docker/docs - docs - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Diogo Monica	2c451909db	Fixing wrongly named file that led to test init deleting keys	2015-11-14 12:51:31 +01:00
Ying Li	cb6fd71848	Rename command line options from export/import key to backup/restore. import-root/export-root have been renamed to import/export. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-14 02:33:36 -08:00
Diogo Mónica	daa844079f	Merge pull request #279 from docker/pretty-print Pretty print output of `notary key list`.	2015-11-14 10:55:33 +01:00
Ying Li	517763a26d	Merge pull request #280 from docker/remove-get-root Remove KeyStoreManager's dependency on a KeyStore.	2015-11-13 15:51:42 -08:00
Ying Li	68962ce0f7	Merge pull request #281 from docker/better-pkcs11-logging Log whether a pkcs11 library was found and if it was loadable. This unfortunately prints out every time any operation is done on the Yubikey, producing a lot of log output, but perhaps that is better because an operation might fail at any given time. Output if no Yubikey: DEBU[0000] Failed to initialize PKCS11 environment: loaded library /usr/local/lib/libykcs11.dylib, but no HSM slots found If there is a Yubikey: DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session	2015-11-13 15:51:11 -08:00
Ying Li	142da6ccd3	Merge pull request #282 from docker/report-http-error Fixes client to report problems contacting the remote server.	2015-11-13 15:49:48 -08:00
Ying Li	eb9de9f0e8	Print out a different message for list keys if no keys are found. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 15:44:56 -08:00
Ying Li	edf0520c9b	Remove KeyStoreManager's dependency on a KeyStore. The root generation code is handled by CryptoService now. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 15:00:45 -08:00
Diogo Mónica	f0ca498474	Merge pull request #278 from docker/bail-if-no-cert More defensive coding around listing our keys in the yubikey.	2015-11-13 08:01:06 -08:00
Ying Li	8432f9db07	Fixes client to report problems contacting the remote server. Currently, when listing, publishing, or getting a particular target, if the remote server errors, the client attempts to load it from a local cache. However, if there is no local cache, it just returns Metadata Not Found for listing and getting. Have it report the remote the original remote error instead of Metadata Not Found locally. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 05:26:00 -08:00
Ying Li	54e375c62e	Add tests to ensure that the TUF httpstore returns the right error on 5XX. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 05:24:51 -08:00
Ying Li	f9bd60701f	Log whether a pkcs11 library was found and if it was loadable. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 02:53:39 -08:00
Ying Li	51cb6e7296	Add github.com/olekukonko/tablewriter dependency to Godeps. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 01:41:01 -08:00
Ying Li	39c682327e	Pretty-print the key list in a deterministic sorted order. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 01:41:00 -08:00
Ying Li	587906e6c6	More defensive coding around listing our keys in the yubikey. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 00:08:53 -08:00
David Lawrence	45de2828b5	Merge pull request #271 from docker/adding-pkcs11-signed Adding pkcs11 signed	2015-11-12 01:40:38 -08:00
Diogo Monica	d2f69fe5bc	Adding another path to search for ykcs libs Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:22:40 -08:00
Diogo Mónica	42cc828865	Merge pull request #56 from docker/last-stuff Some more tests, one minor change Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:14:05 -08:00
Ying Li	5d0893ef2a	Oops, it'd be helpful if we actually ran the new CryptoService tests. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:14:01 -08:00
Ying Li	87231d9a5d	Fix new bug where adding a duplicate key to a yubikey added to the backup. Added a test for this case as well - thanks @endophage! Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:58 -08:00
Ying Li	43f2d40e43	Make our CI pick up trustmanager/yubikey again Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:55 -08:00
Ying Li	efff721955	Add tests for multi-keystore crypto services. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:49 -08:00
Ying Li	6cf0643d7d	Roll back an add key to the yubikey if we can't back it up. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:46 -08:00
Ying Li	96bfaac05f	Add tests for verifying signatures before returning a signature. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:43 -08:00
Diogo Mónica	a51f380418	Merge pull request #51 from docker/more-yubikey-tests more yubikey tests Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:40 -08:00
Ying Li	4b7fefd5ef	Do not clean up a session if there is no session. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:35 -08:00
Ying Li	cee92fa363	Undo some changes from a bad stash pop that were unintentional. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:32 -08:00
Ying Li	38a5b5a342	Add FindObjectsFinalize to getNextEmptySlot. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:29 -08:00
Ying Li	10057562d8	Add fixes for Sign (do not continue if SignInit fails). Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:25 -08:00
Ying Li	73a26d59ac	Inject errors into pkcs11 in order to test that the yubikey code cleans up. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:22 -08:00
Ying Li	09c0f9d05b	Replace the pkcs11 library with interfaces for easier testing. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:17 -08:00
Ying Li	7108450a21	Add more unit tests for the YubiKeyStore. Including how it interacts with the backup key store, and with more assertions against a new YubiKeyStore so that we won't get false positives or negatives from the cache. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:14 -08:00
Diogo Mónica	f6ecd1c1ca	Merge pull request #53 from docker/non-pkcs-in-ci Start running without the pkcs11 buildtag in CI, and generate coverage. Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:11 -08:00
Ying Li	cf85394b4c	Start running without the pkcs11 buildtag in CI, and generate coverage. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:08 -08:00
Diogo Mónica	b894d98392	Merge pull request #54 from docker/verify_hw_sigs add verification to yubikey signatures. Attempt to generate sig up to… Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:05 -08:00
David Lawrence	9b8645c39f	add verification to yubikey signatures. Attempt to generate sig up to 5 times, fail if all 5 are invalid Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:13:03 -08:00
Diogo Mónica	b830dda0f5	Merge pull request #55 from docker/no_export_hw set withHardware flag to false for export commands. We can never expo… Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:02 -08:00
David Lawrence	ca7e4c8d38	set withHardware flag to false for export commands. We can never export from hardware Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:13:00 -08:00
Ying Li	1d1e2483a1	Merge pull request #52 from docker/cleanup_privdir private subdir should be added by keyfilestore, rather than all over … Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)	2015-11-12 01:12:58 -08:00
David Lawrence	8628b57a96	private subdir should be added by keyfilestore, rather than all over the place Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:57 -08:00
Diogo Mónica	b9d0f15745	Merge pull request #50 from docker/configurable-trust-dir-rebase Configurable trust dir rebase Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:12:54 -08:00
Diogo Monica	4c2fcda620	Addressing small nits Signed-off-by: Diogo Monica <diogo@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)	2015-11-12 01:12:48 -08:00
Diogo Monica	0344dfc038	Making tests pass Signed-off-by: Diogo Monica <diogo@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)	2015-11-12 01:12:31 -08:00
Diogo Monica	5b7480f599	Adding default to notary key generate and configurable trust dir from config Signed-off-by: Diogo Monica <diogo.monica@gmail.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:12:26 -08:00
David Lawrence	189118164d	Merge pull request #49 from docker/key_locations Key locations Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)	2015-11-12 01:12:22 -08:00
David Lawrence	ee270b6a2b	fixing integrations tests for new list keys layout Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:21 -08:00
David Lawrence	5c064e204b	fixing lint/vet Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:21 -08:00
David Lawrence	a21287c0d1	taking out message when yubikey not found Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:20 -08:00
David Lawrence	6acc130e17	list shows where the key is stored Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:20 -08:00
David Lawrence	7f341a1e20	Merge pull request #48 from docker/config_touch_msg make touch to sign message configurable Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)	2015-11-12 01:12:18 -08:00

1 2 3 4 5 ...

1025 Commits All Branches Search

1025 Commits

All Branches