docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
807 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

247 Commits

Author SHA1 Message Date
Nathan McCauley f239757dfd keystore aliasing, take 2 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 5df1eb21f3 keystore aliasing, take 1 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 23b7e8c6af Update keyfilestore to use passwordRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:16 -07:00
David Lawrence 7db33797a8 fixing timestamp errors on list 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-20 10:35:40 -07:00
David Lawrence d453c6548d client side of multi TUF file atomic update 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-17 17:48:06 -07:00
Diogo Mónica 552ccf411a Merge pull request #80 from docker/test-publish 
Add a unit test for publish
 2015-07-17 16:53:45 -07:00
Aaron Lehmann afc331b930 Add a unit test for publish 
This instantiates a temporary server, publishes some targets to it, and
makes sure we can pull back the correct targets from the server.

Also fixes a few problems with the client unit tests, error reporting in
the client, and logging in the server.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 16:27:31 -07:00
Diogo Monica 58e6544d0a Adding Cert retrieval by common name, and renaming KeyID to CertID 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:28:30 -07:00
Nathan McCauley 88e7346782 Merge pull request #71 from docker/unify-cryptoservice 
Unify cryptoservice
 2015-07-17 11:10:59 -07:00
Aaron Lehmann 125d72fd77 Big refactor to make signer use cryptoservices 
- Add MemoryFileStore, a partial FileStore implementation that doesn't
  persist on disk.

- Create a KeyStore interface that allows pluggable key store types. Use
  this interface in the cryptoservice implementation.

- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.

- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.

- Refactor the hardware RSA signing service as a CryptoService.

- Replace custom ed25519 code with cryptoservice.CryptoService.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 09:33:19 -07:00
Richard Scothern e5d6180276 Enable remote signing service 
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
 2015-07-16 11:16:40 -07:00
Richard Scothern df18a541e2 Fix the staging deployment. 
Add a service name and ephemeral ports to notary server.
Remove certs as TLS is terminated in the ELB.

Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
 2015-07-16 09:50:52 -07:00
Diogo Mónica 0ed6072a4a Merge pull request #67 from docker/adding-certs 
Adding new certificates
 2015-07-15 22:35:54 -07:00
Richard Scothern 8eafc998f7 Merge pull request #63 from endophage/fix_sql 
fixing database queries
 2015-07-15 22:33:48 -07:00
Diogo Monica 3debfbca10 Reissued all certs with correct SANs 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 21:42:24 -07:00
Diogo Monica ddfcd50471 Changing .pem to .crt everywhere 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 20:44:09 -07:00
Diogo Monica cdee810942 Changed notary-server to point at new certs 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:45:34 -07:00
Aaron Lehmann 167a07c894 Change notary-signer to use gotuf's key types 
This causes notary-signer to use gotuf's Key interface instead of
defining its own redundant types.

We can go further with this in the future by removing the redundant
ED25519 implementation. This would be refactored into the cryptoservice
package, and notary-signer would be changed to use that package's
cryptoservice for key creation and signing operations.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-15 17:22:46 -07:00
David Lawrence 72d7d35221 fixing database queries 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-15 16:19:14 -07:00
Aaron Lehmann a16581ecc7 Move CryptoService and UnlockedCryptoService into a cryptoservice package 
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-14 18:39:38 -07:00
Aaron Lehmann d5c7c40955 Introduce a KeyStoreManager to abstract management of root and non-root key storage 
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-14 18:39:38 -07:00
Diogo Monica 321b155596 Godeps update, removed dependency on rufus 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-14 00:39:03 -07:00
Diogo Monica f03626a10e Refactored Rufus API 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-14 00:23:38 -07:00
Diogo Monica 9a4c2dc744 Initial copy of notary-signer 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-14 00:23:22 -07:00
Diogo Mónica 935b9a9366 Merge pull request #47 from docker/cryptoservice-refactor 
Refactor crypto service
 2015-07-13 15:29:59 -07:00
Aaron Lehmann e4704f9729 Update notary for removal of signed.Signer 
We now deal with CryptoServices directly instead of passing around
Signers.

UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-13 15:18:02 -07:00
David Lawrence da59198191 adding htpasswd auth to support the same set of mechanisms as distribution 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-13 14:17:24 -07:00
Diogo Monica 765a2cf661 Refactor crypto service 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-13 13:53:47 -07:00
Diogo Monica ba94fdd19d Signature/key types are now used correcty and are represented by constants. 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica 085c613527 Refactored fingerprint cert and added better debugging 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
Diogo Monica 39482c2397 Working ECDSA implementation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-12 22:21:29 -07:00
David Lawrence d1b09962f1 using roundtripper in notary client 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-10 10:02:38 -07:00
Diogo Mónica 436e02d390 Merge pull request #32 from dmcgowan/fix-default-loglevel 
Fix default log level
 2015-07-09 23:56:13 -07:00
Ian Duffy ed4454c9c9 Fix example configuration file given in README.md 
The example configuration given in README.md is missing a comma character and doesn't form valid JSON.

This PR adds the comma as required.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
 2015-07-10 04:35:02 +01:00
Diogo Monica 06a28c89ee Added root key creation if non-existing to notary 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 18:56:06 -07:00
Aaron Lehmann 082d4f3c7c Change NotaryRepository to honor the baseURL passed in 
Remove "transport", because it's not used.

In the actual notary client, pass in a hard-coded URL for now (same one
previously hardcoded in getRemoteStore). In tests, create a trivial HTTP
server using net/http/httptest, which returns a timestamp.key file.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:33 -07:00
Diogo Monica 8c6de46aca Added list keys that ignores symlinks 2015-07-09 17:58:10 -07:00
David Lawrence 73ca456297 annotating Publish and making it accept a password retriever function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
David Lawrence 6bff14a679 refactoring NotaryClient out 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
David Lawrence ebbb30b56c hold unlocked signer on repository 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
David Lawrence c9ab3394de further publish updates, it pushes now, but doesn't sign roots correctly 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
Diogo Monica f9f11e5781 Starting the key refactor; rename UnlockedRootKey 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:09 -07:00
David Lawrence 1d163650a3 changelist implementation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
David Lawrence 9d5e988586 working refactor 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:08 -07:00
Diogo Monica e66dc12eca More refactor 2015-07-09 17:58:08 -07:00
Diogo Monica 93f7d9911f Implementing ListTargets 2015-07-09 17:58:08 -07:00
Diogo Monica 30c0856266 Remove config from libnotary 2015-07-09 17:58:08 -07:00
Diogo Monica 1346296869 Initial libnotary refactor 
Signed-off-by: Diogo Monica <diogo@docker.com>

Ported more functionality to libnotary
 2015-07-09 17:57:48 -07:00
Derek McGowan 0f5f340d0c Fix default log level 
Work around bug in viper configuration.
Viper will always use the default since it matches the whole key match first.
Setting the default to a map keeps the config file as the first matched item.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-07 11:55:49 -07:00
Diogo Monica d5cdeb93bb Adding EncryptedFileStore and changing interfaces 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-05 21:02:16 -07:00
Diogo Monica fd8471038c Added a keyfilestore with encrypted PEM support 2015-07-04 12:17:54 -07:00
David Lawrence 89379a728c adding timestamping and some general cleanup 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-03 15:38:09 -07:00
Diogo Mónica 66aec225f2 Merge pull request #8 from docker/validate_root 
validate root file against cert store
 2015-07-03 14:23:25 -07:00
Diogo Monica 1eb972a820 Changed FingerprintCert to return string; renamed kID fingerprint everywhere in notary 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-06-30 21:44:57 -07:00
Diogo Monica a0e63bcaeb Fixed verification to use exact match and fallback to CA + tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-06-30 19:38:52 -07:00
Diogo Monica cf3d7d4b52 Removed all references of GUN from filestore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-06-30 19:36:17 -07:00
Diogo Monica da7a1e67f5 Rebased off of master, fixed tests 2015-06-28 16:42:27 -07:00
David Lawrence cf2a819b21 validate root file against cert store 2015-06-28 16:35:24 -07:00
David Lawrence 913e2669c9 Merge pull request #16 from docker/mccauley/notary-readme 
Initial cut of notary client README
 2015-06-21 16:19:44 -07:00
Nathan McCauley ccfa3f44fd Initial cut of notary client README 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-06-21 16:18:39 -07:00
David Lawrence b0ee6f0c4e putting the same warning at the top of all the readmes. 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-06-21 16:13:16 -07:00
David Lawrence 779d3b687e refactoring verify and switching os.Stderr to use logrus which is set to output on stderr 2015-06-21 16:07:29 -07:00
David Lawrence 5efc8c0549 Merge pull request #12 from docker/filestore-refactor 
Major refactor the the FileStore
 2015-06-21 15:45:24 -07:00
David Lawrence d7955d6b7a adding a little more to notary server readme 2015-06-21 14:54:27 -07:00
David Lawrence ffc135ace9 Merge pull request #9 from docker/notaryserver_readme 
Notary Server README
 2015-06-21 13:21:06 -07:00
David Lawrence cd8c17b5c3 filling in README for notary-server 2015-06-21 13:19:13 -07:00
Diogo Monica 09c9099fdf Adding ListGUN to allow listing of specific keys 2015-06-21 15:14:46 -04:00
Diogo Monica eb1da6d5c6 Added delete keys by GUN 2015-06-20 23:31:03 -04:00
Diogo Monica db847379df Major refactor the the FileStore 2015-06-20 23:04:34 -04:00
David Lawrence 73f9935ea1 renaming server/version to server/storage. version was a bad name I picked late at night 2015-06-20 19:16:20 -07:00
David Lawrence 989c821d59 validate root file against cert store 2015-06-20 17:03:38 -07:00
Diogo Mónica 6625f1fc86 Merge pull request #5 from docker/mccauley/error-checking 
Add error checking
 2015-06-20 16:57:26 -04:00
Nathan McCauley 9ee5299b86 Add error checking 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-06-20 13:01:56 -07:00
Diogo Monica ed0ba8c1bf Adding minor stdout cosmetic change 2015-06-19 15:12:20 -07:00
David Lawrence 6ebdbdca0e adding readmes for commands 2015-06-19 13:35:20 -07:00
David Lawrence 03fcba1c98 exist verify with 1 on fail and make size print correctly in cli output 2015-06-19 12:38:33 -07:00
David Lawrence c7a956bdbb updating cli output for tuf to say Trusted Collection rather than TUF Repository 2015-06-19 11:47:21 -07:00
Nathan McCauley 518d0a2702 Notary Server in server log messages 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-06-19 11:17:06 -07:00
Nathan McCauley e46a95227c rename vetinari to notary 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-06-19 11:01:19 -07:00
Nathan McCauley 3f9b5dd6f7 Remove double negative 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-06-19 00:04:03 -07:00
Diogo Monica 7b86665cf8 Descriptions now use Trusted Collection everywhere 2015-06-18 21:44:54 -07:00
Diogo Monica 8da91369b8 Added confirmation for trust 2015-06-18 21:32:30 -07:00
Diogo Monica 21782098cb Initial implementation of verify 2015-06-18 20:43:02 -07:00
David Lawrence c9df04c4c0 remove actually working now 2015-06-18 19:44:33 -07:00
David Lawrence 06abf201c3 adding remove 2015-06-18 19:33:47 -07:00
David Lawrence 0ce1572c20 set logrus to stderr and refactor list/lookup 2015-06-18 19:09:34 -07:00
David Lawrence 91c1380070 list/lookup have empty output if they fail 2015-06-18 18:24:36 -07:00
Diogo Monica 6a7a08195e Rename push to publish 2015-06-18 17:19:42 -07:00
Diogo Monica 49819d239d Remove tuf from cmdline 2015-06-18 17:14:06 -07:00
Diogo Monica a353ee13e7 Merge branch 'demo' of github.com:docker/vetinari into demo 2015-06-18 15:13:29 -07:00
Diogo Monica d63649e54c Add root certificate to trusted store 2015-06-18 15:13:22 -07:00
David Lawrence bfe4d1e196 implementing lookup 2015-06-18 15:07:56 -07:00
Diogo Monica e98a25c94f Fixed Dockerfile and compose 2015-06-18 14:07:02 -07:00
Diogo Monica 1bef68654e Changed cryptoservice and rufus interface 2015-06-18 14:02:44 -07:00
David Lawrence 5b64c7b084 updating calls to CryptoService.Create to pass role name 2015-06-18 13:53:10 -07:00
Diogo Monica 0ee61e25c9 Added Dockerfiles, changed compose 2015-06-18 01:22:15 -07:00
David Lawrence 6ad97259df updating tuf subcommand to list targets when run as 2015-06-18 00:37:31 -07:00
David Lawrence e434232709 list works 2015-06-17 23:45:51 -07:00
David Lawrence 322f60b1ba tuf push working 2015-06-17 22:10:07 -07:00
Diogo Monica b0df67acd3 Added small validation to GUNs, changed logrus loglevel 2015-06-17 22:06:37 -07:00
Diogo Monica e5dd1721b3 Renamed SKID to kID 2015-06-17 21:11:36 -07:00
David Lawrence bb32390698 adding target now works 2015-06-17 21:01:24 -07:00
Diogo Monica 69525459f3 Merge branch 'demo' of github.com:docker/vetinari into demo 2015-06-17 20:51:23 -07:00
Diogo Monica cb6f43e99a Changed universal ID to be TUF, cleaned UI 2015-06-17 20:51:18 -07:00
David Lawrence e11cab0519 tuf init working 2015-06-17 18:19:39 -07:00
Diogo Monica 712ff83945 Added cliCryptoService 2015-06-17 16:05:16 -07:00
Diogo Monica ff169897b6 s/QDN/GUN 2015-06-17 13:31:13 -07:00
David Lawrence 6805f290f0 all vetinari tests pass 2015-06-17 11:28:59 -07:00
Diogo Monica 770cca453a Added listing and removal of signing certs 2015-06-17 11:17:08 -07:00
Diogo Monica 3e828b5796 Fixed compilation errors for vetinari-server 2015-06-17 11:17:08 -07:00
Diogo Monica 08124c18f6 Added key generate 2015-06-17 11:16:11 -07:00
David Lawrence 2aba401607 good start on tuf commands 2015-06-17 11:13:42 -07:00
Diogo Monica 205379efb7 Refactor commands 2015-06-17 11:13:42 -07:00
Diogo Monica be021850d4 Fixing golint 2015-06-17 11:13:42 -07:00
Diogo Monica 836521e166 Refactor cmdline key naming and added TUF skeletons 2015-06-17 11:13:42 -07:00
Diogo Monica 931c5e2a9b Refactored Add by URL out from X509 Key Stores 2015-06-17 11:13:41 -07:00
Diogo Monica ae11e1472e Changed Cli lib to Cobra and renamed to notary 2015-06-17 11:13:41 -07:00
Diogo Monica 181a453adc Added GetVerifyOptions to KeyStores and better filter for loaded CAs 2015-06-17 11:13:41 -07:00
Diogo Monica c90a362cfe Addressing small comments and nits 2015-06-17 11:13:41 -07:00
Diogo Monica 93c7950516 Renamed Trust/Untrust to Add/Remove 2015-06-17 11:13:41 -07:00
Diogo Monica a8be1c7f57 Removed RepoStores and added Viper configuration 2015-06-17 11:13:41 -07:00
Diogo Monica 6ffe6df102 Added trustmanager package and simple CLI 2015-06-17 11:13:40 -07:00
David Lawrence 801dd397ff runs with basic setup for demo 2015-06-16 12:17:40 -07:00
David Lawrence 13c4d05b79 bugfixing so it builds with new gotuf repo. Need to work out what I'm going with CanSign method, might get rid of it and just inspect error response 2015-06-12 15:00:36 -07:00
David Lawrence cc0782d3d2 rewriting imports to 'gotuf', adding config to set log level, making 
restart/shutdown cleanup connections after timeout, updating godeps
 2015-06-11 16:30:25 -07:00
David Lawrence 953d79888a fixing build errors 2015-06-09 15:04:09 -07:00
David Lawrence 4b39bf0c97 changing over logging to logrus 2015-05-12 11:11:39 -07:00
David Lawrence 61fbfcadf1 fix for double init problem 2015-04-28 23:31:23 -07:00
Diogo Monica 15d9b3a668 Fixing paths on config.json 2015-04-28 11:22:10 -07:00
Nathan McCauley faeed37c22 print debugging on failure to load keys, correct cert paths 2015-04-28 11:22:10 -07:00
Nathan McCauley 95adc15e36 debugging stuffz 2015-04-28 11:22:10 -07:00
Nathan McCauley 5938d9e09c add CA config option 2015-04-28 11:22:10 -07:00
Nathan McCauley c043e6d5a3 Initial docker-compose config for rufus/vetinari integration 2015-04-28 11:22:09 -07:00
Diogo Monica 134fcae497 Adding new certs to vetinari 2015-04-27 18:39:31 -07:00
Nathan McCauley 39103bc6ef PR review fixups on config options 2015-04-27 11:14:12 -07:00
Nathan McCauley 8403c09c1f Hook up SigningService to server, add config 2015-04-27 11:14:12 -07:00
David Lawrence 4cc70c69a6 adding libtrust to godeps 2015-04-24 15:36:35 -07:00
David Lawrence d287dd9974 improving scoping by not exporting some things 2015-04-21 11:38:57 -07:00
David Lawrence 8a7f02c046 fixing vet 2015-04-20 17:02:11 -07:00
David Lawrence b386511b79 commiting config.go change that got missed 2015-04-20 15:17:50 -07:00
David Lawrence 52505d36e1 cleanup work and updating godeps 2015-04-20 11:30:58 -07:00
David Lawrence b2e089c6ee adding tests to utils package 2015-04-16 15:37:08 -07:00
David Lawrence 201546b2d8 interfaces all work together now and it builds 2015-04-13 09:51:02 -07:00
Derek McGowan 6fd6773b21 Fix go vet and lint issues 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-04-10 16:52:33 -07:00
David Lawrence 36d8ce0094 interfaces all work together now and it builds 2015-04-09 14:56:57 -07:00
David Lawrence 5f7e002a9a scaffolding for error, handler and context setup 2015-04-07 16:22:16 -07:00
Diogo Monica 9a495fa942 Initial working server commit 2015-03-31 18:40:07 -07:00