docker/docs - docs - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Ying Li	a89bdaa9bf	Just propogate server error if server can't sign snapshot. The errors returned by the server aren't great right now, so it's hard to try to be clever in synthesizing a signed.ErrNoKeys{}. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 10:16:39 -08:00
Ying Li	a924ca172f	When initializing a repo, create local keys before getting remote keys. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 10:16:39 -08:00
Ying Li	d0e789740a	Simplify the logic to determine whether to publish the root Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 10:16:39 -08:00
Ying Li	642cf7f353	Slight refactor of NotaryRepository.Initialize Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 10:16:39 -08:00
Ying Li	39d79d9844	NotaryRepository.Publish supports server managing snapshot keys. When publishing, do not sign and send the snapshot metadata if the client does not have the snapshot key. If the server sends back an error, then it also does not have a snapshot key and the client should propogate the no signing key error. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 10:16:39 -08:00
Ying Li	4b46a34524	NotaryRepository.Intialize supports server managing snapshot keys. If configured to have the server manage the snapshot key, the snapshot key is not generated and there will be no snapshot metadata. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 10:16:39 -08:00
David Lawrence	26d30953c8	Merge pull request #312 from mtrmac/cert-expiration Cert expiration	2015-12-10 08:40:24 -08:00
Miloslav Trmač	bd6d937f43	Fix computation of certificate expiration Instead of 3650 days, actually use 10 years (i.e. take into account leap days). Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	3c6335c572	Explicitly supply validity times to certificate generation Add explicit startTime and endTime parameters to cryptoservice.GenerateCertificate and trustmanager.NewCertificate. trustmanager.NewCertificate as a low-level data manipulation function should not be hard-coding policy (10-year expiration); that policy belongs to its callers, or one more level higher to callers of cryptoservice.GenerateCertificate. These places hard-coding policy now also have an explict comment to that effect. In addition to conceptual cleanliness, this will allow writing tests of certificate expiry by generating appropriate expired or nearly-expired certificates. Tests which don't care about the policy much will continue to use the just added cryptoservice.GenerateTestingCertificate. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	e19e7fc44d	Remove misleading passphrase-related error handling in NotaryRepository.Initialize: 1. It is on a path where those errors can never happen 2. The specific error handling would silently ignore the error, which can’t be right anyway. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 19:58:02 +01:00
Ying Li	9ef782184c	Minor refactor of NotaryRepository constructor to use more shared code. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-07 17:19:28 -08:00
Ying Li	dbcb56b3bf	Renamed keystoremanager to certs, and KeyStoreManager to Manager. Since it no longer depends upon KeyStore, nor does it manipulate keys in any way. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-23 17:19:26 -05:00
Ying Li	8432f9db07	Fixes client to report problems contacting the remote server. Currently, when listing, publishing, or getting a particular target, if the remote server errors, the client attempts to load it from a local cache. However, if there is no local cache, it just returns Metadata Not Found for listing and getting. Have it report the remote the original remote error instead of Metadata Not Found locally. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 05:26:00 -08:00
David Lawrence	519a2ccbe8	removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:08:49 -08:00
Diogo Monica	68992ddaf5	Resolving rebase conflicts Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)	2015-11-12 01:07:09 -08:00
David Lawrence	07f0065152	ask for pin when signing Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:06:38 -08:00
Jessica Frazelle	4648666b7c	add pkcs11 build tags Signed-off-by: Jessica Frazelle <acidburn@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)	2015-11-12 01:06:26 -08:00
Diogo Monica	21138e6bad	Working version of Notary and Yubikey Signed-off-by: Diogo Monica <diogo@docker.com> Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> WIP Signed-off-by: Diogo Monica <diogo@docker.com> working yubikey integration Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage) Fixing small colon bug Signed-off-by: Diogo Monica <diogo@docker.com> Added things. Ship it. Signed-off-by: Diogo Monica <diogo@docker.com> Bringing ecdsahwcryptosigner to 2015 Signed-off-by: Diogo Monica <diogo@docker.com> Working version of notary and yubikey Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:06:09 -08:00
David Lawrence	9428beea50	expose cryptoservice in NotarySigner Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-30 11:08:35 -07:00
Ying Li	91d54899d7	Add a GetPrivateKey method to cryptoservice so that we can future-proof cryptoservice having multiple keystores Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:34:40 -07:00
Ying Li	7dc0dbec84	Remove the cryptoservice argument to sign Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:34:21 -07:00
Ying Li	a3e9558b03	1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo! 2. Call NotaryRepository.cryptoService.GetKey rather than NotaryRepository.KeyStoreManager.KeyStore.GetKey Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:13:23 -07:00
Ying Li	b9a4175ea9	Update the client NotaryRepository to initialize with a root key ID Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 15:11:15 -07:00
David Lawrence	ca7988d642	fixing lint + vet things Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-28 16:20:08 -07:00
David Lawrence	f73560d839	creating concrete types for the various key ciphers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-28 16:02:55 -07:00
David Lawrence	daa36b43b7	Merge pull request #242 from docker/unify-root-nonroot-keystore Unify root nonroot keystore	2015-10-28 13:14:19 -07:00
David Lawrence	2833a88292	adding gotuf to notary Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-27 16:36:06 -07:00
Ying Li	566bd3ce67	Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting over the root keys directory from non-root keys directory from keystoremanager to keystore, since we're eliminating keystoremanager. Maintain the two separate directories, though, because one can't tell whether there is an old-style separate-directories structure, or if someone has a GUN that starts with tuf_keys. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-27 12:33:46 -07:00
Ying Li	402c704798	Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-21 14:21:10 -07:00
David Lawrence	8a996f417a	updating godeps and notary for some syntax changes in gotuf brought on by golint Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-20 23:56:35 -07:00
David Lawrence	e587b0427a	test for key rotation Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 22:53:57 -07:00
David Lawrence	98cde51f18	working basic key rotation for targets and snapshot key. Command is 'notary key rotate [GUN]' Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 20:35:06 -07:00
David Lawrence	ac54370fb0	cleanup after discussing with Diogo Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:40:36 -07:00
David Lawrence	009400650e	minor tweaks to key rotation Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:24:08 -07:00
David Lawrence	959d0267ac	command skeletons in place, changelist actions implemented Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:24:08 -07:00
Ryan Cox	7bee606f43	Add support for 'notary status' command to show details about unpublished changes Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>	2015-10-08 22:07:36 -07:00
Diogo Mónica	33b77ea733	Merge pull request #175 from endophage/get_remote_err check error in initializing remote store	2015-08-10 10:30:08 -07:00
David Lawrence	0ece438313	server side validation during updates Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-08-05 14:00:07 -07:00
David Lawrence	3794dbf28e	check error in initializing remote store Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-31 16:20:17 -07:00
David Lawrence	529230369a	tests for changelist client helpers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-28 11:29:46 -07:00
David Lawrence	0f322c69a2	fixing remove Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-28 10:21:14 -07:00
David Lawrence	503a1b8a6e	change error log to debug Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-23 14:24:46 -07:00
David Lawrence	6fd60f88d1	add ErrExpired to notary client to translate from gotuf ErrExpired Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-22 18:54:00 -07:00
Diogo Mónica	21a9b99e94	Merge pull request #114 from docker/invalid_password_err better error handling for invalid password	2015-07-22 15:09:53 -07:00
David Lawrence	1fc3257f6e	updating gotuf dep with some better http error handling. Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-22 13:19:52 -07:00
David Lawrence	cfe8255187	better error handling for invalid password Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-22 11:37:54 -07:00
David Lawrence	8b2888d122	latest vendored gotuf Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-21 13:57:21 -07:00
David Lawrence	b44e835275	update default expiry times to those agreed on Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-07-20 14:59:19 -07:00
Nathan McCauley	ff2e583439	Merge pull request #101 from dmcgowan/passphrase-util Move passphrase logic to its own package	2015-07-20 13:15:20 -07:00
Derek McGowan	c35c1ea254	Move passphrase logic to its own package The logic to retrieve passphrase is generic and may be used by directly by clients. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)	2015-07-20 13:02:05 -07:00

1 2 3

101 Commits