docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,859 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

49 Commits

Author SHA1 Message Date
Ying Li 5acab543e4 Update the client to have an old builder and a new builder, and to only use 
cached version numbers to check downloaded version numbers of cached data
validates against the old builder.

This also removes the `GetRepo` function of the builder and adds some data
accessors instead that are necessary to do a consistent download and check
versions, that way the downloader doesn't need to fish around in the repo
itself for data in order to figure out what to download.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 04ec865b31 Update all the server validation and generation code to use the builder. 
This means that the server cannot accept any roots not signed by an
x509 key whose GUN doesn't match the GUN being updated.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 5f3eaf411b Update the downloading client to use the builder. 
Delete the remaining TUF client download tests because they are already covered by
the client update tests.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:57 -07:00
Riyaz Faizullabhoy 1976982685 Use ErrRootRotationFail when checking new root against old keys 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:12 -07:00
Riyaz Faizullabhoy ed1bf1a0a6 Address review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:12 -07:00
Riyaz Faizullabhoy 01bbd532c6 Update update logic to error out on corrupted previous root metadata 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 5901c87feb Update tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Ying Li 2d72c39e6c Add a few more tests for tuf/store/memorystore. 
Also add a few tuf/client/client_test tests back that checks for download failure
if the local timestamp or snapshot is missing in the local TUF repo.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 17:00:40 -07:00
Ying Li 283c452737 A lot of tuf/client tests are redundant - move the ones that aren't to client_update_test 
and just remove tuf/client/client_test.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 16:59:12 -07:00
Ying Li 053c2a5a79 Remove a redundant ErrChecksumMismatch error in tuf/client, since we 
already have a ErrMismatchedChecksum in tuf/data/errors.

Also, have the CheckHashes function take a role name so that the
ErrMismatchedChecksum error can include the role name.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 11:08:03 -07:00
Ying Li cc5211cdf6 Fix server validation and client update tests to also test threshold when testing 
root rotation with the previous root role.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-19 15:14:14 -07:00
Ying Li 839a1d076f Add support for thresholds, which means signed.VerifyRoot needs to be have just like 
signed.VerifySignatures. So remove signed.VerifyRoot and just use signed.VerifySignatures
instead.  Also, to fix some tests, add an additional check for version when validating
metadata since versions can't be negative.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-19 15:14:14 -07:00
Ying Li 65851590f6 Add a client update test for root rotations that test that the previous root ROLE is satisfied, 
as opposed to just requiring we also sign with whatever key the previous root was signed with.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-19 15:14:14 -07:00
Riyaz Faizullabhoy 94a2e3a741 Change config to disable_tofu instead of tofu 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:56 -07:00
Riyaz Faizullabhoy bbf51108c0 Rename certs package to trustpinning 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:55 -07:00
Riyaz Faizullabhoy 7d6fdc08cd Update function description for expected behavior, groundwork for config 
in validation

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:54 -07:00
Ying Li f8c42e4cbf NotaryRepository.Update now just returns an error, rather than a client 
an error, because we don't actually use the client anymore.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-06 14:08:08 -07:00
Riyaz Faizullabhoy 9ecd899e25 Removing key import and gun from cryptoservice 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:03 -07:00
Ying Li 1bfafa0b77 Add test to check that if a key is rotated, but the requisite piece of 
metadata hasn't been resigned, that an update fails because the
cached version is no longer valid.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-03 09:22:26 -08:00
Ying Li be3520c011 Update the integration tests after rebase 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-22 19:52:18 -08:00
Ying Li 4b13e7d358 Refactor RootRole verification into a helper function used by root and targets validation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-22 19:16:32 -08:00
Ying Li 36ea1f6901 Add root metadata validation to the root data structure 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-22 19:16:32 -08:00
Ying Li b8866877b0 Clarify test comment 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-18 18:59:14 -08:00
Riyaz Faizullabhoy 14edbe33e1 add snapshot meta check in download root, update tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-17 19:40:11 -08:00
Ying Li 9dfaee1add Refactor and add to per-metadata-type mutation tests 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-17 19:39:57 -08:00
Ying Li edb70b5474 Fix test bug where root role mutations weren't being tested 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-17 19:35:03 -08:00
Ying Li 401690d621 Include client update tests to test updating non-root metadata that are missing pieces 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-17 19:35:03 -08:00
Ying Li 95325cd19b Include client update tests to test updating roots that are missing roles 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-17 19:35:03 -08:00
Ying Li 00203f7785 Update the previous backwards compatibility test, and add a new test for downloading. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-02-04 11:51:20 -08:00
David Lawrence c07c7b49c2 removing last vestiges of target download code 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-02-02 11:39:17 -08:00
David Lawrence 637a2331d4 client side of consistent downloads 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-29 16:52:58 -08:00
Ying Li 5a39366f75 Clarify comments w.r.t. having an 'extra space' as being corrupted in transit. 
Also, we are not sure if we want to support thresholds, so make sure the comments
reflect that.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:07:01 -08:00
Ying Li 1baf3c781c Add test that update fails if the local root is corrupt AND the remote root is corrupt. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	client/client_update_test.go
 2016-01-29 11:07:01 -08:00
Ying Li 237561a2a9 Fixed timestamp downloading so if verification fails, we fall back to cached. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	tuf/client/client.go
 2016-01-29 11:05:21 -08:00
Ying Li befd30e9a4 Add tests for updating if server has metadata corruption such that the checksum was valid. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-29 11:01:31 -08:00
Ying Li f8a0e46b6c Add test for when any downloaded metadata has an invalid checksum compared to snapshot or timestamp. 
Signed-off-by: Ying Li <ying.li@docker.com>

Conflicts:
	client/client_update_test.go
 2016-01-29 11:01:31 -08:00
Riyaz Faizullabhoy 41643d4a9c make -1 read up to 100MB of data, use for non-timestamps. Reduce 
timestamp to 1MB max

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:17:17 -08:00
Riyaz Faizullabhoy a6159a45d1 ensure filestore GetMeta only returns up to size bytes. Standardize constant for max size 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-28 10:16:19 -08:00
Ying Li 499d5a7c0c Add an extra targets/b delegation chain to the tests. 
Also, shorten some of the options (do not specify false, since that's default).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 16:34:53 -08:00
Ying Li e79839b216 Add better error reporting for update tests. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 13:23:30 -08:00
Ying Li dde9531b4a Fix an error where we get a JSON syntax error on server 404 or 50X. 
We were testing to see if the cached metadata was nil, but we actually
set it to an empty data.Signed object, but didn't always set it to nil
if we failed to get local metadata.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 13:23:30 -08:00
Ying Li 36684a3290 Use cached timestamp if we get a 404 when updating timestamp. 
We use the cached timestamp for all other errors, so this makes the
error consistent.  The only special metadata is the root.json, where a 404
signifies that the repository doesn't exist.  Also update the message
when a cached timestamp is used.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-21 13:23:16 -08:00
Ying Li 803205d8bf Update and add tests for what happens if the remote repo 404's or 500's on root.json. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-20 14:41:54 -08:00
Ying Li df53f51b0b Refactor swizzler to not produce a repo itself, but to just take some initial metadata. 
Updated the testutils/repo.go utility to be able to produce a repository with delegations
and to export metadata from said repo instead.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-20 10:02:14 -08:00
Ying Li 1404aa9dad Remove client update tests for which it seems like the user is actively sabotaging themselves. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 16:32:34 -08:00
Ying Li edc30ffdb9 Skip the longer client update tests if testing in short mode. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 16:28:52 -08:00
Ying Li ea0a64eeab Add a few tests for updating when the local repo is corrupt. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 16:28:52 -08:00
Ying Li 4f8d28ad7f Add tests for updating replacing corrupted local cache 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 14:07:46 -08:00
Ying Li d4820c5756 Translate ErrMetaNotFound when updating, so long as it's on root, to ErrRepositoryNotExist. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 15:27:11 -08:00