docker/docs - docs - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Diogo Monica	21138e6bad	Working version of Notary and Yubikey Signed-off-by: Diogo Monica <diogo@docker.com> Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> WIP Signed-off-by: Diogo Monica <diogo@docker.com> working yubikey integration Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage) Fixing small colon bug Signed-off-by: Diogo Monica <diogo@docker.com> Added things. Ship it. Signed-off-by: Diogo Monica <diogo@docker.com> Bringing ecdsahwcryptosigner to 2015 Signed-off-by: Diogo Monica <diogo@docker.com> Working version of notary and yubikey Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:06:09 -08:00
Ying Li	b9a4175ea9	Update the client NotaryRepository to initialize with a root key ID Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 15:11:15 -07:00
Ying Li	6150c931dd	Make a keysMap rather than just declaring Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 12:47:42 -07:00
Ying Li	566bd3ce67	Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting over the root keys directory from non-root keys directory from keystoremanager to keystore, since we're eliminating keystoremanager. Maintain the two separate directories, though, because one can't tell whether there is an old-style separate-directories structure, or if someone has a GUN that starts with tuf_keys. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-27 12:33:46 -07:00
Ying Li	61f9f84254	Use configuration option structures to set up client TLS and server TLS. Test for if client cert is passed without a client key and vice versa. Fail in ConfigureClientTLS if only one of client cert/key is passed. Lint fixes. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-21 18:43:33 -07:00
Ying Li	412e0facc8	Explicitly check the skip tls verify boolean in notary client Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-21 10:38:48 -07:00
Ying Li	fc389b7bc3	Use tls client config utility in notary as well. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-19 17:31:18 -07:00
Ying Li	a5e64ecf03	Do not use the viper singleton instance everywhere Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-19 11:50:04 -07:00
Diogo Monica	70fe89f69c	Adding check for relative VS full path Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 18:15:38 -07:00
Diogo Monica	8299e01b0a	Fixed comments, changed default config Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 17:14:23 -07:00
Diogo Monica	aeb96f27a2	Adding client-side root-ca server and config Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 17:13:39 -07:00
Ryan Cox	7bee606f43	Add support for 'notary status' command to show details about unpublished changes Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>	2015-10-08 22:07:36 -07:00
David Lawrence	2532363fa3	wrapping up token authentication Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-08-19 14:36:30 -07:00
Derek McGowan	a5aea53ef5	Add username and password prompt Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)	2015-08-19 13:48:16 -07:00
Derek McGowan	16ff63599d	Updated notary cli to use authenticated transport Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)	2015-08-19 13:48:16 -07:00
Diogo Monica	59b02db807	Addressing nits Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-28 19:35:29 -07:00
Diogo Monica	27461ad9fb	Added cli cert command, changed keylisting to be a map, fixed key removal Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-28 18:14:29 -07:00
Diogo Monica	5a57f5e970	Rebased off of master, working removes Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-28 11:55:53 -07:00
Diogo Monica	e7fb8ab46c	Fixing golint Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-28 11:47:14 -07:00
Diogo Monica	579f51866b	Removed all local keystores, added configurable trust dir Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-28 11:47:14 -07:00
David Lawrence	0f322c69a2	fixing remove Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-28 10:21:14 -07:00
Aaron Lehmann	2db2764874	Only skip TLS certificate verification if this is explicitly specified in the config Fixes #111 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-21 17:45:38 -07:00
Nathan McCauley	6ffcb134d7	fix hash compare on verfy to be bytewise Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 17:58:46 -07:00
Derek McGowan	c35c1ea254	Move passphrase logic to its own package The logic to retrieve passphrase is generic and may be used by directly by clients. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)	2015-07-20 13:02:05 -07:00
Nathan McCauley	6b23e7d249	review feedback Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 11:10:13 -07:00
Nathan McCauley	bc939bdf1f	basic caching of root password for notary cli Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 11:00:24 -07:00
Nathan McCauley	0642da80f1	review feedback Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 11:00:24 -07:00
Nathan McCauley	38fe6bd45b	gofmt across the baord Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 11:00:24 -07:00
Nathan McCauley	de6f65b7e7	many testing fixups to support key aliasing Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 11:00:22 -07:00
Nathan McCauley	f239757dfd	keystore aliasing, take 2 Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 10:58:20 -07:00
Nathan McCauley	5df1eb21f3	keystore aliasing, take 1 Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 10:58:20 -07:00
Nathan McCauley	23b7e8c6af	Update keyfilestore to use passwordRetriever Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 10:58:16 -07:00
David Lawrence	d453c6548d	client side of multi TUF file atomic update Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-17 17:48:06 -07:00
Aaron Lehmann	afc331b930	Add a unit test for publish This instantiates a temporary server, publishes some targets to it, and makes sure we can pull back the correct targets from the server. Also fixes a few problems with the client unit tests, error reporting in the client, and logging in the server. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-17 16:27:31 -07:00
Diogo Mónica	0ed6072a4a	Merge pull request #67 from docker/adding-certs Adding new certificates	2015-07-15 22:35:54 -07:00
Diogo Monica	3debfbca10	Reissued all certs with correct SANs Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-15 21:42:24 -07:00
David Lawrence	72d7d35221	fixing database queries Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-15 16:19:14 -07:00
Aaron Lehmann	a16581ecc7	Move CryptoService and UnlockedCryptoService into a cryptoservice package Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that they don't depend on client-specific types. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-14 18:39:38 -07:00
Aaron Lehmann	d5c7c40955	Introduce a KeyStoreManager to abstract management of root and non-root key storage This structure encapsulates what used to be "rootKeyStore" and "privKeyStore". These are being moved out of NotaryRepository, so that operations like listing keys, importing keys, and exporting keys aren't tied to a NotaryRepository structure. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-14 18:39:38 -07:00
Aaron Lehmann	e4704f9729	Update notary for removal of signed.Signer We now deal with CryptoServices directly instead of passing around Signers. UnlockedSigner becomes UnlockedCryptoService because it no longer contains a Signer. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-13 15:18:02 -07:00
Diogo Monica	765a2cf661	Refactor crypto service Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-13 13:53:47 -07:00
Diogo Monica	ba94fdd19d	Signature/key types are now used correcty and are represented by constants. Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-12 22:21:29 -07:00
Diogo Monica	39482c2397	Working ECDSA implementation Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-12 22:21:29 -07:00
David Lawrence	d1b09962f1	using roundtripper in notary client Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-10 10:02:38 -07:00
Diogo Monica	06a28c89ee	Added root key creation if non-existing to notary Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-09 18:56:06 -07:00
Aaron Lehmann	082d4f3c7c	Change NotaryRepository to honor the baseURL passed in Remove "transport", because it's not used. In the actual notary client, pass in a hard-coded URL for now (same one previously hardcoded in getRemoteStore). In tests, create a trivial HTTP server using net/http/httptest, which returns a timestamp.key file. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-09 17:58:33 -07:00
David Lawrence	73ca456297	annotating Publish and making it accept a password retriever function Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-09 17:58:09 -07:00
David Lawrence	6bff14a679	refactoring NotaryClient out Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-09 17:58:09 -07:00
David Lawrence	ebbb30b56c	hold unlocked signer on repository Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-09 17:58:09 -07:00
David Lawrence	c9ab3394de	further publish updates, it pushes now, but doesn't sign roots correctly Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-09 17:58:09 -07:00

1 2

91 Commits