docker/docs - docs - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Ying Li	91d54899d7	Add a GetPrivateKey method to cryptoservice so that we can future-proof cryptoservice having multiple keystores Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:34:40 -07:00
Ying Li	7dc0dbec84	Remove the cryptoservice argument to sign Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:34:21 -07:00
Ying Li	a3e9558b03	1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo! 2. Call NotaryRepository.cryptoService.GetKey rather than NotaryRepository.KeyStoreManager.KeyStore.GetKey Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:13:23 -07:00
Ying Li	b9a4175ea9	Update the client NotaryRepository to initialize with a root key ID Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 15:11:15 -07:00
David Lawrence	ca7988d642	fixing lint + vet things Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-28 16:20:08 -07:00
David Lawrence	f73560d839	creating concrete types for the various key ciphers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-28 16:02:55 -07:00
David Lawrence	daa36b43b7	Merge pull request #242 from docker/unify-root-nonroot-keystore Unify root nonroot keystore	2015-10-28 13:14:19 -07:00
David Lawrence	2833a88292	adding gotuf to notary Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-27 16:36:06 -07:00
Ying Li	566bd3ce67	Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting over the root keys directory from non-root keys directory from keystoremanager to keystore, since we're eliminating keystoremanager. Maintain the two separate directories, though, because one can't tell whether there is an old-style separate-directories structure, or if someone has a GUN that starts with tuf_keys. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-27 12:33:46 -07:00
Ying Li	402c704798	Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-21 14:21:10 -07:00
David Lawrence	8a996f417a	updating godeps and notary for some syntax changes in gotuf brought on by golint Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-20 23:56:35 -07:00
David Lawrence	e587b0427a	test for key rotation Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 22:53:57 -07:00
David Lawrence	98cde51f18	working basic key rotation for targets and snapshot key. Command is 'notary key rotate [GUN]' Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 20:35:06 -07:00
David Lawrence	ac54370fb0	cleanup after discussing with Diogo Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:40:36 -07:00
David Lawrence	009400650e	minor tweaks to key rotation Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:24:08 -07:00
David Lawrence	959d0267ac	command skeletons in place, changelist actions implemented Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:24:08 -07:00
Ryan Cox	7bee606f43	Add support for 'notary status' command to show details about unpublished changes Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>	2015-10-08 22:07:36 -07:00
Diogo Mónica	33b77ea733	Merge pull request #175 from endophage/get_remote_err check error in initializing remote store	2015-08-10 10:30:08 -07:00
David Lawrence	0ece438313	server side validation during updates Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-08-05 14:00:07 -07:00
David Lawrence	3794dbf28e	check error in initializing remote store Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-31 16:20:17 -07:00
David Lawrence	529230369a	tests for changelist client helpers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-28 11:29:46 -07:00
David Lawrence	0f322c69a2	fixing remove Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-28 10:21:14 -07:00
David Lawrence	503a1b8a6e	change error log to debug Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-23 14:24:46 -07:00
David Lawrence	6fd60f88d1	add ErrExpired to notary client to translate from gotuf ErrExpired Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-22 18:54:00 -07:00
Diogo Mónica	21a9b99e94	Merge pull request #114 from docker/invalid_password_err better error handling for invalid password	2015-07-22 15:09:53 -07:00
David Lawrence	1fc3257f6e	updating gotuf dep with some better http error handling. Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-22 13:19:52 -07:00
David Lawrence	cfe8255187	better error handling for invalid password Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-22 11:37:54 -07:00
David Lawrence	8b2888d122	latest vendored gotuf Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-21 13:57:21 -07:00
David Lawrence	b44e835275	update default expiry times to those agreed on Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-20 14:59:19 -07:00
Nathan McCauley	ff2e583439	Merge pull request #101 from dmcgowan/passphrase-util Move passphrase logic to its own package	2015-07-20 13:15:20 -07:00
Derek McGowan	c35c1ea254	Move passphrase logic to its own package The logic to retrieve passphrase is generic and may be used by directly by clients. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)	2015-07-20 13:02:05 -07:00
Diogo Mónica	a5df3c00cc	Merge pull request #89 from docker/general_cleanup WIP general cleanup	2015-07-20 12:45:03 -07:00
David Lawrence	7c05c0e334	breaking out role initialization to shorten NotaryRepository.Initialize a bit Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-20 11:47:30 -07:00
David Lawrence	20b60d9cc2	cleaning up cache vs filestore Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-20 11:47:30 -07:00
Nathan McCauley	0642da80f1	review feedback Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 11:00:24 -07:00
Nathan McCauley	f239757dfd	keystore aliasing, take 2 Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 10:58:20 -07:00
Nathan McCauley	23b7e8c6af	Update keyfilestore to use passwordRetriever Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>	2015-07-20 10:58:16 -07:00
David Lawrence	c9732dd9cb	stop targets dir being created, we don't use it Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-18 22:46:04 -07:00
David Lawrence	54d40f2ae3	updating error messages Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-18 22:25:19 -07:00
David Lawrence	5015b1f47d	fixing timestamps, clearing changelists, and the Adding target byte log Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-18 17:55:13 -07:00
David Lawrence	d453c6548d	client side of multi TUF file atomic update Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-17 17:48:06 -07:00
Aaron Lehmann	36a8f77129	Rename certificate stores to trustedCertificateStore and trustedCAStore Add convenience methods to KeyStoreManager to add certs to both cert stores. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-15 18:10:53 -07:00
Aaron Lehmann	e5a42d4df9	Add ExportKeysByGUN function It exports the keys for a particular GUN to a zip, encrypted with a specified passphrase. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-15 17:14:57 -07:00
Aaron Lehmann	a16581ecc7	Move CryptoService and UnlockedCryptoService into a cryptoservice package Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that they don't depend on client-specific types. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-14 18:39:38 -07:00
Aaron Lehmann	6068f30145	Move caStore and certificateStore into KeyStoreManager Refactor validateRoot into KeyStoreManager. It now takes the DNS name as a parameter. When KeyStoreManager is used with a NotaryRepository, the DNS name should be the GUN of the repository. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-14 18:39:38 -07:00
Aaron Lehmann	d5c7c40955	Introduce a KeyStoreManager to abstract management of root and non-root key storage This structure encapsulates what used to be "rootKeyStore" and "privKeyStore". These are being moved out of NotaryRepository, so that operations like listing keys, importing keys, and exporting keys aren't tied to a NotaryRepository structure. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-14 18:39:38 -07:00
Diogo Monica	ead0224526	Removing commented out code Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-13 20:32:51 -07:00
Aaron Lehmann	e4704f9729	Update notary for removal of signed.Signer We now deal with CryptoServices directly instead of passing around Signers. UnlockedSigner becomes UnlockedCryptoService because it no longer contains a Signer. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>	2015-07-13 15:18:02 -07:00
Diogo Monica	a139807d89	Fixing lint Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-13 14:01:26 -07:00
Diogo Monica	765a2cf661	Refactor crypto service Signed-off-by: Diogo Monica <diogo@docker.com>	2015-07-13 13:53:47 -07:00

1 2

82 Commits