docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,850 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
David Lawrence 31f02ec0f7 minor cleanup of filestore initialization 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-19 15:46:56 -07:00
Miloslav Trmač 229d64e0e0 Use ErrKeyNotFound in KeyStore.GetKey 
3 out of 4 KeyStore implementations have already been returning this
type or a pointer to it; document this as a requirement, and modify
implementations to comply.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2016-04-12 14:33:46 -07:00
Riyaz Faizullabhoy c54183bc27 Add error case to keyInfo generation, test yubikey backup, fix rebase conflicts 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:35:34 -07:00
Riyaz Faizullabhoy e1613cdcb2 Address review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy be66056edb change API to specify keyID instead of name 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy 1ed9c352d7 change ks.AddKey to be consistent with CryptoService 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:06 -07:00
Riyaz Faizullabhoy 9ecd899e25 Removing key import and gun from cryptoservice 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy 1aad807439 update role checks for empty gun 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:40 -07:00
Riyaz Faizullabhoy 7bd550a39a import refactor 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:40 -07:00
Riyaz Faizullabhoy c7bccd79e3 addressing review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:39 -07:00
Riyaz Faizullabhoy 2a37590ea6 update interface and comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy c41cee3e5d simplify export logic with new keymap 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy 97e845e295 AddKey for cryptoservice 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy 23eb203a63 add key info api, use for passwd 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:03:14 -07:00
Riyaz Faizullabhoy 351b247aec add tests for initial keystore state, and after removing and adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy bbaef4faba Flatten keystore by adding map, simple tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:00:50 -07:00
Riyaz Faizullabhoy caa9581bcc add tests, consts and fixup 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-08 13:38:42 -08:00
Ying Li 0465365fb6 Return an error if unable to encrypt a key as a valid PEM file 
Also address review comments and fix semantic conflict after rebase.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-23 09:44:51 -08:00
David Lawrence 2bf5d4b09a test for legacy keys and some bugfixes for same 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence f2ec72b5b6 aliases removed from file names 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence 6d5b8ff54a add role into PEM headers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence 1f329868e8 making filestores consistent so you can Get, Remove, etc... the paths returned by ListFiles 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-12-23 09:41:03 -08:00
David Lawrence 8628b57a96 private subdir should be added by keyfilestore, rather than all over the place 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:57 -08:00
David Lawrence 5c064e204b fixing lint/vet 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:21 -08:00
David Lawrence 6acc130e17 list shows where the key is stored 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:20 -08:00
Ying Li 0280a82ae0 Do not back up a root key that is imported into Yubikey. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:11:43 -08:00
Diogo Monica baa92cefa3 Fixed panic on listKeys with invalid keys, added tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:11:27 -08:00
David Lawrence b7c38f0287 fixing tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence da18f54699 import-root, list, and remove working with yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence daa36b43b7 Merge pull request #242 from docker/unify-root-nonroot-keystore 
Unify root nonroot keystore
 2015-10-28 13:14:19 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Ying Li 75b63b84cd Add import/export to KeyStore interface so that the import_export code 
makes use of this rather than mangle files manually to import/export
root keys.  (Regular keys it just zips up the whole directory.)

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 16:19:14 -07:00
Ying Li 566bd3ce67 Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting 
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.

Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-27 12:33:46 -07:00
Ying Li ed61974d10 Remove linking from the filestore 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-23 21:19:47 -07:00
Diogo Monica 27461ad9fb Added cli cert command, changed keylisting to be a map, fixed key removal 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-28 18:14:29 -07:00
Aaron Lehmann 3a1292a287 Avoid printing "Passphrases do not match" when passphrase is too short 
Also, wrap the passphrase instructions paragraph at 80 columns, and
change the passphrase variable name in addKey to avoid a conflict with
the package name.

Fixes #146

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-28 14:41:27 -07:00
Diogo Monica e81fc405f6 Refactored keystore, created keydbstore and added tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-24 05:46:40 -07:00
Nathan McCauley 11af29d8db update tests to check for new types 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-23 01:54:14 -07:00
Diogo Monica c5ffbd1055 Adding typed error for missing keys 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-23 00:09:35 -07:00
Derek McGowan 304afb53d0 Add missing use of invalid passphrase error 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 04:08:14 -07:00
Derek McGowan 5eb296d276 Return invalid password when cannot retrieve passphrase 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 03:42:16 -07:00
David Lawrence cfe8255187 better error handling for invalid password 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-22 11:37:54 -07:00
Diogo Monica f7ea67cfab Rebased from master 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:46:01 -07:00
Aaron Lehmann 1aced67471 Improvements to keystore caching 
* RemoveKey must purge the cache entry

* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
  is protected in the case that keystore operations happen from multiple
  goroutines

* Change GetKey to return the alias along with the key. Remove
  GetKeyAlias. This simplifies the code flows that retrieve the alias
  (since they usually get the key and alias together).

* Fix tests affected by key caching

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:36:03 -07:00
Nathan McCauley 1421f47258 keystore caching 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 13:34:11 -07:00
Derek McGowan c35c1ea254 Move passphrase logic to its own package 
The logic to retrieve passphrase is generic and may be used by directly by clients.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-20 13:02:05 -07:00
Nathan McCauley 6b23e7d249 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:10:13 -07:00
Nathan McCauley f07876602f add test for passphraseRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00