docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,089 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

47 Commits

Author SHA1 Message Date
David Lawrence 8628b57a96 private subdir should be added by keyfilestore, rather than all over the place 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:57 -08:00
David Lawrence 5c064e204b fixing lint/vet 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:21 -08:00
David Lawrence 6acc130e17 list shows where the key is stored 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:20 -08:00
Ying Li 0280a82ae0 Do not back up a root key that is imported into Yubikey. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:11:43 -08:00
Diogo Monica baa92cefa3 Fixed panic on listKeys with invalid keys, added tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:11:27 -08:00
David Lawrence b7c38f0287 fixing tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence da18f54699 import-root, list, and remove working with yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence daa36b43b7 Merge pull request #242 from docker/unify-root-nonroot-keystore 
Unify root nonroot keystore
 2015-10-28 13:14:19 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Ying Li 75b63b84cd Add import/export to KeyStore interface so that the import_export code 
makes use of this rather than mangle files manually to import/export
root keys.  (Regular keys it just zips up the whole directory.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 16:19:14 -07:00
Ying Li 566bd3ce67 Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting 
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.

Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 12:33:46 -07:00
Ying Li ed61974d10 Remove linking from the filestore 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-23 21:19:47 -07:00
Diogo Monica 27461ad9fb Added cli cert command, changed keylisting to be a map, fixed key removal 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-28 18:14:29 -07:00
Aaron Lehmann 3a1292a287 Avoid printing "Passphrases do not match" when passphrase is too short 
Also, wrap the passphrase instructions paragraph at 80 columns, and
change the passphrase variable name in addKey to avoid a conflict with
the package name.

Fixes #146

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-28 14:41:27 -07:00
Diogo Monica e81fc405f6 Refactored keystore, created keydbstore and added tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-24 05:46:40 -07:00
Nathan McCauley 11af29d8db update tests to check for new types 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-23 01:54:14 -07:00
Diogo Monica c5ffbd1055 Adding typed error for missing keys 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-23 00:09:35 -07:00
Derek McGowan 304afb53d0 Add missing use of invalid passphrase error 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 04:08:14 -07:00
Derek McGowan 5eb296d276 Return invalid password when cannot retrieve passphrase 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 03:42:16 -07:00
David Lawrence cfe8255187 better error handling for invalid password 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-22 11:37:54 -07:00
Diogo Monica f7ea67cfab Rebased from master 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:46:01 -07:00
Aaron Lehmann 1aced67471 Improvements to keystore caching 
* RemoveKey must purge the cache entry

* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
  is protected in the case that keystore operations happen from multiple
  goroutines

* Change GetKey to return the alias along with the key. Remove
  GetKeyAlias. This simplifies the code flows that retrieve the alias
  (since they usually get the key and alias together).

* Fix tests affected by key caching

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:36:03 -07:00
Nathan McCauley 1421f47258 keystore caching 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 13:34:11 -07:00
Derek McGowan c35c1ea254 Move passphrase logic to its own package 
The logic to retrieve passphrase is generic and may be used by directly by clients.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-20 13:02:05 -07:00
Nathan McCauley 6b23e7d249 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:10:13 -07:00
Nathan McCauley f07876602f add test for passphraseRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 0642da80f1 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 38fe6bd45b gofmt across the baord 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley de6f65b7e7 many testing fixups to support key aliasing 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:22 -07:00
Nathan McCauley f239757dfd keystore aliasing, take 2 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 5df1eb21f3 keystore aliasing, take 1 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 23b7e8c6af Update keyfilestore to use passwordRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:16 -07:00
Diogo Monica 3ec4f1d7f4 Adding RemoveKey and Test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Aaron Lehmann d2ea9cc0d5 Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces 
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 11:35:22 -07:00
Aaron Lehmann 125d72fd77 Big refactor to make signer use cryptoservices 
- Add MemoryFileStore, a partial FileStore implementation that doesn't
  persist on disk.

- Create a KeyStore interface that allows pluggable key store types. Use
  this interface in the cryptoservice implementation.

- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.

- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.

- Refactor the hardware RSA signing service as a CryptoService.

- Replace custom ed25519 code with cryptoservice.CryptoService.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 09:33:19 -07:00
Diogo Monica 06a28c89ee Added root key creation if non-existing to notary 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 18:56:06 -07:00
Diogo Monica 682e7ea00b Fixing lint 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:55 -07:00
Diogo Monica 8c6de46aca Added list keys that ignores symlinks 2015-07-09 17:58:10 -07:00
Diogo Monica 4635bed2db Major refactor of keys 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-09 17:58:10 -07:00
David Lawrence 1d163650a3 changelist implementation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:09 -07:00
David Lawrence 9d5e988586 working refactor 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-09 17:58:08 -07:00
Diogo Monica e66dc12eca More refactor 2015-07-09 17:58:08 -07:00
Diogo Monica bddf2e1636 Fixing small nit 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-05 22:47:08 -07:00
Diogo Monica d5cdeb93bb Adding EncryptedFileStore and changing interfaces 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-05 21:02:16 -07:00
Diogo Monica fd8471038c Added a keyfilestore with encrypted PEM support 2015-07-04 12:17:54 -07:00