-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import key and cert #821
Import key and cert #821
Conversation
Signed-off-by: Evan Cordell <[email protected]>
Can one of the admins verify this patch? |
f039a08
to
6587a98
Compare
jenkins test this please |
@@ -246,6 +256,10 @@ func (t *tufCommander) tufInit(cmd *cobra.Command, args []string) error { | |||
return fmt.Errorf("Must specify a GUN") | |||
} | |||
|
|||
if t.rootCert != "" && t.rootKey == "" { | |||
return fmt.Errorf("--rootCert specified without --rootKey being specified") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should completely lowercase --rootcert
and --rootkey
to match the flags
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks -- will correct.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addresses notaryproject#731 Signed-off-by: David Wake <[email protected]>
6587a98
to
c2baf9e
Compare
Please sign your commits following these rules: $ git clone -b "import_key_and_cert" [email protected]:dnwake/notary.git somewhere
$ cd somewhere
$ git rebase -i HEAD~3
editor opens
change each 'pick' to 'edit'
save the file and quit
$ git commit --amend -s --no-edit
$ git rebase --continue # and repeat the amend for each commit
$ git push -f Ammending updates the existing PR. You DO NOT need to open a new one. |
1 similar comment
Please sign your commits following these rules: $ git clone -b "import_key_and_cert" [email protected]:dnwake/notary.git somewhere
$ cd somewhere
$ git rebase -i HEAD~3
editor opens
change each 'pick' to 'edit'
save the file and quit
$ git commit --amend -s --no-edit
$ git rebase --continue # and repeat the amend for each commit
$ git push -f Ammending updates the existing PR. You DO NOT need to open a new one. |
Signed-off-by: Diogo Monica <[email protected]>
@@ -1,68 +1,62 @@ | |||
-----BEGIN CERTIFICATE----- | |||
MIIFWzCCA0OgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBfMRowGAYDVQQDDBFOb3Rh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you try rebasing on to master? We bumped all of the fixture certificates a little while back in #842, so you probably won't need this change or the next commit ("Reissued all certs with correct SANs")
@dnwake just checking if you're going to get back to this. There have been a lot of changes so unless you're going to pick it up I'm going to close this and work can start anew in a different PR at some point. |
@endophage I intend to get back to it, but haven't had time so far. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Questions about the implementation
This addresses docker#731 by allowing the import of root certs in addition to root keys, using the command-line argument
--rootcert
. It builds on top of the pre-existing pull request at #801This allows us to ensure that we only ever pull values from Notary that have been pushed by trusted clients (who had access to a secret trust-pinning private key). (See worked example below).
Synopsis:
Behavior:
Notes:
Known issues:
Example of usage (combined with trust-pinning):