a16e6b58b5
use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-29 16:00:42 -08:00
25a1e9aed7
change to ListRoles, and GetAllLoadedRoles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-20 15:58:55 -08:00
a052d9e105
client library for retrieving keys and signatures for all roles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-20 12:00:09 -08:00
cf4b77b760
Revert "switching out to consistently use canonical json for all marshalling of TUF data"
...
This reverts commit f417c834c4
2016-01-08 14:53:09 -08:00
11795a4573
rename data.ValidRoles to data.BaseRoles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:52 -08:00
d52dbde683
removing the ability to configure role names. It adds a lot of complexity without adding much value. If somebody wants custom role names they can implement it at the display level
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-07 17:38:05 -08:00
f417c834c4
switching out to consistently use canonical json for all marshalling of TUF data
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-06 11:15:27 -08:00
34055f8cf7
Code cleanups as per review, and after rebasing.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:51:48 -08:00
0892ebb13f
Add checks to TUFRepo to fail on updating a target if there are no signing keys.
...
So UpdateDelegation, DeleteDelegation, AddTargets, RemoveTargets now
all check for the role existence, not metadata existence. And they
also check the role's signing keys - there's no point in adding if
we can't sign.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
c12958af36
Do not sign the actual targets metadata unless it's dirty.
...
Previously we were always signing it, but we can't do that anymore
because then delegated users won't be able to publish ever (they
probably don't have the target key).
Some other related changes: when role keys are rotated, that role
needs to be marked as dirty now in order to be re-signed and
published.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
7592a029ef
Do not create the delegation metadata when the delegation is created.
...
Only create it when a target is added to it, or other delegations
are added to it, or when getting a child delegation.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
d3a54cab25
the empty string should be used in delegation Paths to indicate a role can sign anything
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 16:10:43 -08:00
829254a98c
minor test cleanup and small new tests
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-16 15:06:48 -08:00
5891805b29
addressing review
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-15 16:21:30 -08:00
79b05d4c0a
changelists for delegations
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-14 17:23:47 -08:00
fb5c9b28a4
low level tuf delegation primitives with full test coverage
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-14 10:11:47 -08:00
7dc0dbec84
Remove the cryptoservice argument to sign
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:21 -07:00
f73560d839
creating concrete types for the various key ciphers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:02:55 -07:00
2833a88292
adding gotuf to notary
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:36:06 -07:00
Riyaz Faizullabhoy
Ying Li
David Lawrence