rename vetinari to notary

Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
This commit is contained in:
Nathan McCauley 2015-06-19 11:01:19 -07:00
parent 3f9b5dd6f7
commit e46a95227c
32 changed files with 85 additions and 85 deletions

2
.gitignore vendored
View File

@ -1,3 +1,3 @@
/cmd/vetinari-server/vetinari-server /cmd/notary-server/notary-server
cover cover
bin bin

View File

@ -1,13 +1,13 @@
FROM golang FROM golang
COPY . /go/src/github.com/docker/vetinari COPY . /go/src/github.com/docker/notary
RUN chmod 777 /tmp/ RUN chmod 777 /tmp/
RUN GOPATH="/go/src/github.com/docker/vetinari/Godeps/_workspace:/go/" go install github.com/docker/vetinari/cmd/vetinari-server RUN GOPATH="/go/src/github.com/docker/notary/Godeps/_workspace:/go/" go install github.com/docker/notary/cmd/notary-server
EXPOSE 4443 EXPOSE 4443
WORKDIR /go/src/github.com/docker/vetinari WORKDIR /go/src/github.com/docker/notary
CMD vetinari-server -config cmd/vetinari-server/dev-config.json CMD notary-server -config cmd/notary-server/dev-config.json

2
Godeps/Godeps.json generated
View File

@ -1,5 +1,5 @@
{ {
"ImportPath": "github.com/docker/vetinari", "ImportPath": "github.com/docker/notary",
"GoVersion": "go1.4.2", "GoVersion": "go1.4.2",
"Packages": [ "Packages": [
"./..." "./..."

View File

@ -15,9 +15,9 @@ AUTHORS: .git/HEAD
version/version.go: version/version.go:
./version/version.sh > $@ ./version/version.sh > $@
${PREFIX}/bin/vetinari-server: version/version.go $(shell find . -type f -name '*.go') ${PREFIX}/bin/notary-server: version/version.go $(shell find . -type f -name '*.go')
@echo "+ $@" @echo "+ $@"
@godep go build -o $@ ${GO_LDFLAGS} ./cmd/vetinari-server @godep go build -o $@ ${GO_LDFLAGS} ./cmd/notary-server
${PREFIX}/bin/notary: version/version.go $(shell find . -type f -name '*.go') ${PREFIX}/bin/notary: version/version.go $(shell find . -type f -name '*.go')
@echo "+ $@" @echo "+ $@"
@ -53,9 +53,9 @@ protos:
clean-protos: clean-protos:
@rm proto/*.pb.go @rm proto/*.pb.go
binaries: ${PREFIX}/bin/vetinari-server ${PREFIX}/bin/notary binaries: ${PREFIX}/bin/notary-server ${PREFIX}/bin/notary
@echo "+ $@" @echo "+ $@"
clean: clean:
@echo "+ $@" @echo "+ $@"
@rm -rf "${PREFIX}/bin/vetinari-server" "${PREFIX}/bin/notary" @rm -rf "${PREFIX}/bin/notary-server" "${PREFIX}/bin/notary"

View File

@ -1,10 +1,10 @@
# Vetinari # Notary
## Overview ## Overview
Vetinari manages trust metadata as a complementary service to the registry. Notary manages trust metadata as a complementary service to the registry.
It implements all endpoints under the `_trust` segment of the registry URLs. It implements all endpoints under the `_trust` segment of the registry URLs.
Vetinari expects to manage TUF metadata and will do validation of one parent Notary expects to manage TUF metadata and will do validation of one parent
level of content for any data uploaded to ensure repositories do not become level of content for any data uploaded to ensure repositories do not become
corrupted. This means either the keys in the root.json file will be used to corrupted. This means either the keys in the root.json file will be used to
validate the uploaded role, or the keys in the immediate delegate parent will validate the uploaded role, or the keys in the immediate delegate parent will
@ -17,16 +17,16 @@ will be sufficient to permit the uploading of a new root.json.
## Timestamping ## Timestamping
TUF requires a timestamp file be regularly generated. To achieve any ease TUF requires a timestamp file be regularly generated. To achieve any ease
of use, it is necessary that Vetinari is responsible for generating the of use, it is necessary that Notary is responsible for generating the
timestamp.json based on the snapshot.json created and uploaded by the timestamp.json based on the snapshot.json created and uploaded by the
repository owner. repository owner.
It is bad policy to place any signing keys in frontline servers. While It is bad policy to place any signing keys in frontline servers. While
Vetinari is capable of supporting this behaviour we recommend using a Notary is capable of supporting this behaviour we recommend using a
separate service and server with highly restricted permissions. Rufus separate service and server with highly restricted permissions. Rufus
is provided as a reference implementation of a remote signer. An is provided as a reference implementation of a remote signer. An
implementation that satisfies the gRPC interface defined in Rufus will implementation that satisfies the gRPC interface defined in Rufus will
satisfy Vetinari's requirements. satisfy Notary's requirements.
# Running # Running

View File

@ -1,6 +1,6 @@
# Roadmap # Roadmap
The Trust project consists of a number of moving parts of which Vetinari is one. Vetinari is the front line metadata service The Trust project consists of a number of moving parts of which Notary is one. Notary is the front line metadata service
that clients interact with. It manages TUF metadata and interacts with a pluggable signing service to issue new TUF timestamp that clients interact with. It manages TUF metadata and interacts with a pluggable signing service to issue new TUF timestamp
files. files.

View File

@ -1,8 +1,8 @@
{ {
"server": { "server": {
"addr": ":4443", "addr": ":4443",
"tls_cert_file": "./fixtures/vetinari.pem", "tls_cert_file": "./fixtures/notary.pem",
"tls_key_file": "./fixtures/vetinari.key" "tls_key_file": "./fixtures/notary.key"
}, },
"trust_service":{ "trust_service":{
"type": "local", "type": "local",

View File

@ -0,0 +1,15 @@
{
"server": {
"addr": ":4443",
"tls_key_file": "/go/src/github.com/docker/notary/fixtures/notary.key",
"tls_cert_file": "/go/src/github.com/docker/notary/fixtures/notary.pem"
},
"trust_service": {
"type": "local",
"hostname": "",
"port": ""
},
"logging": {
"level": 5
}
}

View File

@ -17,10 +17,10 @@ import (
_ "github.com/go-sql-driver/mysql" _ "github.com/go-sql-driver/mysql"
"golang.org/x/net/context" "golang.org/x/net/context"
"github.com/docker/vetinari/config" "github.com/docker/notary/config"
"github.com/docker/vetinari/server" "github.com/docker/notary/server"
"github.com/docker/vetinari/server/version" "github.com/docker/notary/server/version"
"github.com/docker/vetinari/signer" "github.com/docker/notary/signer"
) )
// DebugAddress is the debug server address to listen on // DebugAddress is the debug server address to listen on
@ -65,21 +65,21 @@ func main() {
var trust signed.CryptoService var trust signed.CryptoService
if conf.TrustService.Type == "remote" { if conf.TrustService.Type == "remote" {
logrus.Info("[Vetinari Server] : Using remote signing service") logrus.Info("[Notary Server] : Using remote signing service")
trust = signer.NewRufusSigner(conf.TrustService.Hostname, conf.TrustService.Port, conf.TrustService.TLSCAFile) trust = signer.NewRufusSigner(conf.TrustService.Hostname, conf.TrustService.Port, conf.TrustService.TLSCAFile)
} else { } else {
logrus.Info("[Vetinari] : Using local signing service") logrus.Info("[Notary] : Using local signing service")
trust = signed.NewEd25519() trust = signed.NewEd25519()
} }
db, err := sql.Open("mysql", "dockercondemo:dockercondemo@tcp(vetinarimysql:3306)/dockercondemo") db, err := sql.Open("mysql", "dockercondemo:dockercondemo@tcp(notarymysql:3306)/dockercondemo")
if err != nil { if err != nil {
logrus.Fatal("Error starting DB driver: ", err.Error()) logrus.Fatal("Error starting DB driver: ", err.Error())
return // not strictly needed but let's be explicit return // not strictly needed but let's be explicit
} }
ctx = context.WithValue(ctx, "versionStore", version.NewVersionDB(db)) ctx = context.WithValue(ctx, "versionStore", version.NewVersionDB(db))
for { for {
logrus.Info("[Vetinari] Starting Server") logrus.Info("[Notary] Starting Server")
childCtx, cancel := context.WithCancel(ctx) childCtx, cancel := context.WithCancel(ctx)
go server.Run(childCtx, conf.Server, trust) go server.Run(childCtx, conf.Server, trust)
@ -88,20 +88,20 @@ func main() {
// On a sighup we cancel and restart a new server // On a sighup we cancel and restart a new server
// with updated config // with updated config
case <-sigHup: case <-sigHup:
logrus.Infof("[Vetinari] Server restart requested. Attempting to parse config at %s", configFile) logrus.Infof("[Notary] Server restart requested. Attempting to parse config at %s", configFile)
conf, err = parseConfig(configFile) conf, err = parseConfig(configFile)
if err != nil { if err != nil {
logrus.Infof("[Vetinari] Unable to parse config. Old configuration will keep running. Parse Err: %s", err.Error()) logrus.Infof("[Notary] Unable to parse config. Old configuration will keep running. Parse Err: %s", err.Error())
continue continue
} else { } else {
cancel() cancel()
logrus.Info("[Vetinari] Stopping server for restart") logrus.Info("[Notary] Stopping server for restart")
break break
} }
// On sigkill we cancel and shutdown // On sigkill we cancel and shutdown
case <-sigTerm: case <-sigTerm:
cancel() cancel()
logrus.Info("[Vetinari] Shutting Down Hard") logrus.Info("[Notary] Shutting Down Hard")
os.Exit(0) os.Exit(0)
} }
} }
@ -117,9 +117,9 @@ func usage() {
// endpoints. The addr should not be exposed externally. For most of these to // endpoints. The addr should not be exposed externally. For most of these to
// work, tls cannot be enabled on the endpoint, so it is generally separate. // work, tls cannot be enabled on the endpoint, so it is generally separate.
func debugServer(addr string) { func debugServer(addr string) {
logrus.Info("[Vetinari Debug Server] server listening on", addr) logrus.Info("[Notary Debug Server] server listening on", addr)
if err := http.ListenAndServe(addr, nil); err != nil { if err := http.ListenAndServe(addr, nil); err != nil {
logrus.Fatal("[Vetinari Debug Server] error listening on debug interface: ", err) logrus.Fatal("[Notary Debug Server] error listening on debug interface: ", err)
} }
} }

View File

@ -12,7 +12,7 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"github.com/docker/vetinari/trustmanager" "github.com/docker/notary/trustmanager"
"github.com/endophage/gotuf/data" "github.com/endophage/gotuf/data"
"github.com/spf13/viper" "github.com/spf13/viper"
) )

View File

@ -13,7 +13,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/docker/vetinari/trustmanager" "github.com/docker/notary/trustmanager"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"

View File

@ -12,7 +12,7 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"
"github.com/docker/vetinari/trustmanager" "github.com/docker/notary/trustmanager"
) )
const configFileName string = "config" const configFileName string = "config"

View File

@ -166,7 +166,7 @@ func tufList(cmd *cobra.Command, args []string) {
repo := tuf.NewTufRepo(kdb, nil) repo := tuf.NewTufRepo(kdb, nil)
remote, err := store.NewHTTPStore( remote, err := store.NewHTTPStore(
"https://vetinari:4443/v2/"+gun+"/_trust/tuf/", "https://notary:4443/v2/"+gun+"/_trust/tuf/",
"", "",
"json", "json",
"", "",
@ -203,7 +203,7 @@ func tufLookup(cmd *cobra.Command, args []string) {
repo := tuf.NewTufRepo(kdb, nil) repo := tuf.NewTufRepo(kdb, nil)
remote, err := store.NewHTTPStore( remote, err := store.NewHTTPStore(
"https://vetinari:4443/v2/"+gun+"/_trust/tuf/", "https://notary:4443/v2/"+gun+"/_trust/tuf/",
"", "",
"json", "json",
"", "",
@ -239,7 +239,7 @@ func tufPublish(cmd *cobra.Command, args []string) {
fmt.Println("Pushing changes to ", gun, ".") fmt.Println("Pushing changes to ", gun, ".")
remote, err := store.NewHTTPStore( remote, err := store.NewHTTPStore(
"https://vetinari:4443/v2/"+gun+"/_trust/tuf/", "https://notary:4443/v2/"+gun+"/_trust/tuf/",
"", "",
"json", "json",
"", "",
@ -332,7 +332,7 @@ func verify(cmd *cobra.Command, args []string) {
repo := tuf.NewTufRepo(kdb, nil) repo := tuf.NewTufRepo(kdb, nil)
remote, err := store.NewHTTPStore( remote, err := store.NewHTTPStore(
"https://vetinari:4443/v2/"+gun+"/_trust/tuf/", "https://notary:4443/v2/"+gun+"/_trust/tuf/",
"", "",
"json", "json",
"", "",

View File

@ -1,15 +0,0 @@
{
"server": {
"addr": ":4443",
"tls_key_file": "/go/src/github.com/docker/vetinari/fixtures/vetinari.key",
"tls_cert_file": "/go/src/github.com/docker/vetinari/fixtures/vetinari.pem"
},
"trust_service": {
"type": "local",
"hostname": "",
"port": ""
},
"logging": {
"level": 5
}
}

View File

@ -45,7 +45,7 @@ func Load(data io.Reader) (*Configuration, error) {
decoder := json.NewDecoder(data) decoder := json.NewDecoder(data)
err := decoder.Decode(&conf) err := decoder.Decode(&conf)
if err != nil { if err != nil {
logrus.Error("[Vetinari Server] : Failed to parse configuration: ", err.Error()) logrus.Error("[Notary Server] : Failed to parse configuration: ", err.Error())
return nil, err return nil, err
} }
return &conf, nil return &conf, nil

View File

@ -1,7 +1,7 @@
vetinari: notary:
build: . build: .
links: links:
- vetinarimysql - notarymysql
ports: ports:
- "8080:8080" - "8080:8080"
- "4443:4443" - "4443:4443"
@ -10,7 +10,7 @@ vetinari:
# - /dev/bus/usb/003/010:/dev/bus/usb/002/010 # - /dev/bus/usb/003/010:/dev/bus/usb/002/010
# - /var/run/pcscd/pcscd.comm:/var/run/pcscd/pcscd.comm # - /var/run/pcscd/pcscd.comm:/var/run/pcscd/pcscd.comm
# build: ../rufus # build: ../rufus
vetinarimysql: notarymysql:
build: ./vetinarimysql/ build: ./notarymysql/
ports: ports:
- "3306:3306" - "3306:3306"

View File

@ -11,8 +11,8 @@ import (
"github.com/gorilla/mux" "github.com/gorilla/mux"
"golang.org/x/net/context" "golang.org/x/net/context"
"github.com/docker/vetinari/errors" "github.com/docker/notary/errors"
"github.com/docker/vetinari/server/version" "github.com/docker/notary/server/version"
) )
// MainHandler is the default handler for the server // MainHandler is the default handler for the server
@ -101,7 +101,7 @@ func GetHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) *er
data, err := store.GetCurrent(gun, tufRole) data, err := store.GetCurrent(gun, tufRole)
logrus.Debug("JSON: ", string(data)) logrus.Debug("JSON: ", string(data))
if err != nil { if err != nil {
logrus.Errorf("[Vetinari] 500 GET repository: %s, role: %s", gun, tufRole) logrus.Errorf("[Notary] 500 GET repository: %s, role: %s", gun, tufRole)
return &errors.HTTPError{ return &errors.HTTPError{
HTTPStatus: http.StatusInternalServerError, HTTPStatus: http.StatusInternalServerError,
Code: 9999, Code: 9999,
@ -109,7 +109,7 @@ func GetHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) *er
} }
} }
if data == nil { if data == nil {
logrus.Errorf("[Vetinari] 404 GET repository: %s, role: %s", gun, tufRole) logrus.Errorf("[Notary] 404 GET repository: %s, role: %s", gun, tufRole)
return &errors.HTTPError{ return &errors.HTTPError{
HTTPStatus: http.StatusNotFound, HTTPStatus: http.StatusNotFound,
Code: 9999, Code: 9999,

View File

@ -9,7 +9,7 @@ import (
"github.com/endophage/gotuf/signed" "github.com/endophage/gotuf/signed"
"github.com/docker/vetinari/utils" "github.com/docker/notary/utils"
) )
func TestMainHandlerGet(t *testing.T) { func TestMainHandlerGet(t *testing.T) {

View File

@ -14,9 +14,9 @@ import (
"github.com/gorilla/mux" "github.com/gorilla/mux"
"golang.org/x/net/context" "golang.org/x/net/context"
"github.com/docker/vetinari/config" "github.com/docker/notary/config"
"github.com/docker/vetinari/server/handlers" "github.com/docker/notary/server/handlers"
"github.com/docker/vetinari/utils" "github.com/docker/notary/utils"
) )
type HTTPServer struct { type HTTPServer struct {
@ -49,7 +49,7 @@ func (svr *HTTPServer) TimeoutConnections() {
for conn, _ := range svr.conns { for conn, _ := range svr.conns {
conn.Close() conn.Close()
} }
logrus.Infof("[Vetinari] All connections closed for server %s", svr.id) logrus.Infof("[Notary] All connections closed for server %s", svr.id)
} }
// Run sets up and starts a TLS server that can be cancelled using the // Run sets up and starts a TLS server that can be cancelled using the
@ -65,7 +65,7 @@ func run(ctx context.Context, addr, tlsCertFile, tlsKeyFile string, trust signed
keypair, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile) keypair, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile)
if err != nil { if err != nil {
logrus.Errorf("[Vetinari] Error loading keys %s", err) logrus.Errorf("[Notary] Error loading keys %s", err)
return err return err
} }
@ -115,7 +115,7 @@ func run(ctx context.Context, addr, tlsCertFile, tlsKeyFile string, trust signed
}, },
) )
logrus.Info("[Vetinari] : Listening on", addr) logrus.Info("[Notary] : Listening on", addr)
go stopWatcher(ctx, svr, lsnr, tlsLsnr) go stopWatcher(ctx, svr, lsnr, tlsLsnr)
@ -127,7 +127,7 @@ func run(ctx context.Context, addr, tlsCertFile, tlsKeyFile string, trust signed
func stopWatcher(ctx context.Context, svr *HTTPServer, ls ...net.Listener) { func stopWatcher(ctx context.Context, svr *HTTPServer, ls ...net.Listener) {
doneChan := ctx.Done() doneChan := ctx.Done()
<-doneChan <-doneChan
logrus.Debug("[Vetinari] Received close signal") logrus.Debug("[Notary] Received close signal")
for _, l := range ls { for _, l := range ls {
l.Close() l.Close()
} }

View File

@ -9,7 +9,7 @@ import (
"github.com/endophage/gotuf/signed" "github.com/endophage/gotuf/signed"
"golang.org/x/net/context" "golang.org/x/net/context"
"github.com/docker/vetinari/config" "github.com/docker/notary/config"
) )
func TestRunBadCerts(t *testing.T) { func TestRunBadCerts(t *testing.T) {
@ -40,8 +40,8 @@ func TestRunReservedPort(t *testing.T) {
config := config.ServerConf{ config := config.ServerConf{
Addr: "localhost:80", Addr: "localhost:80",
TLSCertFile: "../fixtures/vetinari.pem", TLSCertFile: "../fixtures/notary.pem",
TLSKeyFile: "../fixtures/vetinari.key", TLSKeyFile: "../fixtures/notary.key",
} }
err := Run(ctx, config, signed.NewEd25519()) err := Run(ctx, config, signed.NewEd25519())
@ -59,8 +59,8 @@ func TestRunGoodCancel(t *testing.T) {
config := config.ServerConf{ config := config.ServerConf{
Addr: "localhost:8002", Addr: "localhost:8002",
TLSCertFile: "../fixtures/vetinari.pem", TLSCertFile: "../fixtures/notary.pem",
TLSKeyFile: "../fixtures/vetinari.key", TLSKeyFile: "../fixtures/notary.key",
} }
go func() { go func() {

View File

@ -9,7 +9,7 @@ import (
"github.com/gorilla/mux" "github.com/gorilla/mux"
"golang.org/x/net/context" "golang.org/x/net/context"
"github.com/docker/vetinari/errors" "github.com/docker/notary/errors"
) )
// contextHandler defines an alterate HTTP handler interface which takes in // contextHandler defines an alterate HTTP handler interface which takes in
@ -56,7 +56,7 @@ func (root *rootHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// return // return
// } // }
if err := root.handler(ctx, w, r); err != nil { if err := root.handler(ctx, w, r); err != nil {
logrus.Error("[Vetinari] ", err.Error()) logrus.Error("[Notary] ", err.Error())
http.Error(w, err.Error(), err.HTTPStatus) http.Error(w, err.Error(), err.HTTPStatus)
return return
} }

View File

@ -12,7 +12,7 @@ import (
"github.com/endophage/gotuf/signed" "github.com/endophage/gotuf/signed"
"github.com/docker/vetinari/errors" "github.com/docker/notary/errors"
) )
func MockContextHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) *errors.HTTPError { func MockContextHandler(ctx context.Context, w http.ResponseWriter, r *http.Request) *errors.HTTPError {

View File

@ -2,7 +2,7 @@ package version
// Package is the overall, canonical project import path under which the // Package is the overall, canonical project import path under which the
// package was built. // package was built.
var Package = "github.com/docker/vetinari" var Package = "github.com/docker/notary"
// Version indicates which version of the binary is running. This is set to // Version indicates which version of the binary is running. This is set to
// the latest release tag by hand, always suffixed by "+unknown". During // the latest release tag by hand, always suffixed by "+unknown". During