docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,864 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

1864 Commits

Author SHA1 Message Date
Ying Li ab7064ea12 Change minimum required version of metadata to be 1, not 0 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 5d1b4bc6ec Add ConsistentInfo and snapshot/timestamp retroactive checksum tests for the builder. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li c9e91446a1 Builder interface cleanup and bugfixes: 
- can never set an invalid repo, so we can remove the failed builder state
- once a builder is "finished", it's swapped out with one that has no state and cannot be modified
- add builder tests for the negative path cases where builder should error
- fix bug with GenerateSnapshot where we didn't check for a targets to be loaded when generating for the first time

This also adds some negative path tests (cases in which the builder errors due to invalid input or things not being loaded)

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li d1ccf0048d Remove signed.Verify in favor of just using signed.VerifySignatures, 
signed.VerifyVersion, and signed.VerifyExpiry.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li aba6317da0 Remove `SetRoot`, `SetTargets`, `SetTimestamp`, and `SetSnapshot` on tuf.Repo. 
Builder is the only one that sets them now.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 5acab543e4 Update the client to have an old builder and a new builder, and to only use 
cached version numbers to check downloaded version numbers of cached data
validates against the old builder.

This also removes the `GetRepo` function of the builder and adds some data
accessors instead that are necessary to do a consistent download and check
versions, that way the downloader doesn't need to fish around in the repo
itself for data in order to figure out what to download.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 04ec865b31 Update all the server validation and generation code to use the builder. 
This means that the server cannot accept any roots not signed by an
x509 key whose GUN doesn't match the GUN being updated.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 82c88e95a5 Convert bootstrap repo to use the builder 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:57 -07:00
Ying Li 5f3eaf411b Update the downloading client to use the builder. 
Delete the remaining TUF client download tests because they are already covered by
the client update tests.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:57 -07:00
Ying Li a34e2e1dd1 Introduce a builder which builds a TUF repo object, which can be used by 
the downloading client and the server validation.  This will hopefully unify
server and client validation.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:57 -07:00
Ying Li 2874955337 Merge pull request #693 from docker/remove-certstore 
Remove certstore
 2016-04-27 10:58:37 -07:00
Riyaz Faizullabhoy 60c225b361 Type check on testutil key types 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 22:19:52 -07:00
Riyaz Faizullabhoy 2a3c301274 Update and rebase 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:04:48 -07:00
Riyaz Faizullabhoy 1976982685 Use ErrRootRotationFail when checking new root against old keys 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:12 -07:00
Riyaz Faizullabhoy ed1bf1a0a6 Address review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:12 -07:00
Riyaz Faizullabhoy ca9fc99ba5 Goodbye Certstore 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:09 -07:00
Riyaz Faizullabhoy 01bbd532c6 Update update logic to error out on corrupted previous root metadata 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 5901c87feb Update tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 9da40f07da Foundation for removing certstore 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Ying Li dc445b4a3a Merge pull request #697 from aaronlehmann/cosmetic 
trustmanager: Minor cosmetic source code fixes
 2016-04-26 15:28:53 -07:00
Aaron Lehmann 8e30157a5c trustmanager: Minor cosmetic source code fixes 
Fixing a few things I noticed scrolling through the Notary 0.3.0-RC1
diff.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2016-04-26 10:29:39 -07:00
David Lawrence b5a7b2adaa Merge pull request #691 from docker/yubikey-doc-update 
Update docs with yubikey info for docker 1.11
 2016-04-21 17:16:30 -07:00
David Lawrence 12429b74d4 Merge pull request #692 from docker/makebinaries-docs 
better docs for make binaries
 2016-04-21 17:15:30 -07:00
Riyaz Faizullabhoy 37d35e896c Update gopath in dir structure 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-21 17:12:52 -07:00
Riyaz Faizullabhoy e68e1e1e13 better docs for make binaries 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-21 10:28:02 -07:00
Riyaz Faizullabhoy 09af9b1661 Update docs with yubikey info for docker 1.11 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-20 23:07:54 -07:00
Ying Li 3b15594f59 Merge pull request #688 from cyli/remove-tuf-client-tests 
Remove tuf/client tests
 2016-04-20 17:15:03 -07:00
Ying Li 2d72c39e6c Add a few more tests for tuf/store/memorystore. 
Also add a few tuf/client/client_test tests back that checks for download failure
if the local timestamp or snapshot is missing in the local TUF repo.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 17:00:40 -07:00
Ying Li 283c452737 A lot of tuf/client tests are redundant - move the ones that aren't to client_update_test 
and just remove tuf/client/client_test.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 16:59:12 -07:00
Ying Li b2349a0385 Provide a nice SignAndSerialize testutil function to export metadata from a repo. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 16:59:04 -07:00
Ying Li be82a0a5f4 Merge pull request #687 from cyli/error-refactor 
Remove a redundant ErrChecksumMismatch error in tuf/client
 2016-04-20 16:57:01 -07:00
Riyaz Faizullabhoy 74a0adc902 Merge pull request #671 from HuKeping/refactor 
Rework the main for notary signer
 2016-04-20 15:49:38 -07:00
Ying Li 053c2a5a79 Remove a redundant ErrChecksumMismatch error in tuf/client, since we 
already have a ErrMismatchedChecksum in tuf/data/errors.

Also, have the CheckHashes function take a role name so that the
ErrMismatchedChecksum error can include the role name.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-20 11:08:03 -07:00
HuKeping be03c1a9dc Add some test 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 20:48:02 +08:00
HuKeping b3686803c1 Pass to components exactly what they want instead of using global variable 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 20:46:23 +08:00
HuKeping 3f1806d70b Move helper function bootstrap to its own file 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 20:28:59 +08:00
HuKeping ae889ad37a Move the configuration for TLS to its own file. 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 20:25:17 +08:00
HuKeping 8725f6a4c7 Move the configuration for API servers to its own file. 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 20:18:02 +08:00
HuKeping 3501c0edf5 Move the setUpCryptoservices to its own file. 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 20:06:51 +08:00
HuKeping a80c539ce8 Move the passphraseRetriever to its own file. 
Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 19:42:38 +08:00
HuKeping dc147d12c4 Add a source file to hold the configuration things for signer 
Let's name it config.go

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 19:42:38 +08:00
HuKeping ba324344ed Add a struct for signer config 
We can use a struct of config to hold all the necessary info that needed
to run a notary signer.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-20 19:42:38 +08:00
Riyaz Faizullabhoy 4d85f964bc Merge pull request #682 from endophage/store_storage 
minor cleanup of filestore initialization
 2016-04-19 16:49:22 -07:00
David Lawrence 59ae7af769 remove unused tuf/testutils/utils.go 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-19 15:48:13 -07:00
David Lawrence 4f58eda1ec removing unused functions in SimpleFileStore 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-19 15:46:56 -07:00
David Lawrence 64ea94567b refactoring some duplicate code in parsing x509 certs to keys 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-19 15:46:56 -07:00
David Lawrence 31f02ec0f7 minor cleanup of filestore initialization 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-19 15:46:56 -07:00
David Lawrence 358add6075 Merge pull request #686 from docker/go1.6.1 
Update go in dockerfiles to go 1.6.1
 2016-04-19 15:45:45 -07:00
Ying Li ebb2eb8bc6 Merge pull request #683 from cyli/root-rotation-tests 
Some root rotation tests and CLI warnings
 2016-04-19 15:44:03 -07:00
Ying Li 1367311d41 Update client warning to be more clear about why you need to keep your root key past initial root rotation. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-19 15:14:14 -07:00