940 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Ying Li	ff75aefc84	Merge pull request #303 from SvenDowideit/docs-validation-changes ... Docs fixes for docs validation	2015-11-19 21:27:01 -08:00
Sven Dowideit	844daf465c	Docs fixes for docs validation ... Signed-off-by: Sven Dowideit <SvenDowideit@home.org.au>	2015-11-20 13:35:38 +10:00
Ying Li	e63af87b25	Merge pull request #290 from docker/vet-filenames ... Make vet target now also checks for filenames with _test_ in the middle.	2015-11-19 09:16:48 -08:00
Diogo Mónica	378888f6d7	Merge pull request #295 from docker/no-stderr-for-cmds ... Set the default output for all cobra commands to be STDOUT	2015-11-15 13:12:36 +01:00
Diogo Mónica	4f347a1303	Merge pull request #296 from endophage/pretty_print_targets ... headers were still printing when no targets were found	2015-11-15 13:12:29 +01:00
David Lawrence	d0b3bd2860	headers were still printing when no targets were found ... Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-15 02:48:33 -08:00
Ying Li	238ee32c78	Set the default output for all cobra commands to be STDOUT ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-15 02:46:29 -08:00
Ying Li	a05fee7469	Make vet target now also checks for filenames with _test_ in the middle. ... Since if they are generic test helpers that should be exported, they should probably go into their own package. If they are used during testing, they should end in _test. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-15 02:42:14 -08:00
Diogo Mónica	ebc41c8154	Merge pull request #292 from docker/fix-signer-sign ... The NotarySigner cryptoservice now implements GetPrivateKey.	2015-11-15 11:33:32 +01:00
Diogo Mónica	04941d90a0	Merge pull request #289 from endophage/pretty_print_targets ... pretty printing targets	2015-11-15 11:32:02 +01:00
Diogo Mónica	e638f0a4d6	Merge pull request #285 from docker/delete-key-is-back ... Add an interactive command to delete a key from any keystore.	2015-11-15 11:31:41 +01:00
Ying Li	204a4f1534	The NotarySigner cryptoservice now implements GetPrivateKey. ... Previously, because it's a CryptoService wrapper around a remote signer service, it returned nil all the time. Now, because signing is done via private key more than CryptoService, it has to return a PrivateKey. The key doesn't have private bytes, but can be used for signing. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-15 01:45:21 -08:00
Ying Li	0d7df87805	Add an interactive command to delete a key from any keystore. ... This lists any matching keys, and requires the user to pick which one to choose, if there is more than 1 matching key. Also requires the user to confirm before deleting. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-14 14:17:08 -08:00
David Lawrence	0088d16bba	pretty printing targets ... Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-14 10:21:08 -08:00
Diogo Mónica	53626b6fe6	Merge pull request #284 from docker/key-command-renaming ... Rename command line options from export/import key to backup/restore.	2015-11-14 13:49:53 +01:00
Diogo Monica	2c451909db	Fixing wrongly named file that led to test init deleting keys	2015-11-14 12:51:31 +01:00
Ying Li	cb6fd71848	Rename command line options from export/import key to backup/restore. ... import-root/export-root have been renamed to import/export. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-14 02:33:36 -08:00
Diogo Mónica	daa844079f	Merge pull request #279 from docker/pretty-print ... Pretty print output of `notary key list`.	2015-11-14 10:55:33 +01:00
Ying Li	517763a26d	Merge pull request #280 from docker/remove-get-root ... Remove KeyStoreManager's dependency on a KeyStore.	2015-11-13 15:51:42 -08:00
Ying Li	68962ce0f7	Merge pull request #281 from docker/better-pkcs11-logging ... Log whether a pkcs11 library was found and if it was loadable. This unfortunately prints out every time any operation is done on the Yubikey, producing a lot of log output, but perhaps that is better because an operation might fail at any given time. Output if no Yubikey: DEBU[0000] Failed to initialize PKCS11 environment: loaded library /usr/local/lib/libykcs11.dylib, but no HSM slots found If there is a Yubikey: DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session	2015-11-13 15:51:11 -08:00
Ying Li	142da6ccd3	Merge pull request #282 from docker/report-http-error ... Fixes client to report problems contacting the remote server.	2015-11-13 15:49:48 -08:00
Ying Li	eb9de9f0e8	Print out a different message for list keys if no keys are found. ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 15:44:56 -08:00
Ying Li	edf0520c9b	Remove KeyStoreManager's dependency on a KeyStore. ... The root generation code is handled by CryptoService now. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 15:00:45 -08:00
Diogo Mónica	f0ca498474	Merge pull request #278 from docker/bail-if-no-cert ... More defensive coding around listing our keys in the yubikey.	2015-11-13 08:01:06 -08:00
Ying Li	8432f9db07	Fixes client to report problems contacting the remote server. ... Currently, when listing, publishing, or getting a particular target, if the remote server errors, the client attempts to load it from a local cache. However, if there is no local cache, it just returns Metadata Not Found for listing and getting. Have it report the remote the original remote error instead of Metadata Not Found locally. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 05:26:00 -08:00
Ying Li	54e375c62e	Add tests to ensure that the TUF httpstore returns the right error on 5XX. ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 05:24:51 -08:00
Ying Li	f9bd60701f	Log whether a pkcs11 library was found and if it was loadable. ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 02:53:39 -08:00
Ying Li	51cb6e7296	Add github.com/olekukonko/tablewriter dependency to Godeps. ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 01:41:01 -08:00
Ying Li	39c682327e	Pretty-print the key list in a deterministic sorted order. ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 01:41:00 -08:00
Ying Li	587906e6c6	More defensive coding around listing our keys in the yubikey. ... Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 00:08:53 -08:00
David Lawrence	45de2828b5	Merge pull request #271 from docker/adding-pkcs11-signed ... Adding pkcs11 signed	2015-11-12 01:40:38 -08:00
Diogo Monica	d2f69fe5bc	Adding another path to search for ykcs libs ... Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:22:40 -08:00
Diogo Mónica	42cc828865	Merge pull request #56 from docker/last-stuff ... Some more tests, one minor change Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:14:05 -08:00
Ying Li	5d0893ef2a	Oops, it'd be helpful if we actually ran the new CryptoService tests. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:14:01 -08:00
Ying Li	87231d9a5d	Fix new bug where adding a duplicate key to a yubikey added to the backup. ... Added a test for this case as well - thanks @endophage! Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:58 -08:00
Ying Li	43f2d40e43	Make our CI pick up trustmanager/yubikey again ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:55 -08:00
Ying Li	efff721955	Add tests for multi-keystore crypto services. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:49 -08:00
Ying Li	6cf0643d7d	Roll back an add key to the yubikey if we can't back it up. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:46 -08:00
Ying Li	96bfaac05f	Add tests for verifying signatures before returning a signature. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:43 -08:00
Diogo Mónica	a51f380418	Merge pull request #51 from docker/more-yubikey-tests ... more yubikey tests Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:40 -08:00
Ying Li	4b7fefd5ef	Do not clean up a session if there is no session. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:35 -08:00
Ying Li	cee92fa363	Undo some changes from a bad stash pop that were unintentional. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:32 -08:00
Ying Li	38a5b5a342	Add FindObjectsFinalize to getNextEmptySlot. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:29 -08:00
Ying Li	10057562d8	Add fixes for Sign (do not continue if SignInit fails). ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:25 -08:00
Ying Li	73a26d59ac	Inject errors into pkcs11 in order to test that the yubikey code cleans up. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:22 -08:00
Ying Li	09c0f9d05b	Replace the pkcs11 library with interfaces for easier testing. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:17 -08:00
Ying Li	7108450a21	Add more unit tests for the YubiKeyStore. ... Including how it interacts with the backup key store, and with more assertions against a new YubiKeyStore so that we won't get false positives or negatives from the cache. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:14 -08:00
Diogo Mónica	f6ecd1c1ca	Merge pull request #53 from docker/non-pkcs-in-ci ... Start running without the pkcs11 buildtag in CI, and generate coverage. Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:11 -08:00
Ying Li	cf85394b4c	Start running without the pkcs11 buildtag in CI, and generate coverage. ... Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:08 -08:00
Diogo Mónica	b894d98392	Merge pull request #54 from docker/verify_hw_sigs ... add verification to yubikey signatures. Attempt to generate sig up to… Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)	2015-11-12 01:13:05 -08:00