docker-docs

mirror of https://github.com/docker/docs.git synced 2026-04-12 14:25:46 +07:00

Author	SHA1	Message	Date
David Lawrence	91e8b9bcdb	backup to a KeyFileStore and take out key remove Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:32 -08:00
David Lawrence	f9cf7bcca5	remove needs to list keys to find guns Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	51a99a4127	generate should instantiate a yubikeystore Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	e8d2240c79	write private key to a backup dir when creating keys on yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	b7c38f0287	fixing tests Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	da18f54699	import-root, list, and remove working with yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	be4c0669c1	move import/export to cryptoservice and add import to yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
Jessica Frazelle	5f21ebd185	Add pkcs11 build tags Add build tags and a check in Makefile to be sure you do not import pkcs11 lib somewhere where it should not be. This will ensure docker import and integration will continue to work. Signed-off-by: Jessica Frazelle <acidburn@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)	2015-11-12 01:07:00 -08:00
David Lawrence	07f0065152	ask for pin when signing Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:06:38 -08:00
Diogo Monica	21138e6bad	Working version of Notary and Yubikey Signed-off-by: Diogo Monica <diogo@docker.com> Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> WIP Signed-off-by: Diogo Monica <diogo@docker.com> working yubikey integration Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage) Fixing small colon bug Signed-off-by: Diogo Monica <diogo@docker.com> Added things. Ship it. Signed-off-by: Diogo Monica <diogo@docker.com> Bringing ecdsahwcryptosigner to 2015 Signed-off-by: Diogo Monica <diogo@docker.com> Working version of notary and yubikey Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:06:09 -08:00
Diogo Mónica	fd0775e1dc	Merge pull request #257 from mtrmac/fix-export-root Fix (notary key export-root)	2015-11-01 10:31:29 +00:00
Miloslav Trmač	62dc66e936	Remove key ID from (notary key import-root) PR #242 has started requiring a passphrase for the imported key, and recomputes the key ID, making the command-line argument redundant. So, remove it from the command line and from the KeyStoreManager API. Also updates the comment for KeyStoreManager.ImportRootKey, and changes (notary key import-root) to refuse unexpected arguments instead of silently ignoring them. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-10-30 20:40:03 +01:00
Miloslav Trmač	93c28ccb1b	Fix (notary key export-root) -c was recently taken over by --configFile; using it for --change-passphrase as well results in panic: shorthand redefinition So, move --change-passphrase to -p. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-10-30 20:39:20 +01:00
Ying Li	b9a4175ea9	Update the client NotaryRepository to initialize with a root key ID Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-29 15:11:15 -07:00
Ying Li	aa5b621968	Fix import error after rebase Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:44:33 -07:00
Ying Li	adda5776cb	Use ListenAndServeTLS with blank args, since ListenAndServe doesn't actually set up TLS Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:42:36 -07:00
Ying Li	126691ac9e	Update the notary server and signer configs to make use of client authentication. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:42:33 -07:00
Ying Li	34aecae033	Split out parsing the client TLS in notary-server. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:40:41 -07:00
Ying Li	04a78e720f	Factor out and test TLS configuration in notary-server. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:39:52 -07:00
Ying Li	bbf941d198	Allow client CAs to be provided to notary-signer. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 15:39:52 -07:00
David Lawrence	daa36b43b7	Merge pull request #242 from docker/unify-root-nonroot-keystore Unify root nonroot keystore	2015-10-28 13:14:19 -07:00
Ying Li	6150c931dd	Make a keysMap rather than just declaring Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-28 12:47:42 -07:00
David Lawrence	fa70a79ed7	go fmt was complaining about import order after my sed replacement Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-27 17:22:08 -07:00
David Lawrence	2833a88292	adding gotuf to notary Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-27 16:36:06 -07:00
Ying Li	566bd3ce67	Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting over the root keys directory from non-root keys directory from keystoremanager to keystore, since we're eliminating keystoremanager. Maintain the two separate directories, though, because one can't tell whether there is an old-style separate-directories structure, or if someone has a GUN that starts with tuf_keys. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-27 12:33:46 -07:00
Ying Li	61f9f84254	Use configuration option structures to set up client TLS and server TLS. Test for if client cert is passed without a client key and vice versa. Fail in ConfigureClientTLS if only one of client cert/key is passed. Lint fixes. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-21 18:43:33 -07:00
Ying Li	412e0facc8	Explicitly check the skip tls verify boolean in notary client Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-21 10:38:48 -07:00
Ying Li	fc389b7bc3	Use tls client config utility in notary as well. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-19 17:31:18 -07:00
Ying Li	8d96cf0c1f	Use ConfigureServerTLS for notary-server and notary-signer Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-19 17:29:54 -07:00
Ying Li	a5e64ecf03	Do not use the viper singleton instance everywhere Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-19 11:50:04 -07:00
Ying Li	6db76a873e	Small cleanup as per review comments Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-16 14:48:05 -07:00
Ying Li	81380e0862	Even simpler - cancel the GRPC call using the context object passed to the GRPC clients - thanks @endophage! Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-16 09:46:08 -07:00
Ying Li	a49406de42	Log an error if the notary server cannot reach the signer or otherwise if the signer is in trouble, but do not fail the health check, since the server can operate for a while without the signer (the server will have degraded performance, but is not down) Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-15 10:48:10 -07:00
Ying Li	bca919c65f	Making an RPC call would hang forever if the connection to the GRPC server dies (it just retries to connect, and the RPC call would just block until it does), so change up how this works by timing out the health check. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-14 18:03:19 -07:00
Ying Li	cd5015592a	Fix the key names for the server health checks Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-14 14:52:31 -07:00
Ying Li	60271f3014	Enable the signer RPC health check calls to return the last checked health status from the health package. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-14 14:49:39 -07:00
Ying Li	30330f43e2	Register trust health checks and DB health check with the notary server. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-14 13:23:38 -07:00
Ying Li	6b98278282	Merge pull request #215 from cyli/server-uses-gorm Use gorm for storing notary-server information	2015-10-14 13:09:37 -07:00
Diogo Monica	b18e890e1c	Changing the default config to point to notary-server Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 18:21:39 -07:00
Diogo Monica	70fe89f69c	Adding check for relative VS full path Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 18:15:38 -07:00
Diogo Monica	8299e01b0a	Fixed comments, changed default config Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 17:14:23 -07:00
Diogo Monica	aeb96f27a2	Adding client-side root-ca server and config Signed-off-by: Diogo Monica <diogo@docker.com>	2015-10-12 17:13:39 -07:00
Ying Li	7fa991c3ff	Gormizes the server database and make it SQL-DB agnostic. Signed-off-by: Ying Li <ying.li@docker.com>	2015-10-12 16:45:41 -07:00
David Lawrence	98cde51f18	working basic key rotation for targets and snapshot key. Command is 'notary key rotate [GUN]' Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 20:35:06 -07:00
David Lawrence	ac54370fb0	cleanup after discussing with Diogo Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:40:36 -07:00
David Lawrence	009400650e	minor tweaks to key rotation Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:24:08 -07:00
David Lawrence	959d0267ac	command skeletons in place, changelist actions implemented Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:24:08 -07:00
David Lawrence	83f96997d3	changelist management of key rotation Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-10-09 19:23:47 -07:00
Ryan Cox	7bee606f43	Add support for 'notary status' command to show details about unpublished changes Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>	2015-10-08 22:07:36 -07:00
Diogo Mónica	53467fd417	Merge pull request #85 from docker/simple_test_script add a simple test script, eventually this can grow to be our CI script	2015-10-08 16:58:44 -07:00

1 2 3 4 5 ...

252 Commits