docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,854 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

161 Commits

Author SHA1 Message Date
Riyaz Faizullabhoy ca9fc99ba5 Goodbye Certstore 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:09 -07:00
Riyaz Faizullabhoy 01bbd532c6 Update update logic to error out on corrupted previous root metadata 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 5901c87feb Update tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 378116d37c Add empty hashes check for AddTarget 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 13:39:26 -07:00
Riyaz Faizullabhoy 94a2e3a741 Change config to disable_tofu instead of tofu 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:56 -07:00
Riyaz Faizullabhoy 7d6fdc08cd Update function description for expected behavior, groundwork for config 
in validation

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:54 -07:00
Ying Li cea46f7c3e Change root cert rotation to be root key rotation instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 22:12:53 -07:00
Ying Li 708507adde Require signing with all previous roles, instead of just the immediately previous role 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 22:10:58 -07:00
Ying Li 160ea2bc54 Address review comments and improve docstrings 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 11:48:36 -07:00
Miloslav Trmač d835fbbca2 Implement root certificate rotation in NotaryRepository 
NotaryRepository can now list root certificates, and
generate new versions (as changelists to be applied
on Publish).

This is a pretty mechanical encapsulation of the
root certificate rotation support in Repo.AddBaseKeys
and Repo.RemoveBaseKeys. The only slightly interesting
part is ListRootCert, which requires on-line access
to ensure fresh data, and depends on CertStore doing
some verification for us.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2016-04-13 11:48:36 -07:00
Ying Li f8c42e4cbf NotaryRepository.Update now just returns an error, rather than a client 
an error, because we don't actually use the client anymore.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-06 14:08:08 -07:00
David Lawrence bfee37d471 update top level Signed.Signed to be a *json.RawMessage 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-03-18 16:18:53 -07:00
Riyaz Faizullabhoy 9ecd899e25 Removing key import and gun from cryptoservice 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy 2a37590ea6 update interface and comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy 95af5d4800 try cleaning up removekey, debugging tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:04:00 -07:00
Riyaz Faizullabhoy 351b247aec add tests for initial keystore state, and after removing and adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy 83f7c758ca Remove delegation role fallback when applying targets changes 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-16 15:12:11 -07:00
Ying Li 44cccbb4db Make all key rotations publish immediately, not just remote key rotations 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:35:30 -07:00
Ying Li fa5edc40af Publish only the key rotation changes after a remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li b6c4840231 Update comments, and publish in the CLI after remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li e3716f0be9 Change the CLI for rotate key to require a role type 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li 07b9f504e4 Update the CLI and client to no longer reject remote timestamp rotations. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li 4022e97b08 Use 'require' instead of 'assert' in client and TUF client tests 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 13:52:48 -07:00
Ying Li e25746dac3 Use a CacheControlHandler that wraps other handlers instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:19:13 -07:00
Riyaz Faizullabhoy bde878cdb6 changing API for updating delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-23 11:57:08 -08:00
Riyaz Faizullabhoy 729bb88537 addressing review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-23 11:55:31 -08:00
Riyaz Faizullabhoy 06e34e825a walk for updating/creating delegations, validate changes to paths 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-23 11:55:31 -08:00
David Lawrence 1db128778d completely removing KeyDB 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-02-16 21:11:13 -08:00
Riyaz Faizullabhoy 9c84547853 Add tests against old style changes and clear paths 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
Riyaz Faizullabhoy 70ee4f8670 PoC broken down client api for delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
David Lawrence 637a2331d4 client side of consistent downloads 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-29 16:52:58 -08:00
Riyaz Faizullabhoy a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Jessica Frazelle a64db12c04
change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy 25a1e9aed7 change to ListRoles, and GetAllLoadedRoles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 15:58:55 -08:00
Riyaz Faizullabhoy a052d9e105 client library for retrieving keys and signatures for all roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 12:00:09 -08:00
Ying Li 6f2e851b29 Merge pull request #479 from docker/remove_to_lower 
Do not lowercase role names when adding a change
 2016-01-19 16:22:41 -08:00
Ying Li a3b9a5543f Do not lowercase role names when adding a change 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 14:32:00 -08:00
Ying Li cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations 
delegation command for notary-cli
 2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy ca67f1e71a client library deletion functionality, and integration into remove cert 
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy 138d6cea09 Add, remove, and list delegation command. TUF changelist action change 
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-18 16:24:45 -08:00
Ying Li 877d47bb5c Add tests to ensure you can just drop a key in tuf_key and use it for signing. 
This is important for user keys, which do not necessarily need to be under a GUN,
and may have a role other than one of the canonical roles (e.g. "user" role).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 18:54:41 -08:00
David Lawrence c0fb05584e fixing incorrect comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence 9e80ad8158 remove certs.NewManager function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence a8b21cafe0 CertManager is completely removed 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
Ying Li c65fc03ef9 Update test to make x509 keys start a day in the past. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 14:15:38 -08:00
Ying Li b74f1835b7 Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish 
Adds additional tests to ensure that keys aren't unnecessarily created on error,
and that only the required keys to sign are used.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 10:51:24 -08:00
David Lawrence a60f228189 fixing use of require vs assert 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-13 15:59:33 -08:00
Diogo Mónica 26d3f3f92b Merge pull request #413 from endophage/fix_root_download 
fixing bootstrapClient to prefer cached root
 2016-01-13 15:48:39 -08:00
David Lawrence 06d23e14c9 add test for invalid remote URL 
add offline store for use when we can't initialize a remote store
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-13 15:26:57 -08:00
Ying Li cf4b77b760 Revert "switching out to consistently use canonical json for all marshalling of TUF data" 
This reverts commit f417c834c4.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-08 14:53:09 -08:00