docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
807 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

807 Commits

Author SHA1 Message Date
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence fea898bd34 listing all keys in the yubikey works 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence da18f54699 import-root, list, and remove working with yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 6ba7335793 fill in implementation of removeKey for yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
Ying Li 2cb072667c Merge pull request #24 from docker/fix-cryptoservice-create-get-key 
Fix the problem where root was being searched for in root_keys/repo/####_root.key

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)
 2015-11-12 01:09:02 -08:00
Ying Li 2a9e163bd2 Fixed cryptoservice.Create to call keyStore.AddKey with a GUN only if 
it is not a root role.

Updated the cryptoservice tests to test all key algorithms, all roles,
and cryptoservices without a GUN.  This then also found bugs in
cryptoservice.GetKey, cryptoservice.RemoveKey, and
cryptoservice.GetPrivateKey, which weren't really being exercised
previously.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:08:57 -08:00
Diogo Mónica 1230f5a41d Merge pull request #16 from docker/error_cleanup 
lots of errors cleanup

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:08:51 -08:00
David Lawrence 519a2ccbe8 removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:49 -08:00
Diogo Mónica 7c6cc7d34c Merge pull request #20 from docker/passphrase_messaging 
improve password challenge messaging when using yubikey

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:08:43 -08:00
David Lawrence bc0c0d4ea1 health check will never be able to get auth token so remove RootHandler wrapper 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:41 -08:00
David Lawrence 22244fff65 improve password challenge messaging when using yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:41 -08:00
Diogo Monica 68992ddaf5 Resolving rebase conflicts 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:07:09 -08:00
Jessica Frazelle 8902c8c0e9 fix go lint 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:07:05 -08:00
Jessica Frazelle 5f21ebd185 Add pkcs11 build tags 
Add build tags and a check in Makefile to be sure you do not import
pkcs11 lib somewhere where it should not be. This will ensure docker
import and integration will continue to work.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:07:00 -08:00
Jessica Frazelle 913c5ef033 add build tag files for pkcs11 dlopen lib 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:06:51 -08:00
Diogo Monica af1bf0c1d5 Removing debug adding pcs11 to makefiles 
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:06:46 -08:00
Diogo Monica b59225297a Fixing makefile 
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:06:40 -08:00
David Lawrence 07f0065152 ask for pin when signing 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:06:38 -08:00
Diogo Monica 53ed60ed89 Adding mandatory touch for signatures 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:06:33 -08:00
Jessica Frazelle 4648666b7c add pkcs11 build tags 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:06:26 -08:00
Diogo Monica 21138e6bad Working version of Notary and Yubikey 
Signed-off-by: Diogo Monica <diogo@docker.com>

Remove symlinks from notary-client repo creation

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>

WIP

Signed-off-by: Diogo Monica <diogo@docker.com>

working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Fixing small colon bug

Signed-off-by: Diogo Monica <diogo@docker.com>

Added things. Ship it.

Signed-off-by: Diogo Monica <diogo@docker.com>

Bringing ecdsahwcryptosigner to 2015

Signed-off-by: Diogo Monica <diogo@docker.com>

Working version of notary and yubikey

Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-11-12 01:06:09 -08:00
Diogo Monica ae11483a7b initial work on pkcs11 support 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:05:55 -08:00
Diogo Mónica dfaa8daf9b Merge pull request #255 from mtrmac/no-P224 
Don't use elliptic.P224()
 2015-11-01 10:32:03 +00:00
Diogo Mónica fd0775e1dc Merge pull request #257 from mtrmac/fix-export-root 
Fix (notary key export-root)
 2015-11-01 10:31:29 +00:00
Diogo Mónica 75c1b48a58 Merge pull request #260 from cyli/document-require-1.5.1 
Update README to reflect go 1.5.1 requirement
 2015-11-01 10:21:13 +00:00
Ying Li 07ae585485 Fix dockerfiles to no longer have the "-X ...GitCommit" deprecation warning 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-01 01:47:55 -07:00
Ying Li 301c0892f3 Update README to reflect go 1.5.1 requirement and add an endpoint 
to the makefile to check the go version

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-01 01:47:02 -07:00
Ying Li fa5c4e608d Merge pull request #256 from mtrmac/fix-import-root 
Remove key ID from (notary key import-root)
 2015-10-30 13:23:33 -07:00
Ying Li e2c6e989e9 Merge pull request #259 from mtrmac/drop-debug-print 
Remove a left-over debugging Println
 2015-10-30 13:15:49 -07:00
Miloslav Trmač 40bfc3f890 Don't use elliptic.P224() 
This curve is not available on Fedora and RHEL systems, so removing the
reference allows tests to pass there.  Vast majority of the
curve-specific work is done in the golang crypto/elliptic package, so
this does not weaken the tests noticeably.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:44:05 +01:00
Miloslav Trmač 62dc66e936 Remove key ID from (notary key import-root) 
PR #242 has started requiring a passphrase for the imported key, and
recomputes the key ID, making the command-line argument redundant.  So,
remove it from the command line and from the KeyStoreManager API.

Also updates the comment for KeyStoreManager.ImportRootKey, and changes
(notary key import-root) to refuse unexpected arguments instead of
silently ignoring them.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:40:03 +01:00
Miloslav Trmač 93c28ccb1b Fix (notary key export-root) 
-c was recently taken over by --configFile; using it for
--change-passphrase as well results in

panic: shorthand redefinition

So, move --change-passphrase to -p.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:39:20 +01:00
Miloslav Trmač c2d560c789 Remove a left-over debugging Println 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:38:41 +01:00
Diogo Mónica 29f5a4523c Merge pull request #254 from endophage/cryptoservice_multiple_keystores 
cryptoservices can abstract multiple keystores
 2015-10-30 11:21:52 -07:00
David Lawrence 9428beea50 expose cryptoservice in NotarySigner 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 11:08:35 -07:00
David Lawrence f791c01974 cryptoservices can abstract multiple keystores 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 11:05:43 -07:00
Ying Li e5c388d470 Merge pull request #246 from endophage/private_signer 
Private keys implement crypto.Signer
 2015-10-30 10:33:46 -07:00
David Lawrence 06990fd5a1 integreating with @cyli's improvements 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 10:15:52 -07:00
Diogo Mónica 7e5cc048b7 Merge pull request #253 from cyli/prometheus-server 
Add prometheus stats to server http handlers
 2015-10-29 22:22:24 -07:00
Ying Li 5ea5b40d3f Add prometheus stats to server http handlers 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 21:04:35 -07:00
Ying Li 3bd4637b09 Merge pull request #251 from HuKeping/fix-list 
Fix broken list
 2015-10-29 20:03:49 -07:00
HuKeping 169d67169c Fix broken list 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2015-10-30 10:46:06 +08:00
Ying Li 4c195db439 Merge pull request #249 from jfrazelle/dockerfile-cleanup 
better named dockerfiles and upgrade to go 1.5.1
 2015-10-29 19:04:11 -07:00
David Lawrence 7a24fbf32f adding singer interfaces to private keys: 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-29 17:48:15 -07:00
David Lawrence e904675043 Merge pull request #247 from cyli/remove-unlocked-cryptoservice 
Remove unlocked_cryptoservice and GetRootCryptoService
 2015-10-29 17:47:31 -07:00
Jessica Frazelle 4e59ed05bc
better named dockerfiles and upgrade to go 1.5.1 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2015-10-29 17:18:43 -07:00
Ying Li 91d54899d7 Add a GetPrivateKey method to cryptoservice so that we can future-proof 
cryptoservice having multiple keystores

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:40 -07:00
Ying Li 7dc0dbec84 Remove the cryptoservice argument to sign 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:21 -07:00
Ying Li a3e9558b03 1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo! 
2. Call NotaryRepository.cryptoService.GetKey rather than
NotaryRepository.KeyStoreManager.KeyStore.GetKey

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:13:23 -07:00