centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-04-12 22:36:10 +07:00
Code Issues Packages Projects Releases Wiki Activity
913 Commits 57 Branches 28 Tags
cb6fd71848c7deaaa00a717cfd77f250b15225bd
Commit Graph

913 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ying Li
cb6fd71848 Rename command line options from export/import key to backup/restore. 
import-root/export-root have been renamed to import/export.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-14 02:33:36 -08:00
Diogo Mónica
f0ca498474 Merge pull request #278 from docker/bail-if-no-cert 
More defensive coding around listing our keys in the yubikey.
 2015-11-13 08:01:06 -08:00
Ying Li
587906e6c6 More defensive coding around listing our keys in the yubikey. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-13 00:08:53 -08:00
David Lawrence
45de2828b5 Merge pull request #271 from docker/adding-pkcs11-signed 
Adding pkcs11 signed
 2015-11-12 01:40:38 -08:00
Diogo Monica
d2f69fe5bc Adding another path to search for ykcs libs 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-11-12 01:22:40 -08:00
Diogo Mónica
42cc828865 Merge pull request #56 from docker/last-stuff 
Some more tests, one minor change

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:14:05 -08:00
Ying Li
5d0893ef2a Oops, it'd be helpful if we actually ran the new CryptoService tests. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:14:01 -08:00
Ying Li
87231d9a5d Fix new bug where adding a duplicate key to a yubikey added to the backup. 
Added a test for this case as well - thanks @endophage!

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:58 -08:00
Ying Li
43f2d40e43 Make our CI pick up trustmanager/yubikey again 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:55 -08:00
Ying Li
efff721955 Add tests for multi-keystore crypto services. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:49 -08:00
Ying Li
6cf0643d7d Roll back an add key to the yubikey if we can't back it up. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:46 -08:00
Ying Li
96bfaac05f Add tests for verifying signatures before returning a signature. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:43 -08:00
Diogo Mónica
a51f380418 Merge pull request #51 from docker/more-yubikey-tests 
more yubikey tests

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:13:40 -08:00
Ying Li
4b7fefd5ef Do not clean up a session if there is no session. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:35 -08:00
Ying Li
cee92fa363 Undo some changes from a bad stash pop that were unintentional. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:32 -08:00
Ying Li
38a5b5a342 Add FindObjectsFinalize to getNextEmptySlot. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:29 -08:00
Ying Li
10057562d8 Add fixes for Sign (do not continue if SignInit fails). 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:25 -08:00
Ying Li
73a26d59ac Inject errors into pkcs11 in order to test that the yubikey code cleans up. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:22 -08:00
Ying Li
09c0f9d05b Replace the pkcs11 library with interfaces for easier testing. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:17 -08:00
Ying Li
7108450a21 Add more unit tests for the YubiKeyStore. 
Including how it interacts with the backup key store, and with more
assertions against a new YubiKeyStore so that we won't get false
positives or negatives from the cache.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:14 -08:00
Diogo Mónica
f6ecd1c1ca Merge pull request #53 from docker/non-pkcs-in-ci 
Start running without the pkcs11 buildtag in CI, and generate coverage.

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:13:11 -08:00
Ying Li
cf85394b4c Start running without the pkcs11 buildtag in CI, and generate coverage. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:13:08 -08:00
Diogo Mónica
b894d98392 Merge pull request #54 from docker/verify_hw_sigs 
add verification to yubikey signatures. Attempt to generate sig up to…

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:13:05 -08:00
David Lawrence
9b8645c39f add verification to yubikey signatures. Attempt to generate sig up to 5 times, fail if all 5 are invalid 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:13:03 -08:00
Diogo Mónica
b830dda0f5 Merge pull request #55 from docker/no_export_hw 
set withHardware flag to false for export commands. We can never expo…

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:13:02 -08:00
David Lawrence
ca7e4c8d38 set withHardware flag to false for export commands. We can never export from hardware 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:13:00 -08:00
Ying Li
1d1e2483a1 Merge pull request #52 from docker/cleanup_privdir 
private subdir should be added by keyfilestore, rather than all over …

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)
 2015-11-12 01:12:58 -08:00
David Lawrence
8628b57a96 private subdir should be added by keyfilestore, rather than all over the place 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:57 -08:00
Diogo Mónica
b9d0f15745 Merge pull request #50 from docker/configurable-trust-dir-rebase 
Configurable trust dir rebase

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:12:54 -08:00
Diogo Monica
4c2fcda620 Addressing small nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:12:48 -08:00
Diogo Monica
0344dfc038 Making tests pass 
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
 2015-11-12 01:12:31 -08:00
Diogo Monica
5b7480f599 Adding default to notary key generate and configurable trust dir from 
config

Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:12:26 -08:00
David Lawrence
189118164d Merge pull request #49 from docker/key_locations 
Key locations

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
 2015-11-12 01:12:22 -08:00
David Lawrence
ee270b6a2b fixing integrations tests for new list keys layout 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:21 -08:00
David Lawrence
5c064e204b fixing lint/vet 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:21 -08:00
David Lawrence
a21287c0d1 taking out message when yubikey not found 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:20 -08:00
David Lawrence
6acc130e17 list shows where the key is stored 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:20 -08:00
David Lawrence
7f341a1e20 Merge pull request #48 from docker/config_touch_msg 
make touch to sign message configurable

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
 2015-11-12 01:12:18 -08:00
David Lawrence
8ffbf116cc only tell user to touch when mode is enabled 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:17 -08:00
David Lawrence
b0354762d1 make touch to sign message configurable 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:17 -08:00
David Lawrence
15154384cd Merge pull request #47 from docker/no_keys_error 
fixing error message and moving signing operations up a level

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
 2015-11-12 01:12:15 -08:00
David Lawrence
05c5615187 updating per Diogo's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:14 -08:00
David Lawrence
c08e732f9f fixing error message and moving signing operations up a level 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:14 -08:00
Diogo Mónica
a2ff9a771c Merge pull request #46 from docker/change-env-targets 
Changing env to be TARGETS

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:12:08 -08:00
Diogo Monica
f9f118d088 Changing env to be TARGETS 
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:12:04 -08:00
Diogo Mónica
3cd74fce6d Merge pull request #44 from docker/use_9a_last 
use the slots on the yubikey in the following order: 9c, 9e, 9d, 9a

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:11:58 -08:00
David Lawrence
e0c5bb7b83 comment about token location ordering 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:11:55 -08:00
David Lawrence
d2ca58bbf4 use the slots on the yubikey in the following order: 9c, 9e, 9d, 9a 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:11:55 -08:00
Diogo Mónica
5aaf4fa8a5 Merge pull request #41 from docker/pad-ecdsa-key-for-yubikey 
Pad the ECDSA key that gets put into the Yubikey so it has 32 bytes.

Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
 2015-11-12 01:11:52 -08:00
Ying Li
397adb4291 Pad the ECDSA key that gets put into the Yubikey so it has 32 bytes. 
Apparently that is required by the template, and will error if it
does not. Sometimes, ECDSA keys are generated which when encoded
seems to only have 31 bytes.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:11:49 -08:00