docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,045 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

1045 Commits

Author SHA1 Message Date
Ying Li 4867410e98 Ensure that tests pass and binaries build without the pkcs11 build tag. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:10:16 -08:00
Diogo Mónica 29c6b63c81 Merge pull request #32 from docker/cli-cleanup 
Minor CLI cleanups

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:10:11 -08:00
Ying Li 14c5d2e05a Normalize how the key IDs are displayed in the password prompts. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:10:07 -08:00
Ying Li 087f13ae7d Normalize and elaborate on the command line help. 
Ensures that the notary command line help text start with capital
letters, and add information about hardware keys and online/offline operation.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:10:03 -08:00
Ying Li 313ae80345 Remove unused rawOutput option in notary CLI. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:09:59 -08:00
Ying Li e4e099ae00 Just ignore the `-s` notary CLI option instead of erroring. 
Currently commands that do not require online access will error if
this option is passed.  Do not error anymore, just ignore.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:09:53 -08:00
Ying Li 4698ad69f2 Merge pull request #30 from docker/client-integration-tests 
Adding integration tests for notary client.

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)
 2015-11-12 01:09:45 -08:00
Ying Li 1f1868d3ee Adding integration tests for notary client. 
This runs through the basic notary init/add/publish/etc. workflow,
and some basic key workflows.

Note that this does work with the Yubikey, in that created keys while
testing do not require touch.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:09:40 -08:00
David Lawrence 1074897040 delete non-root keys from cryptoservice when they get rotated out 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:38 -08:00
David Lawrence 28c3eca478 Merge pull request #28 from docker/import_to_yubikey 
Import to yubikey

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
 2015-11-12 01:09:35 -08:00
David Lawrence 91e8b9bcdb backup to a KeyFileStore and take out key remove 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:32 -08:00
David Lawrence 542c4a6d32 removing role from backup key path 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:32 -08:00
David Lawrence 2d4612c703 removekey is going to be best effort 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:32 -08:00
David Lawrence 72cd24ac13 explicit return in yubikeystore.AddKey to see if interface typing is causing weird behaviour 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence a3336e696e removekey had an errant return 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence de9f651494 fixing lint comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence f9cf7bcca5 remove needs to list keys to find guns 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 51a99a4127 generate should instantiate a yubikeystore 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence e8d2240c79 write private key to a backup dir when creating keys on yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 705587b0b5 update yubikeystore keys cache when adding 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence beca50909d update to only use slots 0-3 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence b7c38f0287 fixing tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence fea898bd34 listing all keys in the yubikey works 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence da18f54699 import-root, list, and remove working with yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 6ba7335793 fill in implementation of removeKey for yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 6f1fd28a19 Merge pull request #25 from docker/touch_to_sign 
add message when user is required to touch yubikey to sign.

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
 2015-11-12 01:09:26 -08:00
David Lawrence cf50ffcd33 add message when user is required to touch yubikey to sign. N.B. touch is required during Sign, not SignInit 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:25 -08:00
Diogo Mónica 52ac579b45 Merge pull request #27 from docker/update-cobra 
Update the cobra and pflags dependencies

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:09:21 -08:00
Ying Li 24cca5d6cc Update the cobra dependency and its subdependencies (pflag, blackfriday, sanitized_anchor_name, and go-md2man). 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:09:14 -08:00
Diogo Mónica 7576793c8d Merge pull request #29 from docker/client-test-refactor 
Notary-client test refactor

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:09:09 -08:00
Ying Li 5b6f64de4b Refactor notary client tests. 
Move common code out into helper functions, and split up the bigger tests
into tests that specifically test adding targets, getting changelists,
publishing, and listing, as opposed to having two giant tests instead.

Also depend more on existing functions in the code (such as
NotaryRepository.GetChangelists and the server ServerMux), rather than
reimplementing them in the tests.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:09:06 -08:00
Ying Li 2cb072667c Merge pull request #24 from docker/fix-cryptoservice-create-get-key 
Fix the problem where root was being searched for in root_keys/repo/####_root.key

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)
 2015-11-12 01:09:02 -08:00
Ying Li 2a9e163bd2 Fixed cryptoservice.Create to call keyStore.AddKey with a GUN only if 
it is not a root role.

Updated the cryptoservice tests to test all key algorithms, all roles,
and cryptoservices without a GUN.  This then also found bugs in
cryptoservice.GetKey, cryptoservice.RemoveKey, and
cryptoservice.GetPrivateKey, which weren't really being exercised
previously.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:08:57 -08:00
Diogo Mónica 1230f5a41d Merge pull request #16 from docker/error_cleanup 
lots of errors cleanup

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:08:51 -08:00
David Lawrence 519a2ccbe8 removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:49 -08:00
Diogo Mónica 7c6cc7d34c Merge pull request #20 from docker/passphrase_messaging 
improve password challenge messaging when using yubikey

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:08:43 -08:00
David Lawrence bc0c0d4ea1 health check will never be able to get auth token so remove RootHandler wrapper 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:41 -08:00
David Lawrence 22244fff65 improve password challenge messaging when using yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:41 -08:00
Diogo Monica 68992ddaf5 Resolving rebase conflicts 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:07:09 -08:00
Jessica Frazelle 8902c8c0e9 fix go lint 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:07:05 -08:00
Jessica Frazelle 5f21ebd185 Add pkcs11 build tags 
Add build tags and a check in Makefile to be sure you do not import
pkcs11 lib somewhere where it should not be. This will ensure docker
import and integration will continue to work.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:07:00 -08:00
Jessica Frazelle 913c5ef033 add build tag files for pkcs11 dlopen lib 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:06:51 -08:00
Diogo Monica af1bf0c1d5 Removing debug adding pcs11 to makefiles 
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:06:46 -08:00
Diogo Monica b59225297a Fixing makefile 
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:06:40 -08:00
David Lawrence 07f0065152 ask for pin when signing 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:06:38 -08:00
Diogo Monica 53ed60ed89 Adding mandatory touch for signatures 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:06:33 -08:00
Jessica Frazelle 4648666b7c add pkcs11 build tags 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:06:26 -08:00
Diogo Monica 21138e6bad Working version of Notary and Yubikey 
Signed-off-by: Diogo Monica <diogo@docker.com>

Remove symlinks from notary-client repo creation

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>

WIP

Signed-off-by: Diogo Monica <diogo@docker.com>

working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Fixing small colon bug

Signed-off-by: Diogo Monica <diogo@docker.com>

Added things. Ship it.

Signed-off-by: Diogo Monica <diogo@docker.com>

Bringing ecdsahwcryptosigner to 2015

Signed-off-by: Diogo Monica <diogo@docker.com>

Working version of notary and yubikey

Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-11-12 01:06:09 -08:00