0e5ebb984a
Merge pull request #245 from cyli/prometheus
...
Add prometheus as a dependency
2015-10-29 14:18:31 -07:00
8696c64d12
Add prometheus as a dependency
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 20:21:45 -07:00
570ef86584
Merge pull request #233 from cyli/codecov
...
Use make targets in circleci, more complete coverage
2015-10-28 15:55:33 -07:00
6dcad7860f
Merge pull request #237 from cyli/mutual-auth
...
Support mutual authentication between the server and signer
2015-10-28 15:55:24 -07:00
aa5b621968
Fix import error after rebase
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:44:33 -07:00
adda5776cb
Use ListenAndServeTLS with blank args, since ListenAndServe doesn't actually set up TLS
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:42:36 -07:00
126691ac9e
Update the notary server and signer configs to make use of client authentication.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:42:33 -07:00
34aecae033
Split out parsing the client TLS in notary-server.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:40:41 -07:00
04a78e720f
Factor out and test TLS configuration in notary-server.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:39:52 -07:00
bbf941d198
Allow client CAs to be provided to notary-signer.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:39:52 -07:00
0a3025c959
Merge pull request #235 from HuKeping/update-readme
...
Docs: update readme
2015-10-28 15:36:59 -07:00
daa36b43b7
Merge pull request #242 from docker/unify-root-nonroot-keystore
...
Unify root nonroot keystore
2015-10-28 13:14:19 -07:00
ccb2e1a8f4
Merge pull request #241 from endophage/include_gotuf
...
Include gotuf in notary
2015-10-28 13:13:48 -07:00
6150c931dd
Make a keysMap rather than just declaring
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 12:47:42 -07:00
34cbbb270b
updating maintainers and adding top level contributors, removing those files from tuf dir
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 22:59:23 -07:00
fa70a79ed7
go fmt was complaining about import order after my sed replacement
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 17:22:08 -07:00
21ee24bc30
fixing vet error in existing notary code
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:37:41 -07:00
57aaee1c1c
Remove unneeded contants from keystoremanager
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-27 16:36:53 -07:00
2833a88292
adding gotuf to notary
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:36:06 -07:00
75b63b84cd
Add import/export to KeyStore interface so that the import_export code
...
makes use of this rather than mangle files manually to import/export
root keys. (Regular keys it just zips up the whole directory.)
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-27 16:19:14 -07:00
566bd3ce67
Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting
...
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-27 12:33:46 -07:00
4036910a6a
Merge pull request #240 from cyli/server-healthcheck-endpoint
...
Add the health handler to the main server
2015-10-27 11:47:53 -07:00
b238d85159
Add the health handler to the main server
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-26 14:23:48 -07:00
bcdd375ce5
Merge pull request #229 from cyli/tls-config-refactor
...
Factor out TLS configuration code for server and TLS
2015-10-26 09:33:41 -07:00
399df0a982
Merge pull request #234 from cyli/remove-symlinks
...
Remove symlinking root keys
2015-10-26 08:23:35 -07:00
f8b9127181
Docs: update readme
...
Two main things:
- Update the content
- Update broken links
Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-10-26 16:42:20 +08:00
408f1efee7
Use -coverpkg to build multiple coverage outputs and use a tool
...
to merge them, to get more complete coverage information (so a package
can be tested by code outside the package).
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-24 02:31:09 -07:00
0eb76f4057
Remove option prefixing
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 21:55:53 -07:00
ed61974d10
Remove linking from the filestore
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 21:19:47 -07:00
d5bbaae9c9
Remove symlinking and symlink checking from key import-export.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 21:07:37 -07:00
15c3bbeb9c
Remove explicit test for parsing garbage in certs.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 20:55:59 -07:00
f961afe5c3
Do not run shortened tests in CI, since some codepaths are just
...
unexercised.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 18:47:39 -07:00
09dc607bef
Read multiple CA certs from a single PEM file - thanks @mtrmac!
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 15:56:47 -07:00
c7bef046d5
Clean up the make targets for CircleCI some more.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 18:47:44 -07:00
61f9f84254
Use configuration option structures to set up client TLS and server TLS.
...
Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 18:43:33 -07:00
e409eb0dc3
Remove Link from the filestore
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 14:30:35 -07:00
402c704798
Remove symlinks from notary-client repo creation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 14:21:10 -07:00
efb71c9ef1
Update gotuf
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-10-21 12:15:23 -07:00
412e0facc8
Explicitly check the skip tls verify boolean in notary client
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 10:38:48 -07:00
9a8fbb5774
Exit the foreach loop if failure, so CI will fail on failed test
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 00:21:15 -07:00
8a996f417a
updating godeps and notary for some syntax changes in gotuf brought on by golint
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-20 23:56:35 -07:00
e6460330bd
fixing camel casing of func
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-20 21:45:30 -07:00
4e24d49ab2
Use the makefile targets for running the test in CircleCI. Push
...
coverage output to codecov.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-20 21:07:24 -07:00
208977b1ad
Add an extra test for ECDSAx509 keys
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-20 20:57:18 -07:00
ea7d621705
Add a utility function to return a public key ID from a certificate.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-20 19:38:39 -07:00
a858a4f362
Update Makefile with targets that can be used with CircleCI. Also
...
allow an option to run the short tests (without coverage) while
searching for race conditions.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-20 14:20:01 -07:00
5cdb46a9da
Accept the same ciphersuites in the client and server as docker.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:31:18 -07:00
fb81aaed10
Add test for if the client CA dir is empty
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:31:18 -07:00
fc389b7bc3
Use tls client config utility in notary as well.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:31:18 -07:00
fb1013b997
Add servername to the client TLS config, and use it to build notary-server's
...
TLS connection to notary-signer.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:29:54 -07:00
Diogo Mónica