Previously, if it wasn't a remote service, the config parser was
still setting the key algorithm to be whatever was configured.
Now, if we are using a local trust service, the algorithm is always
ED25519.
Also broke the trust parsing into its own function for testing.
Signed-off-by: Ying Li <ying.li@docker.com>
server and signer, and set these to be the default configuration
files when running the images.
Compose specifies the configuration with MySQL.
Signed-off-by: Ying Li <ying.li@docker.com>
The server already supported a memory backend, but now it must be
specified, rather than just being a fallback if no storage is
specified. This also adds a signer backend to signer, which
previously required a MySQL backend.
Thanks @endophage for the excellent suggestion!
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, if a relative path was provided, it was relative to the
current working directory to wherever the binaries were run. Now
it is relative to whatever config file was used.
Signed-off-by: Ying Li <ying.li@docker.com>
This changes the 'addr' parameter of notary-server's config to
'http_addr', so we can add a GRPC server to notary-server if
necessary. This also allows environment variables to override
the notary-server config file entries, as notary-signer already
does.
The bugsnag configuration has also been changed so that the
bugsnag parameters are under the "bugsnag" key.
Signed-off-by: Ying Li <ying.li@docker.com>
Also add bugsnag support to notary-signer.
This also changes the 'server.cert_file' and 'server.key_file'
parameters to 'server.tls_cert_file' and 'server.tls_key_file',
respectively, to match notary-server.
Previously, the default alias, which was under the environment
variable NOTARY_SERVER_DEFAULT_ALIAS is now also available in
the config file in storage.default_alias. The password has
not changed.
Finally, this removes some of the HSM references in notary-signer.
Signed-off-by: Ying Li <ying.li@docker.com>
Also support parameterized allowed backends when parsing for
storage backends, so that a DB backend can be tested.
Signed-off-by: Ying Li <ying.li@docker.com>
This is because the server handles the timestamp key and timestamp signing.
So there can only ever be 1 key. Thanks @mtrmac for pointing this out.
This change also refactors some of the test code somewhat.
Signed-off-by: Ying Li <ying.li@docker.com>
Previously it was "fatal: Unable to reach trust server at this time: 400."
and now it is "fatal: Trust server rejected operation."
Signed-off-by: Ying Li <ying.li@docker.com>
If the client sends a root.json with an invalid timestamp key ID,
possibly because they are pushing an existing repo to a new server,
then the server should reject the update.
Signed-off-by: Ying Li <ying.li@docker.com>
Since if they are generic test helpers that should be exported,
they should probably go into their own package. If they are used
during testing, they should end in _test.
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, because it's a CryptoService wrapper around a remote signer
service, it returned nil all the time. Now, because signing is done
via private key more than CryptoService, it has to return a PrivateKey.
The key doesn't have private bytes, but can be used for signing.
Signed-off-by: Ying Li <ying.li@docker.com>
This lists any matching keys, and requires the user to pick which one
to choose, if there is more than 1 matching key. Also requires the
user to confirm before deleting.
Signed-off-by: Ying Li <ying.li@docker.com>
Log whether a pkcs11 library was found and if it was loadable.
This unfortunately prints out every time any operation is done on the Yubikey, producing a lot of log output, but perhaps that is better because an operation might fail at any given time.
Output if no Yubikey:
DEBU[0000] Failed to initialize PKCS11 environment: loaded library /usr/local/lib/libykcs11.dylib, but no HSM slots found
If there is a Yubikey:
DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session
