docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,869 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

163 Commits

Author SHA1 Message Date
Ying Li 04ec865b31 Update all the server validation and generation code to use the builder. 
This means that the server cannot accept any roots not signed by an
x509 key whose GUN doesn't match the GUN being updated.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:58 -07:00
Ying Li 5f3eaf411b Update the downloading client to use the builder. 
Delete the remaining TUF client download tests because they are already covered by
the client update tests.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-27 10:58:57 -07:00
Riyaz Faizullabhoy ca9fc99ba5 Goodbye Certstore 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 17:00:09 -07:00
Riyaz Faizullabhoy 01bbd532c6 Update update logic to error out on corrupted previous root metadata 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 5901c87feb Update tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-26 16:59:22 -07:00
Riyaz Faizullabhoy 378116d37c Add empty hashes check for AddTarget 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 13:39:26 -07:00
Riyaz Faizullabhoy 94a2e3a741 Change config to disable_tofu instead of tofu 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:56 -07:00
Riyaz Faizullabhoy 7d6fdc08cd Update function description for expected behavior, groundwork for config 
in validation

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-19 11:01:54 -07:00
Ying Li cea46f7c3e Change root cert rotation to be root key rotation instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 22:12:53 -07:00
Ying Li 708507adde Require signing with all previous roles, instead of just the immediately previous role 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 22:10:58 -07:00
Ying Li 160ea2bc54 Address review comments and improve docstrings 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 11:48:36 -07:00
Miloslav Trmač d835fbbca2 Implement root certificate rotation in NotaryRepository 
NotaryRepository can now list root certificates, and
generate new versions (as changelists to be applied
on Publish).

This is a pretty mechanical encapsulation of the
root certificate rotation support in Repo.AddBaseKeys
and Repo.RemoveBaseKeys. The only slightly interesting
part is ListRootCert, which requires on-line access
to ensure fresh data, and depends on CertStore doing
some verification for us.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2016-04-13 11:48:36 -07:00
Ying Li f8c42e4cbf NotaryRepository.Update now just returns an error, rather than a client 
an error, because we don't actually use the client anymore.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-06 14:08:08 -07:00
David Lawrence bfee37d471 update top level Signed.Signed to be a *json.RawMessage 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-03-18 16:18:53 -07:00
Riyaz Faizullabhoy 9ecd899e25 Removing key import and gun from cryptoservice 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy 2a37590ea6 update interface and comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy 95af5d4800 try cleaning up removekey, debugging tests 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:04:00 -07:00
Riyaz Faizullabhoy 351b247aec add tests for initial keystore state, and after removing and adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy 83f7c758ca Remove delegation role fallback when applying targets changes 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-16 15:12:11 -07:00
Ying Li 44cccbb4db Make all key rotations publish immediately, not just remote key rotations 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:35:30 -07:00
Ying Li fa5edc40af Publish only the key rotation changes after a remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li b6c4840231 Update comments, and publish in the CLI after remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li e3716f0be9 Change the CLI for rotate key to require a role type 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li 07b9f504e4 Update the CLI and client to no longer reject remote timestamp rotations. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li 4022e97b08 Use 'require' instead of 'assert' in client and TUF client tests 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 13:52:48 -07:00
Ying Li e25746dac3 Use a CacheControlHandler that wraps other handlers instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:19:13 -07:00
Riyaz Faizullabhoy bde878cdb6 changing API for updating delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-23 11:57:08 -08:00
Riyaz Faizullabhoy 729bb88537 addressing review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-23 11:55:31 -08:00
Riyaz Faizullabhoy 06e34e825a walk for updating/creating delegations, validate changes to paths 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-23 11:55:31 -08:00
David Lawrence 1db128778d completely removing KeyDB 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-02-16 21:11:13 -08:00
Riyaz Faizullabhoy 9c84547853 Add tests against old style changes and clear paths 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
Riyaz Faizullabhoy 70ee4f8670 PoC broken down client api for delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-02 17:01:35 -08:00
David Lawrence 637a2331d4 client side of consistent downloads 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-29 16:52:58 -08:00
Riyaz Faizullabhoy a16e6b58b5 use only canonical IDs for display on delegation CLI commands, translate to TUF key IDs for metadata usage under the hood 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-29 16:00:42 -08:00
Jessica Frazelle a64db12c04
change url from jfrazelle/go to docker/go 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
 2016-01-26 08:43:38 -08:00
Riyaz Faizullabhoy 25a1e9aed7 change to ListRoles, and GetAllLoadedRoles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 15:58:55 -08:00
Riyaz Faizullabhoy a052d9e105 client library for retrieving keys and signatures for all roles 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-20 12:00:09 -08:00
Ying Li 6f2e851b29 Merge pull request #479 from docker/remove_to_lower 
Do not lowercase role names when adding a change
 2016-01-19 16:22:41 -08:00
Ying Li a3b9a5543f Do not lowercase role names when adding a change 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-19 14:32:00 -08:00
Ying Li cf0bb5a9be Merge pull request #440 from docker/diogo-cli-adding-delegations 
delegation command for notary-cli
 2016-01-19 13:54:56 -08:00
Riyaz Faizullabhoy ca67f1e71a client library deletion functionality, and integration into remove cert 
CLI

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-19 11:18:33 -08:00
Riyaz Faizullabhoy 138d6cea09 Add, remove, and list delegation command. TUF changelist action change 
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-01-18 16:24:45 -08:00
Ying Li 877d47bb5c Add tests to ensure you can just drop a key in tuf_key and use it for signing. 
This is important for user keys, which do not necessarily need to be under a GUN,
and may have a role other than one of the canonical roles (e.g. "user" role).

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-15 18:54:41 -08:00
David Lawrence c0fb05584e fixing incorrect comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence 9e80ad8158 remove certs.NewManager function 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
David Lawrence a8b21cafe0 CertManager is completely removed 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-15 11:30:32 -08:00
Ying Li c65fc03ef9 Update test to make x509 keys start a day in the past. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 14:15:38 -08:00
Ying Li b74f1835b7 Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish 
Adds additional tests to ensure that keys aren't unnecessarily created on error,
and that only the required keys to sign are used.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-01-14 10:51:24 -08:00
David Lawrence a60f228189 fixing use of require vs assert 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-01-13 15:59:33 -08:00
Diogo Mónica 26d3f3f92b Merge pull request #413 from endophage/fix_root_download 
fixing bootstrapClient to prefer cached root
 2016-01-13 15:48:39 -08:00