We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
moby
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Remove client key.json generation for trust

This removes the key generation for trust from main while it is not
being consumed.  The problem is that because this is being set in main
if a user runs as root initially the files will be owned by root.  Later
if the user sets up the docker group they are unable to read the keys.
This is half a user error and documentation problem and the other half
is management.

We decided to remove this code for now while it is not being used and
will revisit it later when the consuming features are added.  A few
options are to generate lazily and provide a clear error message on an
EPERM so that the user knows what is wrong and can correct the
permissions.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Michael Crosby 10 anni fa
parent
23be0486f6
commit
712e8da885
2 ha cambiato i file con 2 aggiunte e 19 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 0 1
      docker/daemon.go
  2. 2 18
      docker/docker.go

+ 0 - 1
docker/daemon.go
Vedi File 

@@ -79,7 +79,6 @@ func mainDaemon() {
 
 	job.Setenv("TlsCa", *flCa)
 
 	job.Setenv("TlsCa", *flCa)
 
 	job.Setenv("TlsCert", *flCert)
 
 	job.Setenv("TlsCert", *flCert)
 
 	job.Setenv("TlsKey", *flKey)
 
 	job.Setenv("TlsKey", *flKey)
 
-	job.Setenv("TrustKey", *flTrustKey)
 
 	job.SetenvBool("BufferRequests", true)
 
 	job.SetenvBool("BufferRequests", true)
 
 	if err := job.Run(); err != nil {
 
 	if err := job.Run(); err != nil {
 
 		log.Fatal(err)
 
 		log.Fatal(err)

+ 2 - 18
docker/docker.go
Vedi File 

@@ -7,7 +7,6 @@ import (
 
 	"io/ioutil"
 
 	"io/ioutil"
 
 	"log"
 
 	"log"
 
 	"os"
 
 	"os"
 
-	"path"
 
 	"strings"
 
 	"strings"
 
 
 
 	"github.com/docker/docker/api"
 
 	"github.com/docker/docker/api"
 
@@ -16,7 +15,6 @@ import (
 
 	flag "github.com/docker/docker/pkg/mflag"
 
 	flag "github.com/docker/docker/pkg/mflag"
 
 	"github.com/docker/docker/reexec"
 
 	"github.com/docker/docker/reexec"
 
 	"github.com/docker/docker/utils"
 
 	"github.com/docker/docker/utils"
 
-	"github.com/docker/libtrust"
 
 )
 
 )
 
 
 
 const (
 
 const (
 
@@ -64,20 +62,6 @@ func main() {
 
 	}
 
 	}
 
 	protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
 
 	protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
 
 
 
-	err := os.MkdirAll(path.Dir(*flTrustKey), 0700)
 
-	if err != nil {
 
-		log.Fatal(err)
 
-	}
 
-	trustKey, keyErr := libtrust.LoadKeyFile(*flTrustKey)
 
-	if keyErr == libtrust.ErrKeyFileDoesNotExist {
 
-		trustKey, keyErr = libtrust.GenerateECP256PrivateKey()
 
-		if keyErr == nil {
 
-			keyErr = libtrust.SaveKey(*flTrustKey, trustKey)
 
-		}
 
-	}
 
-	if keyErr != nil {
 
-		log.Fatal(keyErr)
 
-	}
 
 	var (
 
 	var (
 
 		cli       *client.DockerCli
 
 		cli       *client.DockerCli
 
 		tlsConfig tls.Config
 
 		tlsConfig tls.Config
 
@@ -112,9 +96,9 @@ func main() {
 
 	}
 
 	}
 
 
 
 	if *flTls || *flTlsVerify {
 
 	if *flTls || *flTlsVerify {
 
-		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
 
+		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
 
 	} else {
 
 	} else {
 
-		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], nil)
 
+		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], nil)
 
 	}
 
 	}
 
 
 
 	if err := cli.Cmd(flag.Args()...); err != nil {
 
 	if err := cli.Cmd(flag.Args()...); err != nil {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5