-
Notifications
You must be signed in to change notification settings - Fork 512
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Be able to read keys even if they are not in the root/non-root subdirs #981
Be able to read keys even if they are not in the root/non-root subdirs #981
Conversation
@@ -4,6 +4,7 @@ | |||
+ Preliminary Windows support for notary client [#970](https://github.com/docker/notary/pull/970) | |||
+ Output message to CLI when repo changes have been successfully published [#974](https://github.com/docker/notary/pull/974) | |||
+ Improved error messages for client authentication errors and for the witness command [#972](https://github.com/docker/notary/pull/972) | |||
+ Support for finding (but not writing) keys even if they are not in the "root_keys" or "tuf_keys" subdirectories [#981](https://github.com/docker/notary/pull/981) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably be more specific because at the moment this reads like "we'll find keys anywhere!" It's that we'll also look one dir up in private/
right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah true, we only check in the private dir. Fixed, and I've also add that test.
Signed-off-by: Ying Li <ying.li@docker.com>
4ba4a1a
to
b6a1bca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is awesome, LGTM on green 👍
require.True(t, os.IsNotExist(err), "file should not exist") | ||
} | ||
|
||
// removing a non-existant key should not error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: non-existent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. :) I always misspell that - need to re-train my muscle memory for that word. Fixed!
Signed-off-by: Ying Li <ying.li@docker.com>
b6a1bca
to
128bf0c
Compare
Will this allow users to use client certificates when connecting to a remote Docker registry? What kind of keys are read from this location? |
@noderunner this change relates to signing keys used for Notary and Docker Content Trust, for more info about docker registry certificates you might be interested in this documentation: https://docs.docker.com/engine/security/certificates/ |
This way a 0.4.1 client can read a repo that a client built from master (with the flattened keystore #872) converts