docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,360 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

1360 Commits

Author SHA1 Message Date
David Lawrence 1bf3dd08db Addressing comments from review 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-02-01 17:21:25 -08:00
David Lawrence dec9a5a95c cleaning up some dead code and fixing memorystore consistency 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-29 16:52:58 -08:00
David Lawrence 637a2331d4 client side of consistent downloads 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-29 16:52:58 -08:00
Diogo Mónica 3eac9a8185 Merge pull request #516 from docker/canonical-key-id 
use only canonical IDs for display on delegation CLI commands,
 2016-01-29 16:43:25 -08:00
Diogo Mónica 564f8d06d3 Merge pull request #515 from docker/roles-for-targets 
Roles for targets via notary CLI
 2016-01-29 16:08:29 -08:00
Riyaz Faizullabhoy a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Diogo Mónica 90d2017c6e Merge pull request #496 from docker/update-when-server-meta-corrupt 
Update when server metadata is corrupt
 2016-01-29 15:43:45 -08:00
Ying Li 5a39366f75 Clarify comments w.r.t. having an 'extra space' as being corrupted in transit. 
Also, we are not sure if we want to support thresholds, so make sure the comments
reflect that.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:07:01 -08:00
Ying Li 1baf3c781c Add test that update fails if the local root is corrupt AND the remote root is corrupt. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	client/client_update_test.go
 2016-01-29 11:07:01 -08:00
Ying Li 237561a2a9 Fixed timestamp downloading so if verification fails, we fall back to cached. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	tuf/client/client.go
 2016-01-29 11:05:21 -08:00
Ying Li befd30e9a4 Add tests for updating if server has metadata corruption such that the checksum was valid. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:01:31 -08:00
Ying Li bb5f9cc170 Update swizzler so that if messing up the root file, we can still get the pub keys and sign. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:01:31 -08:00
Ying Li f8a0e46b6c Add test for when any downloaded metadata has an invalid checksum compared to snapshot or timestamp. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	client/client_update_test.go
 2016-01-29 11:01:31 -08:00
Ying Li a969db7a13 Add swizzler method to just change the checksum by adding a space. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:01:31 -08:00
Diogo Mónica e0b507bfc2 Merge pull request #501 from HuKeping/work-branch 
Use seperate databases for notary server and signer
 2016-01-29 10:13:18 -08:00
HuKeping 4b77c49401 Tiny rework on mysql start scripts. 
Fix some typo and update some comments.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-29 10:10:25 +08:00
HuKeping c739428591 [PATCH 4/4] Add docs for notary mysql 
This patch add the recommendation to guide people deploying a more
secure MySQL for notary.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-29 10:10:25 +08:00
HuKeping 91d66f5e7a [PATHC 3/4] Only create the needed tables 
Make database notaryserver and notarysigner only create the tables they
need.

The signer only needs the private_keys table, and the server only needs
the timestamp_keys and tuf_files tables.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-29 10:10:25 +08:00
HuKeping 9427c372af [PATCH 2/4] Add check for old database notary 
Check whether the database `notary` exist or not and warn people
to manually migrate those tables if it exist.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-29 10:10:25 +08:00
HuKeping e77db8a308 [PATCH 1/4] Use seperate databases for notary server and signer 
For security, server should not be able to access the `private_key` table
and we can go further more, say, use seperate databases for the server
and signer.

This patch creates two users corresponding to the different databases.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-29 10:10:25 +08:00
Diogo Mónica 54667d1254 Merge pull request #520 from endophage/add_logf_docs 
adding doc for notary-server -logf option
 2016-01-28 17:59:33 -08:00
Diogo Mónica 96d451e1c5 Merge pull request #495 from docker/filestore-getmeta-size 
ensure filestore GetMeta only returns up to size bytes.  Add max size constant
 2016-01-28 17:36:35 -08:00
Diogo Mónica 32d9cd7c4a Merge pull request #485 from docker/passphrase-change 
passwd command and tests
 2016-01-28 17:35:44 -08:00
Diogo Mónica ab389c6849 Merge pull request #517 from docker/changelog-doc 
Add a doc about how to upgrade to v0.2.
 2016-01-28 17:34:15 -08:00
David Lawrence 80fb9f2e12 adding doc for notary-server -logf option 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-28 17:32:35 -08:00
Ying Li 8c895747c5 Add a doc about how to upgrade to v0.2. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-28 16:21:22 -08:00
Riyaz Faizullabhoy cd7274f1b9 Add additional tests with different delegation key format using role PEM header 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 15:49:09 -08:00
Riyaz Faizullabhoy 8f0a3c3975 Merge pull request #512 from HuKeping/tiny 
Tiny refactor: to keep code style consistent
 2016-01-28 14:20:26 -08:00
Riyaz Faizullabhoy 9c59af1397 passwd command and tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:36:05 -08:00
Riyaz Faizullabhoy 2964e8c6f4 add integration test for adding/listing/removing targets from roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:20:27 -08:00
Riyaz Faizullabhoy 41643d4a9c make -1 read up to 100MB of data, use for non-timestamps. Reduce 
timestamp to 1MB max

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:17:17 -08:00
Riyaz Faizullabhoy 660c4a5f23 Add slow tests for downloading very large snapshot and targets meta files, comment on max size const 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:16:19 -08:00
Riyaz Faizullabhoy a6159a45d1 ensure filestore GetMeta only returns up to size bytes. Standardize constant for max size 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:16:19 -08:00
Riyaz Faizullabhoy bb9ef929de Add --roles flags to targets commands 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 09:59:04 -08:00
HuKeping 6b31789fe5 Tiny refactor: to keep code style consistent 
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-01-28 20:13:39 +08:00
David Lawrence a5df40762d Merge pull request #510 from endophage/better_401 
return a better error message if the HTTP status code was 401
 2016-01-27 16:04:21 -08:00
David Lawrence 6fa388b467 return a better error message if the HTTP status code was 401 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-27 11:52:23 -08:00
Diogo Mónica c4277dd221 Merge pull request #508 from docker/log-level 
move verifier and update logs down to debug level
 2016-01-27 08:55:44 -08:00
Diogo Mónica f4311b3a27 Merge pull request #509 from docker/reject-short-keys 
Add check for RSA key len before adding delegation
 2016-01-27 08:54:27 -08:00
Ying Li c90e1bd8c8 Merge pull request #500 from docker/speed-up-tests 
Don't run all the tests with yubikey
 2016-01-27 08:53:45 -08:00
Riyaz Faizullabhoy 83c5ed255b Add check for RSA key len before adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-26 23:27:06 -08:00
Riyaz Faizullabhoy ceca4c233e move verifier and update logs down to debug level 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-26 23:02:54 -08:00
Diogo Mónica 7eb86f7a64 Merge pull request #493 from docker/delegation-cli-text 
delegations CLI UX improvements
 2016-01-26 15:32:20 -08:00
Ying Li c1f3550b54 Merge pull request #499 from jfrazelle/update-url 
change url from jfrazelle/go to docker/go
 2016-01-26 10:53:26 -08:00
Jessica Frazelle a64db12c04
change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Ying Li c583063014 Do not run all the tests when testing yubikey hardware. 
The tests take forever, since it *cannot* be parallelized at all, and there
can only be one build at a time.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-25 22:03:39 -08:00
Riyaz Faizullabhoy 87cc809f18 Merge pull request #491 from docker/tuf-update-logs 
allow for configurable log level, change default for CLI
 2016-01-25 17:24:32 -08:00
Riyaz Faizullabhoy 774b66c9fe delegations CLI UX improvements 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:14:02 -08:00
Riyaz Faizullabhoy 12d3eb49ae Change default log level to fatal, change verbose to error level and add 
debug flag for debug level

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-25 16:13:42 -08:00
Diogo Mónica ffe603a968 Merge pull request #498 from docker/integration-test-fix 
Root is always on disk unless restored from backup, in which case it may only be on a yubikey
 2016-01-25 15:56:35 -08:00