docker/docs - docs - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Miloslav Trmač	d835fbbca2	Implement root certificate rotation in NotaryRepository NotaryRepository can now list root certificates, and generate new versions (as changelists to be applied on Publish). This is a pretty mechanical encapsulation of the root certificate rotation support in Repo.AddBaseKeys and Repo.RemoveBaseKeys. The only slightly interesting part is ListRootCert, which requires on-line access to ensure fresh data, and depends on CertStore doing some verification for us. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2016-04-13 11:48:36 -07:00
Ying Li	f8c42e4cbf	NotaryRepository.Update now just returns an error, rather than a client an error, because we don't actually use the client anymore. Signed-off-by: Ying Li <ying.li@docker.com>	2016-04-06 14:08:08 -07:00
David Lawrence	bfee37d471	update top level Signed.Signed to be a *json.RawMessage Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-03-18 16:18:53 -07:00
Riyaz Faizullabhoy	9ecd899e25	Removing key import and gun from cryptoservice Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy	2a37590ea6	update interface and comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy	95af5d4800	try cleaning up removekey, debugging tests Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:00 -07:00
Riyaz Faizullabhoy	351b247aec	add tests for initial keystore state, and after removing and adding Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy	83f7c758ca	Remove delegation role fallback when applying targets changes Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-16 15:12:11 -07:00
Ying Li	44cccbb4db	Make all key rotations publish immediately, not just remote key rotations Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-15 18:35:30 -07:00
Ying Li	fa5edc40af	Publish only the key rotation changes after a remote key rotation Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-15 18:17:27 -07:00
Ying Li	b6c4840231	Update comments, and publish in the CLI after remote key rotation Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-15 18:17:27 -07:00
Ying Li	e3716f0be9	Change the CLI for rotate key to require a role type Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-15 18:17:27 -07:00
Ying Li	07b9f504e4	Update the CLI and client to no longer reject remote timestamp rotations. Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-15 18:17:27 -07:00
Ying Li	4022e97b08	Use 'require' instead of 'assert' in client and TUF client tests Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-15 13:52:48 -07:00
Ying Li	e25746dac3	Use a CacheControlHandler that wraps other handlers instead Signed-off-by: Ying Li <ying.li@docker.com>	2016-03-14 17:19:13 -07:00
Riyaz Faizullabhoy	bde878cdb6	changing API for updating delegations Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-23 11:57:08 -08:00
Riyaz Faizullabhoy	729bb88537	addressing review comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-23 11:55:31 -08:00
Riyaz Faizullabhoy	06e34e825a	walk for updating/creating delegations, validate changes to paths Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-23 11:55:31 -08:00
David Lawrence	1db128778d	completely removing KeyDB Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-02-16 21:11:13 -08:00
Riyaz Faizullabhoy	9c84547853	Add tests against old style changes and clear paths Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-02 17:01:35 -08:00
Riyaz Faizullabhoy	70ee4f8670	PoC broken down client api for delegations Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-02 17:01:35 -08:00
David Lawrence	637a2331d4	client side of consistent downloads Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-29 16:52:58 -08:00
Riyaz Faizullabhoy	a16e6b58b5	use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-29 16:00:42 -08:00
Jessica Frazelle	a64db12c04	change url from jfrazelle/go to docker/go Signed-off-by: Jessica Frazelle <acidburn@docker.com>	2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy	25a1e9aed7	change to ListRoles, and GetAllLoadedRoles Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-20 15:58:55 -08:00
Riyaz Faizullabhoy	a052d9e105	client library for retrieving keys and signatures for all roles Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-20 12:00:09 -08:00
Ying Li	6f2e851b29	Merge pull request #479 from docker/remove_to_lower Do not lowercase role names when adding a change	2016-01-19 16:22:41 -08:00
Ying Li	a3b9a5543f	Do not lowercase role names when adding a change Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-19 14:32:00 -08:00
Ying Li	cf0bb5a9be	Merge pull request #440 from docker/diogo-cli-adding-delegations delegation command for notary-cli	2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy	ca67f1e71a	client library deletion functionality, and integration into remove cert CLI Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy	138d6cea09	Add, remove, and list delegation command. TUF changelist action change for deletions (force vs. individual items) Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-18 16:24:45 -08:00
Ying Li	877d47bb5c	Add tests to ensure you can just drop a key in tuf_key and use it for signing. This is important for user keys, which do not necessarily need to be under a GUN, and may have a role other than one of the canonical roles (e.g. "user" role). Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-15 18:54:41 -08:00
David Lawrence	c0fb05584e	fixing incorrect comments Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-15 11:30:32 -08:00
David Lawrence	9e80ad8158	remove certs.NewManager function Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-15 11:30:32 -08:00
David Lawrence	a8b21cafe0	CertManager is completely removed Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-15 11:30:32 -08:00
Ying Li	c65fc03ef9	Update test to make x509 keys start a day in the past. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-14 14:15:38 -08:00
Ying Li	b74f1835b7	Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish Adds additional tests to ensure that keys aren't unnecessarily created on error, and that only the required keys to sign are used. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-14 10:51:24 -08:00
David Lawrence	a60f228189	fixing use of require vs assert Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-13 15:59:33 -08:00
Diogo Mónica	26d3f3f92b	Merge pull request #413 from endophage/fix_root_download fixing bootstrapClient to prefer cached root	2016-01-13 15:48:39 -08:00
David Lawrence	06d23e14c9	add test for invalid remote URL add offline store for use when we can't initialize a remote store Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-13 15:26:57 -08:00
Ying Li	cf4b77b760	Revert "switching out to consistently use canonical json for all marshalling of TUF data" This reverts commit `f417c834c4`. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-08 14:53:09 -08:00
David Lawrence	5ced01a262	add test to confirm bootstrapClient with a bad URL errors Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-08 09:03:27 -08:00
David Lawrence	11795a4573	rename data.ValidRoles to data.BaseRoles Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-07 17:38:52 -08:00
David Lawrence	d52dbde683	removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-07 17:38:05 -08:00
Ying Li	c1c0ccf4be	Combine bootstrapClient and tuf/client's Client.Update into NotaryRepository.Update. - it is easier to understand what's going on in the online functions of NotaryRepository - we can test NotaryRepository.Update independently (although it'd be nice to have some way of ensuring that the actual public functions of NotaryRepository like ListTargets, GetTargetByName, and Publish actually calls Update. - distinct error if the remote repo doesn't exist. This also stops wrapping signed.ErrExpired in client.ErrExpired, and just passes signed.ErrExpired on directly. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-07 16:58:46 -08:00
David Lawrence	f417c834c4	switching out to consistently use canonical json for all marshalling of TUF data Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-06 11:15:27 -08:00
Ying Li	61bbf7be49	Change ListTargetes and GetTargetsByName to return TargetWithRole. This object has both the target and the role in which the target was found. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-04 17:15:44 -08:00
Ying Li	2f2a0b9c9f	Display the role when listing targets using the Notary CLI. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-04 15:20:06 -08:00
Ying Li	ecd96c8218	Fix potential infinite loop in tuf/Client.TargetMeta Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-04 10:50:35 -08:00
Ying Li	9252d9d892	Update client.Target to include a RoleName, so we know where the target is when listed. Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-04 10:49:54 -08:00

1 2 3 4

152 Commits