Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Be able to read keys even if they are not in the root/non-root subdirs #981

Merged
merged 2 commits into from
Sep 29, 2016

Conversation

cyli
Copy link
Contributor

@cyli cyli commented Sep 28, 2016

This way a 0.4.1 client can read a repo that a client built from master (with the flattened keystore #872) converts

@@ -4,6 +4,7 @@
+ Preliminary Windows support for notary client [#970](https://github.com/docker/notary/pull/970)
+ Output message to CLI when repo changes have been successfully published [#974](https://github.com/docker/notary/pull/974)
+ Improved error messages for client authentication errors and for the witness command [#972](https://github.com/docker/notary/pull/972)
+ Support for finding (but not writing) keys even if they are not in the "root_keys" or "tuf_keys" subdirectories [#981](https://github.com/docker/notary/pull/981)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should probably be more specific because at the moment this reads like "we'll find keys anywhere!" It's that we'll also look one dir up in private/ right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah true, we only check in the private dir. Fixed, and I've also add that test.

Copy link
Contributor

@riyazdf riyazdf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is awesome, LGTM on green 👍

require.True(t, os.IsNotExist(err), "file should not exist")
}

// removing a non-existant key should not error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: non-existent

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. :) I always misspell that - need to re-train my muscle memory for that word. Fixed!

Signed-off-by: Ying Li <[email protected]>
@cyli cyli merged commit 8f0965c into notaryproject:hotfix/0.4.1 Sep 29, 2016
@cyli cyli deleted the read-flattened-keystore branch September 29, 2016 17:18
@noderunner
Copy link

Will this allow users to use client certificates when connecting to a remote Docker registry? What kind of keys are read from this location?

@riyazdf
Copy link
Contributor

riyazdf commented Jan 13, 2017

@noderunner this change relates to signing keys used for Notary and Docker Content Trust, for more info about docker registry certificates you might be interested in this documentation: https://docs.docker.com/engine/security/certificates/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants