docker/docs - docs - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
HuKeping	837f659e85	Add more information to health check Prior to this patch, if the MySQL for signer down, the health check of Server just warning out: - "Trust not fully operational: Trust is not healthy" Which is not enough to find the problem. Signed-off-by: Hu Keping <hukeping@huawei.com>	2016-01-08 11:01:16 +08:00
HuKeping	74d4af37a3	Stop injecting to the helper function GetCryptoService is a helper function and we have injected a specific http.ResponseWriter object for it to write back error message. Meanwhile the caller for that function checks whether the cryptoService is nil or not and return immediately if it is nil. I think it's not a good idea to write back HTTP response in the helper function, it's the caller's work and thus there is no need to inject the specific ResponseWriter object into it. Signed-off-by: Hu Keping <hukeping@huawei.com>	2015-12-30 09:42:51 +08:00
HuKeping	54af67344b	Minor typo Signed-off-by: Hu Keping <hukeping@huawei.com>	2015-12-11 14:07:38 +08:00
HuKeping	f147a7ac68	Use canonical way to check if a map contains a key As the language spec: https://golang.org/ref/spec#Index_expressions Signed-off-by: Hu Keping <hukeping@huawei.com>	2015-12-11 14:07:38 +08:00
Ying Li	6aa114a49f	Fix all instances where 'propagate' was mispelled as 'propogate' Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-10 15:12:05 -08:00
David Lawrence	4261d28d46	fixing incomplete comment as raised in #340 Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-07 16:12:09 -08:00
Ying Li	8417f6670b	KeyDBStore refactor so that it just directly takes the DB arguments. Rather than create an SQL DB, then create a gorm BD using the SQL DB. Also split the Create/Get test into two tests. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-04 10:05:31 -08:00
David Lawrence	1e091a0f56	CryptoService.Sign is now dead code. Remove it and update tests Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-30 16:36:34 -08:00
Ying Li	204a4f1534	The NotarySigner cryptoservice now implements GetPrivateKey. Previously, because it's a CryptoService wrapper around a remote signer service, it returned nil all the time. Now, because signing is done via private key more than CryptoService, it has to return a PrivateKey. The key doesn't have private bytes, but can be used for signing. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-15 01:45:21 -08:00
David Lawrence	5c064e204b	fixing lint/vet Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:21 -08:00
David Lawrence	6acc130e17	list shows where the key is stored Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:20 -08:00
Ying Li	5fe09ad8e1	Remove softhsm keys and tests. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:11:00 -08:00
Ying Li	c82802b800	Move ecdsa_hardware_crypto_service to trustmanager/yubikeystore Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:10:56 -08:00
Diogo Mónica	6d82d14ef3	Merge pull request #33 from docker/yubilibrary-search-paths Search a list of possible paths for the Yubico pkcs11 library. Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:10:43 -08:00
Ying Li	30224f27ae	Search a list of possible paths for the Yubico pkcs11 library. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:10:34 -08:00
Ying Li	4867410e98	Ensure that tests pass and binaries build without the pkcs11 build tag. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:10:16 -08:00
Ying Li	1f1868d3ee	Adding integration tests for notary client. This runs through the basic notary init/add/publish/etc. workflow, and some basic key workflows. Note that this does work with the Yubikey, in that created keys while testing do not require touch. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:09:40 -08:00
David Lawrence	28c3eca478	Merge pull request #28 from docker/import_to_yubikey Import to yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)	2015-11-12 01:09:35 -08:00
David Lawrence	91e8b9bcdb	backup to a KeyFileStore and take out key remove Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:32 -08:00
David Lawrence	542c4a6d32	removing role from backup key path Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:32 -08:00
David Lawrence	72cd24ac13	explicit return in yubikeystore.AddKey to see if interface typing is causing weird behaviour Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	de9f651494	fixing lint comments Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	e8d2240c79	write private key to a backup dir when creating keys on yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	705587b0b5	update yubikeystore keys cache when adding Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	beca50909d	update to only use slots 0-3 Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	b7c38f0287	fixing tests Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	0fd1fa6ada	arbitrary slots working Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	fea898bd34	listing all keys in the yubikey works Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	da18f54699	import-root, list, and remove working with yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	6ba7335793	fill in implementation of removeKey for yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	be4c0669c1	move import/export to cryptoservice and add import to yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	cf50ffcd33	add message when user is required to touch yubikey to sign. N.B. touch is required during Sign, not SignInit Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:25 -08:00
David Lawrence	22244fff65	improve password challenge messaging when using yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:08:41 -08:00
Jessica Frazelle	5f21ebd185	Add pkcs11 build tags Add build tags and a check in Makefile to be sure you do not import pkcs11 lib somewhere where it should not be. This will ensure docker import and integration will continue to work. Signed-off-by: Jessica Frazelle <acidburn@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)	2015-11-12 01:07:00 -08:00
Jessica Frazelle	913c5ef033	add build tag files for pkcs11 dlopen lib Signed-off-by: Jessica Frazelle <acidburn@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)	2015-11-12 01:06:51 -08:00
Diogo Monica	af1bf0c1d5	Removing debug adding pcs11 to makefiles Signed-off-by: Diogo Monica <diogo@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)	2015-11-12 01:06:46 -08:00
David Lawrence	07f0065152	ask for pin when signing Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:06:38 -08:00
Diogo Monica	53ed60ed89	Adding mandatory touch for signatures Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)	2015-11-12 01:06:33 -08:00
Jessica Frazelle	4648666b7c	add pkcs11 build tags Signed-off-by: Jessica Frazelle <acidburn@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)	2015-11-12 01:06:26 -08:00
Diogo Monica	21138e6bad	Working version of Notary and Yubikey Signed-off-by: Diogo Monica <diogo@docker.com> Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> WIP Signed-off-by: Diogo Monica <diogo@docker.com> working yubikey integration Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage) Fixing small colon bug Signed-off-by: Diogo Monica <diogo@docker.com> Added things. Ship it. Signed-off-by: Diogo Monica <diogo@docker.com> Bringing ecdsahwcryptosigner to 2015 Signed-off-by: Diogo Monica <diogo@docker.com> Working version of notary and yubikey Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:06:09 -08:00
Diogo Monica	ae11483a7b	initial work on pkcs11 support Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)	2015-11-12 01:05:55 -08:00
David Lawrence	f791c01974	cryptoservices can abstract multiple keystores Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-30 11:05:43 -07:00
David Lawrence	06990fd5a1	integreating with @cyli's improvements Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-30 10:15:52 -07:00
Ying Li	91d54899d7	Add a GetPrivateKey method to cryptoservice so that we can future-proof cryptoservice having multiple keystores Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 16:34:40 -07:00
Ying Li	f9019873a6	Merge pull request #243 from endophage/key_types creating concrete types for the various key ciphers	2015-10-29 14:21:33 -07:00
David Lawrence	b7ce16ab6f	fixes for Diogo's comments Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-28 19:24:51 -07:00
David Lawrence	f73560d839	creating concrete types for the various key ciphers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-28 16:02:55 -07:00
Ying Li	126691ac9e	Update the notary server and signer configs to make use of client authentication. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:42:33 -07:00
Ying Li	34aecae033	Split out parsing the client TLS in notary-server. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:40:41 -07:00
David Lawrence	daa36b43b7	Merge pull request #242 from docker/unify-root-nonroot-keystore Unify root nonroot keystore	2015-10-28 13:14:19 -07:00

1 2 3

102 Commits