This way we can test the command more easily (we want to test the error, as opposed to
just killing the test).
Signed-off-by: Ying Li <ying.li@docker.com>
This makes it possible to delegate snapshots key management to the
server, and to reclaim the responsibility.
Signed-off-by: Ying Li <ying.li@docker.com>
This lists any matching keys, and requires the user to pick which one
to choose, if there is more than 1 matching key. Also requires the
user to confirm before deleting.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Ensures that the notary command line help text start with capital
letters, and add information about hardware keys and online/offline operation.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
This runs through the basic notary init/add/publish/etc. workflow,
and some basic key workflows.
Note that this does work with the Yubikey, in that created keys while
testing do not require touch.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
PR #242 has started requiring a passphrase for the imported key, and
recomputes the key ID, making the command-line argument redundant. So,
remove it from the command line and from the KeyStoreManager API.
Also updates the comment for KeyStoreManager.ImportRootKey, and changes
(notary key import-root) to refuse unexpected arguments instead of
silently ignoring them.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
-c was recently taken over by --configFile; using it for
--change-passphrase as well results in
panic: shorthand redefinition
So, move --change-passphrase to -p.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
- Export symlinks by encoding them in the zip file.
- Detect symlinks in a zip file on import and create them on the local
filesystem.
- Add test coverage.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This makes the full subcommand names smoother; for example "notary key
generate" instead of "notary keys generate".
Add a "notary key list" subcommand to list keys, so "notary key"
lists the possible subcommands, instead of needing to use "notary key
-h".
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This adds four commands:
- notary keys export: export all keys, or keys for a particular GUN
(with -g)
- notary keys export-root: export root key by ID
- notary keys import: import a zip file of keys
- notary keys import-root: import a single root key
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Ying Li
Riyaz Faizullabhoy
David Lawrence
Diogo Mónica
Diogo Monica
Miloslav Trmač
Aaron Lehmann