- Export symlinks by encoding them in the zip file.
- Detect symlinks in a zip file on import and create them on the local
filesystem.
- Add test coverage.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- Add MemoryFileStore, a partial FileStore implementation that doesn't
persist on disk.
- Create a KeyStore interface that allows pluggable key store types. Use
this interface in the cryptoservice implementation.
- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.
- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.
- Refactor the hardware RSA signing service as a CryptoService.
- Replace custom ed25519 code with cryptoservice.CryptoService.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Paths that abuse .. shouldn't be able to escape from the filestore. This
is especially important when importing keys from zip files that could
have "creative" paths encoded in the zip.
Add test coverage for this protection.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This allows all keys to be exported to a zip file. Keys that were
already encrypted are kept as-is, and keys that weren't encrypted are
encrypted with the specified passphrase.
Also add a unit test that creates the zip file and checks the expected
keys all exist, and are all encrypted with the expected passphrase.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
David Lawrence
Ying Li
Aaron Lehmann
Nathan McCauley
Diogo Monica