docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,260 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Ying Li 200fefbff8 EmptyRepo needs to take a GUN in order to generate a valid cert. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-18 10:46:06 -08:00
Ying Li 0bbf979cf4 Change testutils.EmptyRepo() to use a cert as the root.json root key. 
This involves making it use ECDSA keys since we can't generate ED25519 certs.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 19:11:17 -08:00
Ying Li cf4b77b760 Revert "switching out to consistently use canonical json for all marshalling of TUF data" 
This reverts commit f417c834c4.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-08 14:53:09 -08:00
David Lawrence 11795a4573 rename data.ValidRoles to data.BaseRoles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-07 17:38:52 -08:00
David Lawrence d52dbde683 removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-07 17:38:05 -08:00
David Lawrence f417c834c4 switching out to consistently use canonical json for all marshalling of TUF data 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-06 11:15:27 -08:00
Ying Li 7592a029ef Do not create the delegation metadata when the delegation is created. 
Only create it when a target is added to it, or other delegations
are added to it, or when getting a child delegation.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-18 16:37:24 -08:00
David Lawrence d3a54cab25 the empty string should be used in delegation Paths to indicate a role can sign anything 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-18 16:10:43 -08:00
David Lawrence ad0582ae9c test that a child role gets removed from the update if it doesn't exist in the parent 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-16 19:27:04 -08:00
David Lawrence 38d2175087 tests for new validation code 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-16 15:06:48 -08:00
David Lawrence 63ecf5f92f server side delegations support in validation and snapshot generation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-16 15:06:05 -08:00
David Lawrence 8bca542c17 restructuring validateUpdate to get rid of prepRepo 
removing attempt in server/snapshot/snapshot.go to regenerate
metadata for roles in snapshot.

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-11 16:20:20 -08:00
Ying Li 3aa13e6645 Move validation errors to tuf, since that is the expected server interface. 
Also make the validation errors serializable as JSON.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-09 14:04:44 -08:00
David Lawrence b0c7ef5b88 addressing @cyli's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-07 12:55:09 -08:00
David Lawrence cae5940c70 generate snapshots server side 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-07 12:55:09 -08:00
David Lawrence c2c474b9c6 generalize notary server key storage to be able to handle any role, not just timestamps 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-03 11:25:45 -08:00
Ying Li 9c3d87d5eb When validating root.json on the server, timestamp threshold must be 1. 
This is because the server handles the timestamp key and timestamp signing.
So there can only ever be 1 key.  Thanks @mtrmac for pointing this out.

This change also refactors some of the test code somewhat.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-24 17:47:00 -05:00
Ying Li 4f8c1a8ef4 Server check that the root.json's timestamp key ID is valid. 
If the client sends a root.json with an invalid timestamp key ID,
possibly because they are pushing an existing repo to a new server,
then the server should reject the update.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-18 00:57:40 -08:00
Ying Li 7dc0dbec84 Remove the cryptoservice argument to sign 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:21 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
David Lawrence 6616bed616 validation tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-08-06 17:38:37 -07:00