Previously we were always signing it, but we can't do that anymore
because then delegated users won't be able to publish ever (they
probably don't have the target key).
Some other related changes: when role keys are rotated, that role
needs to be marked as dirty now in order to be re-signed and
published.
Signed-off-by: Ying Li <ying.li@docker.com>
This involved a refactor test helper function assertPublishSucceeds to
take roles and expected published-to-roles.
Signed-off-by: Ying Li <ying.li@docker.com>
This should make it possible to delegate snapshot key management
to the server for existing repos, or switching back to user managing
snapshot keys.
Signed-off-by: Ying Li <ying.li@docker.com>
or unreadable.
This also modifies tuf/store/filestore to return ErrMetaNotFound if the
metadata file does not exist.
Signed-off-by: Ying Li <ying.li@docker.com>
- add a specific error type when the server is requested to manage
an unsupported key type
- variable name change
Signed-off-by: Ying Li <ying.li@docker.com>
This supports the case of a user intializing a repo so that the server
signs the snapshot, and then changing their minds and rotating the keys
so that they now sign the snapshot, but all before publishing a single
thing.
Signed-off-by: Ying Li <ying.li@docker.com>
The errors returned by the server aren't great right now, so it's hard
to try to be clever in synthesizing a signed.ErrNoKeys{}.
Signed-off-by: Ying Li <ying.li@docker.com>
When publishing, do not sign and send the snapshot metadata if the
client does not have the snapshot key. If the server sends back
an error, then it also does not have a snapshot key and the
client should propogate the no signing key error.
Signed-off-by: Ying Li <ying.li@docker.com>
If configured to have the server manage the snapshot key, the snapshot
key is not generated and there will be no snapshot metadata.
Signed-off-by: Ying Li <ying.li@docker.com>
When the user insists on an invalid passphrase (or aborts the
operation), CryptoService.GetPrivateKey will try the correct root
location first, correctly failing, and then try to look for the root key
in the $gun subdirectory, and so will return the last error, a confusing
”open $path: no such file or directory”.
So, recognize the passphrase-related errors and fail with them directly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Also, eliminate the timestamp JSON constant and just generate a new
one for the tests.
The client test now also uses KeyFileStore and certs.Manager to
verify the keys and certs on disk, rather than directly manipulating
the files themselves. This way, if the exact implementation of
KeyFileStore or certs.Manager changes, this test won't fail so long
as KeyFileStore and certs.Manager are self-consistent.
Signed-off-by: Ying Li <ying.li@docker.com>
Currently, when listing, publishing, or getting a particular target,
if the remote server errors, the client attempts to load it from a
local cache. However, if there is no local cache, it just returns
Metadata Not Found for listing and getting. Have it report the
remote the original remote error instead of Metadata Not Found
locally.
Signed-off-by: Ying Li <ying.li@docker.com>
Ying Li
Diogo Mónica
David Lawrence
Riyaz Faizullabhoy
Miloslav Trmač
Ying Li