ab7064ea12
Change minimum required version of metadata to be 1, not 0
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-27 10:58:58 -07:00
04ec865b31
Update all the server validation and generation code to use the builder.
...
This means that the server cannot accept any roots not signed by an
x509 key whose GUN doesn't match the GUN being updated.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-27 10:58:58 -07:00
053c2a5a79
Remove a redundant ErrChecksumMismatch error in tuf/client, since we
...
already have a ErrMismatchedChecksum in tuf/data/errors.
Also, have the CheckHashes function take a role name so that the
ErrMismatchedChecksum error can include the role name.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-20 11:08:03 -07:00
ae133606ad
pass checksum to GetOrCreateSnapshot. One timestamp test now obsolete as we always regenerate a timestamp when regenerating a snapshot, other test has one error change because we now look for an explicit checksum, hence writing incorrect data to DB for the snapshot results in a rather than a
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-04-18 22:07:11 -07:00
db2e625341
Transaction-logic for rethink
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-04-18 17:41:06 -07:00
49be037bdd
Change GetOrCreateTimestamp to only create a new timestamp if the old is expired.
...
This is in preparation for the server validation automatically generating a timestamp
when an update is applied.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-23 13:24:52 -07:00
9ff2558f81
unifying timestamp generation code so server/timestamp/timestamp.go isn't going its own unique version
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-03-23 13:24:52 -07:00
bfee37d471
update top level Signed.Signed to be a *json.RawMessage
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-03-18 16:18:53 -07:00
9ecd899e25
Removing key import and gun from cryptoservice
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:31:03 -07:00
e1397f4b03
Use updated-at for last modification date for getting current metadata
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-14 17:18:18 -07:00
802673fc9d
Add cache control headers to Getting metadata
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-14 17:18:18 -07:00
8768c12901
Return the creation date for GetChecksum and GetCurrent from the server database store.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-14 17:18:18 -07:00
6cd6b4726c
[MISC 1/4] Tiny refactor
...
Reduce function "snapshotExpired" in a simpler form and replace the
literal string by the constants defined in the data package.
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-11 16:43:44 +08:00
4d9e2e5e16
[PATCH 7/8] Update the server side
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-11 10:45:01 +08:00
cb2dd07edc
the server was not setting the longer snapshot expiry time. When generating a timestamp it was also retriving the snapshot directly from the database and only validating the checksum still matched what was in the timestamp. Due to the addition of consistent downloads, this mean a new snapshot never got generated. It is necessary for GetOrCreateTimestamp to call GetOrCreateSnapshot to ensure a new snapshot is generated as and when required
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-24 15:51:31 -08:00
a64db12c04
change url from jfrazelle/go to docker/go
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2016-01-26 08:43:38 -08:00
cf4b77b760
Revert "switching out to consistently use canonical json for all marshalling of TUF data"
...
This reverts commit f417c834c4
2016-01-08 14:53:09 -08:00
f417c834c4
switching out to consistently use canonical json for all marshalling of TUF data
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-06 11:15:27 -08:00
38d2175087
tests for new validation code
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-16 15:06:48 -08:00
cae5940c70
generate snapshots server side
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-07 12:55:09 -08:00
e20773f2b1
renaming TimestampKey and ErrTimestampKeyExists to just Key and ErrKeyExists
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-03 11:25:45 -08:00
c2c474b9c6
generalize notary server key storage to be able to handle any role, not just timestamps
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-03 11:25:45 -08:00
f73560d839
creating concrete types for the various key ciphers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:02:55 -07:00
2833a88292
adding gotuf to notary
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:36:06 -07:00
74b4ef064c
change canonical json package
...
update godeps for gotuf and canonical json
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-09-03 20:11:49 -07:00
f9c63780b7
Use gotuf expires function
...
The gotuf library defines a function to check expiration of timestamps which notary will make use of.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-29 17:11:56 -07:00
7db33797a8
fixing timestamp errors on list
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-20 10:35:40 -07:00
5015b1f47d
fixing timestamps, clearing changelists, and the Adding target byte log
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 17:55:13 -07:00
d2ea9cc0d5
Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces
...
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-17 11:35:22 -07:00
125d72fd77
Big refactor to make signer use cryptoservices
...
- Add MemoryFileStore, a partial FileStore implementation that doesn't
persist on disk.
- Create a KeyStore interface that allows pluggable key store types. Use
this interface in the cryptoservice implementation.
- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.
- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.
- Refactor the hardware RSA signing service as a CryptoService.
- Replace custom ed25519 code with cryptoservice.CryptoService.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-17 09:33:19 -07:00
40921a4bed
fixing lint and vet errors
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-13 18:18:33 -07:00
ec08d28610
provide an additional handler to allow clients to update any set of TUF metadata atomically
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-13 18:18:33 -07:00
e4704f9729
Update notary for removal of signed.Signer
...
We now deal with CryptoServices directly instead of passing around
Signers.
UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-13 15:18:02 -07:00
765a2cf661
Refactor crypto service
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 13:53:47 -07:00
89379a728c
adding timestamping and some general cleanup
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-03 15:38:09 -07:00
Ying Li
David Lawrence
Riyaz Faizullabhoy
HuKeping
Jessica Frazelle
Derek McGowan
Aaron Lehmann
Diogo Monica