docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,360 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

25 Commits

Author SHA1 Message Date
Riyaz Faizullabhoy a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Riyaz Faizullabhoy 25a1e9aed7 change to ListRoles, and GetAllLoadedRoles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 15:58:55 -08:00
Riyaz Faizullabhoy a052d9e105 client library for retrieving keys and signatures for all roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 12:00:09 -08:00
Ying Li cf4b77b760 Revert "switching out to consistently use canonical json for all marshalling of TUF data" 
This reverts commit f417c834c4.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-08 14:53:09 -08:00
David Lawrence 11795a4573 rename data.ValidRoles to data.BaseRoles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-07 17:38:52 -08:00
David Lawrence d52dbde683 removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-07 17:38:05 -08:00
David Lawrence f417c834c4 switching out to consistently use canonical json for all marshalling of TUF data 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-06 11:15:27 -08:00
Diogo Mónica 30c488b3b4 Merge pull request #393 from docker/path-fix 
use path instead of filepath to express TUF roles
 2016-01-04 19:26:13 -08:00
Riyaz Faizullabhoy dbb8c1065f use path instead of filepath to express TUF roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-04 16:23:02 -08:00
Riyaz Faizullabhoy 385bd5aa11 fix up style according to comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-04 16:20:19 -08:00
David Lawrence fa788cb2a9 make x509 certs viable as delegated public key object 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
Ying Li 34055f8cf7 Code cleanups as per review, and after rebasing. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-18 16:51:48 -08:00
Ying Li 0892ebb13f Add checks to TUFRepo to fail on updating a target if there are no signing keys. 
So UpdateDelegation, DeleteDelegation, AddTargets, RemoveTargets now
all check for the role existence, not metadata existence.  And they
also check the role's signing keys - there's no point in adding if
we can't sign.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-18 16:37:24 -08:00
Ying Li c12958af36 Do not sign the actual targets metadata unless it's dirty. 
Previously we were always signing it, but we can't do that anymore
because then delegated users won't be able to publish ever (they
probably don't have the target key).

Some other related changes: when role keys are rotated, that role
needs to be marked as dirty now in order to be re-signed and
published.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-18 16:37:24 -08:00
Ying Li 7592a029ef Do not create the delegation metadata when the delegation is created. 
Only create it when a target is added to it, or other delegations
are added to it, or when getting a child delegation.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-18 16:37:24 -08:00
David Lawrence 4243b258b3 making GetTargetsByName work with delegations 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-17 10:46:41 -08:00
David Lawrence 63ecf5f92f server side delegations support in validation and snapshot generation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-16 15:06:05 -08:00
David Lawrence 5891805b29 addressing review 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-15 16:21:30 -08:00
David Lawrence 79b05d4c0a changelists for delegations 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-14 17:23:47 -08:00
David Lawrence fb5c9b28a4 low level tuf delegation primitives with full test coverage 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-14 10:11:47 -08:00
David Lawrence 1074897040 delete non-root keys from cryptoservice when they get rotated out 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:38 -08:00
David Lawrence 519a2ccbe8 removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:49 -08:00
Ying Li 7dc0dbec84 Remove the cryptoservice argument to sign 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:21 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00