Be able to read keys even if they are not in the root/non-root subdirs #981
Conversation
| @@ -4,6 +4,7 @@ | |||
| + Preliminary Windows support for notary client [#970](https://github.com/docker/notary/pull/970) | |||
| + Output message to CLI when repo changes have been successfully published [#974](https://github.com/docker/notary/pull/974) | |||
| + Improved error messages for client authentication errors and for the witness command [#972](https://github.com/docker/notary/pull/972) | |||
| + Support for finding (but not writing) keys even if they are not in the "root_keys" or "tuf_keys" subdirectories [#981](https://github.com/docker/notary/pull/981) | |||
There was a problem hiding this comment.
Should probably be more specific because at the moment this reads like "we'll find keys anywhere!" It's that we'll also look one dir up in private/ right?
There was a problem hiding this comment.
Ah true, we only check in the private dir. Fixed, and I've also add that test.
Signed-off-by: Ying Li <ying.li@docker.com>
cyli
force-pushed
the
read-flattened-keystore
branch
from
4ba4a1a
to
b6a1bca
Compare
| require.True(t, os.IsNotExist(err), "file should not exist") | ||
| } | ||
|
|
||
| // removing a non-existant key should not error |
There was a problem hiding this comment.
Thanks. :) I always misspell that - need to re-train my muscle memory for that word. Fixed!
Signed-off-by: Ying Li <ying.li@docker.com>
cyli
force-pushed
the
read-flattened-keystore
branch
from
b6a1bca
to
128bf0c
Compare
|
Will this allow users to use client certificates when connecting to a remote Docker registry? What kind of keys are read from this location? |
|
@noderunner this change relates to signing keys used for Notary and Docker Content Trust, for more info about docker registry certificates you might be interested in this documentation: https://docs.docker.com/engine/security/certificates/ |
This way a 0.4.1 client can read a repo that a client built from master (with the flattened keystore #872) converts