docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
807 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

63 Commits

Author SHA1 Message Date
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
Jessica Frazelle 8902c8c0e9 fix go lint 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:07:05 -08:00
David Lawrence 07f0065152 ask for pin when signing 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:06:38 -08:00
Ying Li fa5c4e608d Merge pull request #256 from mtrmac/fix-import-root 
Remove key ID from (notary key import-root)
 2015-10-30 13:23:33 -07:00
Miloslav Trmač 62dc66e936 Remove key ID from (notary key import-root) 
PR #242 has started requiring a passphrase for the imported key, and
recomputes the key ID, making the command-line argument redundant.  So,
remove it from the command line and from the KeyStoreManager API.

Also updates the comment for KeyStoreManager.ImportRootKey, and changes
(notary key import-root) to refuse unexpected arguments instead of
silently ignoring them.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:40:03 +01:00
Miloslav Trmač c2d560c789 Remove a left-over debugging Println 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:38:41 +01:00
Ying Li b9a4175ea9 Update the client NotaryRepository to initialize with a root key ID 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 15:11:15 -07:00
Ying Li 9d2585ea8a Remove unlocked crypto service and get root crypto service. 
Generate key is now just a function.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 15:03:27 -07:00
David Lawrence b7ce16ab6f fixes for Diogo's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 19:24:51 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
David Lawrence daa36b43b7 Merge pull request #242 from docker/unify-root-nonroot-keystore 
Unify root nonroot keystore
 2015-10-28 13:14:19 -07:00
Ying Li 57aaee1c1c Remove unneeded contants from keystoremanager 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 16:36:53 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Ying Li 75b63b84cd Add import/export to KeyStore interface so that the import_export code 
makes use of this rather than mangle files manually to import/export
root keys.  (Regular keys it just zips up the whole directory.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 16:19:14 -07:00
Ying Li 566bd3ce67 Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting 
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.

Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 12:33:46 -07:00
Ying Li ed61974d10 Remove linking from the filestore 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-23 21:19:47 -07:00
Ying Li d5bbaae9c9 Remove symlinking and symlink checking from key import-export. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-23 21:07:37 -07:00
Ying Li e409eb0dc3 Remove Link from the filestore 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-21 14:30:35 -07:00
Aaron Lehmann ec3167eedb Import and export symlinks in keystore 
- Export symlinks by encoding them in the zip file.

- Detect symlinks in a zip file on import and create them on the local
  filesystem.

- Add test coverage.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-08-03 15:03:31 -07:00
Diogo Monica a23bac9130 Fix gofmt 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-28 18:25:37 -07:00
Diogo Monica 27461ad9fb Added cli cert command, changed keylisting to be a map, fixed key removal 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-28 18:14:29 -07:00
Aaron Lehmann c3cf6c4083 Add a flag to change the password of the root key when exporting it 
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-28 15:08:41 -07:00
Diogo Monica ea2476ac6c Fixing minor nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-22 22:47:22 -07:00
Diogo Monica 8841736539 Adding thorough root certificate rotation tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-22 20:50:34 -07:00
Diogo Monica 3154aa9d29 Adding tests for CertsToRemove, and move tests around 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-22 19:08:01 -07:00
Diogo Monica b8b59dbc20 Fixed but with listDirectory and added tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 19:48:17 -07:00
Aaron Lehmann d058c6ffe1 Removing swapfile 
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:51:23 -07:00
Aaron Lehmann 1aced67471 Improvements to keystore caching 
* RemoveKey must purge the cache entry

* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
  is protected in the case that keystore operations happen from multiple
  goroutines

* Change GetKey to return the alias along with the key. Remove
  GetKeyAlias. This simplifies the code flows that retrieve the alias
  (since they usually get the key and alias together).

* Fix tests affected by key caching

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:36:03 -07:00
Derek McGowan c35c1ea254 Move passphrase logic to its own package 
The logic to retrieve passphrase is generic and may be used by directly by clients.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-20 13:02:05 -07:00
Nathan McCauley 6b23e7d249 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:10:13 -07:00
Nathan McCauley 0642da80f1 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 38fe6bd45b gofmt across the baord 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley de6f65b7e7 many testing fixups to support key aliasing 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:22 -07:00
Nathan McCauley f239757dfd keystore aliasing, take 2 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 5df1eb21f3 keystore aliasing, take 1 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 23b7e8c6af Update keyfilestore to use passwordRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:16 -07:00
Diogo Monica 3b261e8972 Removing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 10:08:15 -07:00
Diogo Monica 1e9365a384 Addressed small nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-19 13:43:54 -07:00
Diogo Monica cf9e6499e1 Addressing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-19 01:45:43 -07:00
Diogo Monica 31e1ec122f Adding leaf cert expiry filtering and best-effort rotation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 20:31:19 -07:00
Diogo Monica c3bc4dbccc New root now verified when there are existing certs 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 17:52:08 -07:00
Diogo Monica 0abc2ad111 Refactored ValidateRoot Logic 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 01:44:01 -07:00
David Lawrence d453c6548d client side of multi TUF file atomic update 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-17 17:48:06 -07:00
Diogo Monica f532550742 Rebase works 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:44:51 -07:00
Diogo Monica 4c805611d0 Adding more error types and being extra careful with checks 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:06 -07:00
Diogo Monica c817ba3606 Fixed bug in Root Validation and added more test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:05 -07:00
Diogo Monica 1c10f2233d Add better comments, debug code and errors to ValidateRoot 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:05 -07:00
Diogo Monica f5873eef8c Adding RemoveAll to X509FileStore and correcting functions caller 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica e72141f38a Simplifying the root rotation logic 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 5354c3b191 Added logic for root certificate rotation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00