Be able to read keys even if they are not in the root/non-root subdirs#981
Conversation
CHANGELOG.md
Outdated
| + Preliminary Windows support for notary client [#970](https://github.com/docker/notary/pull/970) | ||
| + Output message to CLI when repo changes have been successfully published [#974](https://github.com/docker/notary/pull/974) | ||
| + Improved error messages for client authentication errors and for the witness command [#972](https://github.com/docker/notary/pull/972) | ||
| + Support for finding (but not writing) keys even if they are not in the "root_keys" or "tuf_keys" subdirectories [#981](https://github.com/docker/notary/pull/981) |
There was a problem hiding this comment.
Should probably be more specific because at the moment this reads like "we'll find keys anywhere!" It's that we'll also look one dir up in private/ right?
There was a problem hiding this comment.
Ah true, we only check in the private dir. Fixed, and I've also add that test.
Signed-off-by: Ying Li <ying.li@docker.com>
cyli
force-pushed
the
read-flattened-keystore
branch
from
4ba4a1a to
b6a1bca
Compare
riyazdf
left a comment
riyazdf
left a comment
There was a problem hiding this comment.
this is awesome, LGTM on green 👍
trustmanager/keystore_test.go
Outdated
| require.True(t, os.IsNotExist(err), "file should not exist") | ||
| } | ||
|
|
||
| // removing a non-existant key should not error |
There was a problem hiding this comment.
Thanks. :) I always misspell that - need to re-train my muscle memory for that word. Fixed!
Signed-off-by: Ying Li <ying.li@docker.com>
cyli
force-pushed
the
read-flattened-keystore
branch
from
b6a1bca to
128bf0c
Compare
|
Will this allow users to use client certificates when connecting to a remote Docker registry? What kind of keys are read from this location? |
|
@noderunner this change relates to signing keys used for Notary and Docker Content Trust, for more info about docker registry certificates you might be interested in this documentation: https://docs.docker.com/engine/security/certificates/ |
5 participants
This way a 0.4.1 client can read a repo that a client built from master (with the flattened keystore #872) converts