centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-12 06:19:22 +07:00
Code Issues Packages Projects Releases Wiki Activity
1,772 Commits 57 Branches 28 Tags
309096e2fa67ee7d21836e7753044710b059fed0
Commit Graph

420 Commits

Author SHA1 Message Date
David Lawrence
92c17b754c make notary-signer tests work and add test for signer bootstrap 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-14 19:38:04 -07:00
David Lawrence
33f5255c8d need a passthrough bootstrap on TufMetaStore 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-14 19:38:03 -07:00
Riyaz Faizullabhoy
67d1847cb3 Remove authkey usage 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-14 19:38:03 -07:00
Riyaz Faizullabhoy
d86227642a Add bootstrapper for signer 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-14 19:38:03 -07:00
Riyaz Faizullabhoy
d95891e54f Caching logic for TufMetaStorage 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-14 19:38:02 -07:00
David Lawrence
b196a803e2 updating use of indices and queries 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-14 19:38:02 -07:00
Riyaz Faizullabhoy
30f356f940 Use consistent meta storage for server binary 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-14 19:38:02 -07:00
Riyaz Faizullabhoy
f8a67f8af0 Add rethink init for signer config 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-14 19:38:02 -07:00
David Lawrence
b8c62731a6 adding bootstrapping and config update for notary server 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-14 19:38:02 -07:00
David Lawrence
045721250f rethink server implementation 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2016-04-14 19:38:02 -07:00
Ying Li
cea46f7c3e Change root cert rotation to be root key rotation instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 22:12:53 -07:00
Ying Li
54d1cb1855 Revert "Implement new (notary cert rotate) command." 
This reverts commit 684c17867740e77460f2940d3d76023f7a9647ed, and extra cert rotate test changes

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-13 11:48:36 -07:00
Miloslav Trmač
5a14044574 Implement new (notary cert rotate) command. 
This is a trivial wrapper around the NotaryRepository functionality. The
UI is simplest possible, a single (notary cert rotate) rotates all
certificates.

This handles the common case (only a single certificate)
perfectly

If there were multiple certificates, rotating all of them
regardless of age does not really hurt; we can easily extend this to
give the user more control (having the user specify a cert ID, for
example) later if necessary.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2016-04-13 11:48:36 -07:00
Ying Li
cf4e726514 "make lint" wasn't actually linting every file in the repo. golint ./... 
ignores buildtags, for instance, and somehow didn't pick up some code in
the signer.

This calls golint on every go file in the repo and also fixes some linting
issues, which involves renaming two yubikey functions to avoid stuttering.

Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-12 22:28:32 -07:00
Ying Li
bc4e8a0f9e Change the HTTP server returned by signer config to be a pointer 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-11 14:31:41 -07:00
Ying Li
77b33cf10f Add the buildtags to go list ./... in the Makefile, signer should not be pkcs11 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-04-11 13:25:23 -07:00
HuKeping
31851edf81 Kind of cleanup 
Move the configuration parsing for notary-server to its own file.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-04-08 09:28:02 +08:00
Riyaz Faizullabhoy
cb6bf2e1a2 Update assert to require for cmd 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-04-04 12:05:04 -07:00
David Lawrence
2e70ce0b3b Merge pull request #641 from docker/one-key-per-line 
Print one key and/or path per line when listing delegations
 2016-03-22 14:48:29 -07:00
Riyaz Faizullabhoy
d1dbc3dbd4 Add delegation passphrase env var 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-22 10:09:38 -07:00
Riyaz Faizullabhoy
731710f628 Print one key and/or path per line when listing delegations 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 16:54:07 -07:00
Riyaz Faizullabhoy
c54183bc27 Add error case to keyInfo generation, test yubikey backup, fix rebase conflicts 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:35:34 -07:00
Riyaz Faizullabhoy
e1613cdcb2 Address review comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy
8336bba114 Change passwd to add back to the same keystore type, special handling 
for yubi

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy
be66056edb change API to specify keyID instead of name 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy
5984b88f14 configure backing up logic for yubikey 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy
1ed9c352d7 change ks.AddKey to be consistent with CryptoService 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:06 -07:00
Riyaz Faizullabhoy
9ecd899e25 Removing key import and gun from cryptoservice 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy
7bd550a39a import refactor 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:40 -07:00
Riyaz Faizullabhoy
2a37590ea6 update interface and comments 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy
c41cee3e5d simplify export logic with new keymap 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy
23eb203a63 add key info api, use for passwd 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:03:14 -07:00
Riyaz Faizullabhoy
351b247aec add tests for initial keystore state, and after removing and adding 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-03-18 11:03:11 -07:00
Ying Li
f1d78f8d6e Add defaults for cache headers, and add tests to ensure that default configs can successfully be parsed 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-16 14:53:41 -07:00
Ying Li
44cccbb4db Make all key rotations publish immediately, not just remote key rotations 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:35:30 -07:00
Ying Li
fa5edc40af Publish only the key rotation changes after a remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
4e5e2f386a Clean up yubikeys between each cmd/notary/keys_test.go test 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
b6c4840231 Update comments, and publish in the CLI after remote key rotation 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
e3716f0be9 Change the CLI for rotate key to require a role type 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
07b9f504e4 Update the CLI and client to no longer reject remote timestamp rotations. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-15 18:17:27 -07:00
Ying Li
e25746dac3 Use a CacheControlHandler that wraps other handlers instead 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:19:13 -07:00
Ying Li
84f5ed28d2 Move the configuration parsing for notary-server to its own file 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
Ying Li
e1397f4b03 Use updated-at for last modification date for getting current metadata 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
Ying Li
329b47d253 Parse for cache control options in the server config file 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
Ying Li
8768c12901 Return the creation date for GetChecksum and GetCurrent from the server database store. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-14 17:18:18 -07:00
HuKeping
95ed108c12 [PATCH 5/8] Add sha512 check on CLI command 
Include:
- verify

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-03-11 10:44:49 +08:00
Ying Li
c720c56a70 Move all imports of sqlite3 to tests only 
Signed-off-by: Ying Li <ying.li@docker.com>
 2016-03-01 14:56:53 -05:00
HuKeping
08c0da745f Drop the actions 
All the other code would not have to know about the exact auth mechanism.

Use "readOnly", we can just include "pull" when readonly is true,
and "push", "pull" when readonly is false.

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-27 10:26:23 +08:00
HuKeping
af5ee13d8a Bugfix: the actions should not always be pull and push 
The similiar fix in docker daemon:
- https://github.com/docker/docker/pull/20382

Signed-off-by: Hu Keping <hukeping@huawei.com>
 2016-02-26 10:25:50 +08:00
Riyaz Faizullabhoy
596a362a36 print IDs instead of key itself 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
 2016-02-24 11:18:33 -08:00