docs/timestamp at f8cd53cf2fd49b9eb3a2462fc0053d9c6912b44c - docs

History

Miloslav Trmač f23f2093e3 Create enough signatures as role's threshold requires Tell signed.Sign how many signatures are necessary to sign a role, and have it fail if it cannot create that many. For most uses this does not make much of a difference because the threshold tends to be 1 and signed.Sign was already failing if no key could be found or if no signature could be created; only >1-threshold roles now (correctly) fail in additional situations. But the knowledge of a role’s threshold will be useful in a future commit. Always use ErrInsufficientSignatures for this failure, whether this is when loading the keys or actually using them (also fixing ErrInsufficentSignature documentation to refer to signing and not verification). ErrNoKeys is no longer returned by signed.Sign. So, adjust the “snapshot key is not available” logic in NotaryRepository.Publish accordingly, which also makes it more precise (actually triggering only when no snapshot key is available). Now that role's threshold is enforced when signing, update TestValidateRootInvalidTimestampThreshold to create the second key necessary to correctly sign the timestamp role. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2016-04-13 11:48:36 -07:00
..
timestamp.go	Change GetOrCreateTimestamp to only create a new timestamp if the old is expired.	2016-03-23 13:24:52 -07:00
timestamp_test.go	Create enough signatures as role's threshold requires	2016-04-13 11:48:36 -07:00

Miloslav Trmač f23f2093e3 Create enough signatures as role's threshold requires

Tell signed.Sign how many signatures are necessary to sign a role, and
have it fail if it cannot create that many.

For most uses this does not make much of a difference because the
threshold tends to be 1 and signed.Sign was already failing if no key
could be found or if no signature could be created; only >1-threshold
roles now (correctly) fail in additional situations. But the knowledge
of a role’s threshold will be useful in a future commit.

Always use ErrInsufficientSignatures for this failure, whether this is
when loading the keys or actually using them (also fixing
ErrInsufficentSignature documentation to refer to signing and not
verification). ErrNoKeys is no longer returned by signed.Sign.

So, adjust the “snapshot key is not available” logic in
NotaryRepository.Publish accordingly, which also makes it more precise
(actually triggering only when no snapshot key is available).

Now that role's threshold is enforced when signing, update
TestValidateRootInvalidTimestampThreshold to create the second key
necessary to correctly sign the timestamp role.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

2016-04-13 11:48:36 -07:00

timestamp.go

Change GetOrCreateTimestamp to only create a new timestamp if the old is expired.

2016-03-23 13:24:52 -07:00

timestamp_test.go

Create enough signatures as role's threshold requires

2016-04-13 11:48:36 -07:00