docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
807 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

131 Commits

Author SHA1 Message Date
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence da18f54699 import-root, list, and remove working with yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 06990fd5a1 integreating with @cyli's improvements 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 10:15:52 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
David Lawrence daa36b43b7 Merge pull request #242 from docker/unify-root-nonroot-keystore 
Unify root nonroot keystore
 2015-10-28 13:14:19 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Ying Li 75b63b84cd Add import/export to KeyStore interface so that the import_export code 
makes use of this rather than mangle files manually to import/export
root keys.  (Regular keys it just zips up the whole directory.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 16:19:14 -07:00
Ying Li 566bd3ce67 Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting 
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.

Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 12:33:46 -07:00
Ying Li bcdd375ce5 Merge pull request #229 from cyli/tls-config-refactor 
Factor out TLS configuration code for server and TLS
 2015-10-26 09:33:41 -07:00
Ying Li ed61974d10 Remove linking from the filestore 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-23 21:19:47 -07:00
Ying Li 61f9f84254 Use configuration option structures to set up client TLS and server TLS. 
Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-21 18:43:33 -07:00
David Lawrence e6460330bd fixing camel casing of func 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-20 21:45:30 -07:00
Ying Li 208977b1ad Add an extra test for ECDSAx509 keys 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-20 20:57:18 -07:00
Ying Li ea7d621705 Add a utility function to return a public key ID from a certificate. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-20 19:38:39 -07:00
Ying Li 7356dfd273 Change ConfigServerTLS to take a client CA directory instead of certs 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-19 17:29:54 -07:00
Ying Li e50cc2c9cd Add test to ensure that x509filestore loads existing certs from the 
directory without modifying/overwriting them.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-19 17:29:54 -07:00
Aaron Lehmann ec3167eedb Import and export symlinks in keystore 
- Export symlinks by encoding them in the zip file.

- Detect symlinks in a zip file on import and create them on the local
  filesystem.

- Add test coverage.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-08-03 15:03:31 -07:00
Derek McGowan bd9d7c9c74 Move key database to signer package 
The key database is not generally used but only used by the signing service.
Move the implementation to the signer package to be imported by the signer.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-30 16:22:47 -07:00
Aaron Lehmann 2ac1d44be1 Merge pull request #154 from docker/diogo-add-remove-cert 
Added cli cert command, changed keylisting to be a map
 2015-07-28 20:13:32 -07:00
Diogo Monica 27461ad9fb Added cli cert command, changed keylisting to be a map, fixed key removal 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-28 18:14:29 -07:00
David Calavera 740e5b095d Use the random reader passed as argument to GenerateED25519Key. 
Rather than the global source.

Signed-off-by: David Calavera <david.calavera@gmail.com>
 2015-07-28 16:59:03 -07:00
Aaron Lehmann 3a1292a287 Avoid printing "Passphrases do not match" when passphrase is too short 
Also, wrap the passphrase instructions paragraph at 80 columns, and
change the passphrase variable name in addKey to avoid a conflict with
the package name.

Fixes #146

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-28 14:41:27 -07:00
Diogo Monica 4546ded7e0 Adding support for passphrases from env 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-27 12:07:03 -07:00
Diogo Monica b73a7a4cfa Removing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-27 09:55:18 -07:00
Diogo Monica 0fb0877c3c Adding new jose dependency, fixing nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-26 20:32:47 -07:00
Diogo Monica a2472a5a72 Addressed comments, changed to PBES2, added key rotation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-26 09:18:08 -07:00
Diogo Monica c7e421a501 Fixing unique key_id entry enforcement 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-24 12:36:17 -07:00
Diogo Monica e568babc0a Added one more test, and fixed delete bug 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-24 06:47:04 -07:00
Diogo Monica e81fc405f6 Refactored keystore, created keydbstore and added tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-24 05:46:40 -07:00
Nathan McCauley 11af29d8db update tests to check for new types 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-23 01:54:14 -07:00
Diogo Monica c5ffbd1055 Adding typed error for missing keys 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-23 00:09:35 -07:00
Diogo Monica be1d365626 Changed debug key type 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-22 16:51:55 -07:00
Derek McGowan 304afb53d0 Add missing use of invalid passphrase error 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 04:08:14 -07:00
Derek McGowan 5eb296d276 Return invalid password when cannot retrieve passphrase 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 03:42:16 -07:00
David Lawrence cfe8255187 better error handling for invalid password 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-22 11:37:54 -07:00
Diogo Monica b8b59dbc20 Fixed but with listDirectory and added tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 19:48:17 -07:00
Nathan McCauley c0b0593247 Merge pull request #104 from docker/increase-cert 
Changing certificate expiration time to 10 years
 2015-07-20 15:21:37 -07:00
Diogo Monica d1761eba25 Changing certificate expiration time to 10 years 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 14:55:36 -07:00
Diogo Monica f7ea67cfab Rebased from master 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:46:01 -07:00
Diogo Monica 4dfe45d64e Changing testify import 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:36:03 -07:00
Diogo Monica 42ded6231c Converted tests to testify and EC generation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:36:03 -07:00
Aaron Lehmann 1aced67471 Improvements to keystore caching 
* RemoveKey must purge the cache entry

* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
  is protected in the case that keystore operations happen from multiple
  goroutines

* Change GetKey to return the alias along with the key. Remove
  GetKeyAlias. This simplifies the code flows that retrieve the alias
  (since they usually get the key and alias together).

* Fix tests affected by key caching

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:36:03 -07:00
Nathan McCauley 1421f47258 keystore caching 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 13:34:11 -07:00
Derek McGowan c35c1ea254 Move passphrase logic to its own package 
The logic to retrieve passphrase is generic and may be used by directly by clients.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-20 13:02:05 -07:00
Diogo Monica f3a7fdf211 Removing doubling of string in test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 11:42:10 -07:00
Nathan McCauley 6b23e7d249 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:10:13 -07:00
Nathan McCauley f07876602f add test for passphraseRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 0642da80f1 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 38fe6bd45b gofmt across the baord 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00