notary: github.com/docker/notary Index | Files | Directories

package notary

import "github.com/docker/notary"

Index

Package Files

const.go const_nowindows.go fips.go notary.go

Constants

const (
    // MaxDownloadSize is the maximum size we'll download for metadata if no limit is given
    MaxDownloadSize int64 = 100 << 20
    // MaxTimestampSize is the maximum size of timestamp metadata - 1MiB.
    MaxTimestampSize int64 = 1 << 20
    // MinRSABitSize is the minimum bit size for RSA keys allowed in notary
    MinRSABitSize = 2048
    // MinThreshold requires a minimum of one threshold for roles; currently we do not support a higher threshold
    MinThreshold = 1
    // SHA256HexSize is how big a SHA256 hex is in number of characters
    SHA256HexSize = 64
    // SHA512HexSize is how big a SHA512 hex is in number of characters
    SHA512HexSize = 128
    // SHA256 is the name of SHA256 hash algorithm
    SHA256 = "sha256"
    // SHA512 is the name of SHA512 hash algorithm
    SHA512 = "sha512"
    // TrustedCertsDir is the directory, under the notary repo base directory, where trusted certs are stored
    TrustedCertsDir = "trusted_certificates"
    // PrivDir is the directory, under the notary repo base directory, where private keys are stored
    PrivDir = "private"
    // RootKeysSubdir is the subdirectory under PrivDir where root private keys are stored
    // DEPRECATED: The only reason we need this constant is compatibility with older versions
    RootKeysSubdir = "root_keys"
    // NonRootKeysSubdir is the subdirectory under PrivDir where non-root private keys are stored
    // DEPRECATED: The only reason we need this constant is compatibility with older versions
    NonRootKeysSubdir = "tuf_keys"
    // KeyExtension is the file extension to use for private key files
    KeyExtension = "key"

    // Day is a duration of one day
    Day  = 24 * time.Hour
    Year = 365 * Day

    // NotaryRootExpiry is the duration representing the expiry time of the Root role
    NotaryRootExpiry      = 10 * Year
    NotaryTargetsExpiry   = 3 * Year
    NotarySnapshotExpiry  = 3 * Year
    NotaryTimestampExpiry = 14 * Day

    ConsistentMetadataCacheMaxAge = 30 * Day
    CurrentMetadataCacheMaxAge    = 5 * time.Minute
    // CacheMaxAgeLimit is the generally recommended maximum age for Cache-Control headers
    // (one year, in seconds, since one year is forever in terms of internet
    // content)
    CacheMaxAgeLimit = 1 * Year

    MySQLBackend     = "mysql"
    MemoryBackend    = "memory"
    PostgresBackend  = "postgres"
    SQLiteBackend    = "sqlite3"
    RethinkDBBackend = "rethinkdb"
    FileBackend      = "file"

    DefaultImportRole = "delegation"

    // HealthCheckKeyManagement and HealthCheckSigner are the grpc service name
    // for "KeyManagement" and "Signer" respectively which used for health check.
    // The "Overall" indicates the querying for overall status of the server.
    HealthCheckKeyManagement = "grpc.health.v1.Health.KeyManagement"
    HealthCheckSigner        = "grpc.health.v1.Health.Signer"
    HealthCheckOverall       = "grpc.health.v1.Health.Overall"

    // PrivExecPerms indicates the file permissions for directory
    // and PrivNoExecPerms for file.
    PrivExecPerms   = 0700
    PrivNoExecPerms = 0600

    // DefaultPageSize is the default number of records to return from the changefeed
    DefaultPageSize = 100
)

application wide constants

Variables

var NotarySupportedBackends = []string{
    MemoryBackend,
    MySQLBackend,
    SQLiteBackend,
    RethinkDBBackend,
    PostgresBackend,
}

NotarySupportedBackends contains the backends we would like to support at present

var NotarySupportedSignals = []os.Signal{
    syscall.SIGUSR1,
    syscall.SIGUSR2,
}

NotarySupportedSignals contains the signals we would like to capture: - SIGUSR1, indicates a increment of the log level. - SIGUSR2, indicates a decrement of the log level.

func FIPSEnabled Uses

func FIPSEnabled() bool

FIPSEnabled returns true if running in FIPS mode. If compiled in FIPS mode the md5 hash function is never available even when imported. This seems to be the best test we have for it.

type CtxKey Uses

type CtxKey int

CtxKey is a wrapper type for use in context.WithValue() to satisfy golint https://github.com/golang/go/issues/17293 https://github.com/golang/lint/pull/245

const (
    CtxKeyMetaStore CtxKey = iota
    CtxKeyKeyAlgo
    CtxKeyCryptoSvc
    CtxKeyRepo
)

enum to use for setting and retrieving values from contexts

type PassRetriever Uses

type PassRetriever func(keyName, alias string, createNew bool, attempts int) (passphrase string, giveup bool, err error)

PassRetriever is a callback function that should retrieve a passphrase for a given named key. If it should be treated as new passphrase (e.g. with confirmation), createNew will be true. Attempts is passed in so that implementers decide how many chances to give to a human, for example.

Directories

PathSynopsis
clientPackage client implements everything required for interacting with a Notary repository.
client/changelist
cryptoservice
passphrasePackage passphrase is a utility function for managing passphrase for TUF and Notary keys.
protoPackage proto is a generated protocol buffer package.
server
server/errors
server/handlers
server/snapshot
server/storage
server/timestamp
signer
signer/api
signer/client
signer/keydbstore
storage
storage/rethinkdb
trustmanager
trustmanager/remoteksPackage remoteks is a generated protocol buffer package.
trustmanager/yubikey
trustpinning
tufPackage tuf defines the core TUF logic around manipulating a repo.
tuf/data
tuf/signed
tuf/testutils
tuf/testutils/interfaces
tuf/testutils/keys
tuf/utilsPackage utils contains tuf related utility functions however this file is hard forked from https://github.com/youmark/pkcs8 package.
tuf/validation
utils
vendor/github.com/jinzhu/gorm
vendor/github.com/jinzhu/inflectionPackage inflection pluralizes and singularizes English nouns.
version

Package notary imports 5 packages (graph) and is imported by 116 packages. Updated 2019-11-18. Refresh now. Tools for package owners.