|
||||
w.Write(data)
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue