- fix a spelling mistake and rename the builder retroactive-checksum-check functions
- on client update bootstrapping, we should not validate the root on disk against any trust pinning configuration
Signed-off-by: Ying Li <ying.li@docker.com>
- can never set an invalid repo, so we can remove the failed builder state
- once a builder is "finished", it's swapped out with one that has no state and cannot be modified
- add builder tests for the negative path cases where builder should error
- fix bug with GenerateSnapshot where we didn't check for a targets to be loaded when generating for the first time
This also adds some negative path tests (cases in which the builder errors due to invalid input or things not being loaded)
Signed-off-by: Ying Li <ying.li@docker.com>
cached version numbers to check downloaded version numbers of cached data
validates against the old builder.
This also removes the `GetRepo` function of the builder and adds some data
accessors instead that are necessary to do a consistent download and check
versions, that way the downloader doesn't need to fish around in the repo
itself for data in order to figure out what to download.
Signed-off-by: Ying Li <ying.li@docker.com>
This means that the server cannot accept any roots not signed by an
x509 key whose GUN doesn't match the GUN being updated.
Signed-off-by: Ying Li <ying.li@docker.com>
Ying Li