vbatts/registry
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #1420 from dmcgowan/configurable-trust-key

Browse source 
Add option to disable signatures
This commit is contained in:
Aaron Lehmann 2016-02-10 16:15:59 -08:00
commit 2177a6a1bf
4 changed files with 115 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

22
docs/handlers/app.go
View file

@ -155,11 +155,18 @@ func NewApp(ctx context.Context, config *configuration.Configuration) *App {
app.configureRedis(config)
app.configureLogHook(config)
// Generate an ephemeral key to be used for signing converted manifests
// for clients that don't support schema2.
app.trustKey, err = libtrust.GenerateECP256PrivateKey()
if err != nil {
panic(err)
if config.Compatibility.Schema1.TrustKey != "" {
app.trustKey, err = libtrust.LoadKeyFile(config.Compatibility.Schema1.TrustKey)
if err != nil {
panic(fmt.Sprintf(`could not load schema1 "signingkey" parameter: %v`, err))
}
} else {
// Generate an ephemeral key to be used for signing converted manifests
// for clients that don't support schema2.
app.trustKey, err = libtrust.GenerateECP256PrivateKey()
if err != nil {
panic(err)
}
}
if config.HTTP.Host != "" {
@ -176,6 +183,11 @@ func NewApp(ctx context.Context, config *configuration.Configuration) *App {
options = append(options, storage.DisableDigestResumption)
}
if config.Compatibility.Schema1.DisableSignatureStore {
options = append(options, storage.DisableSchema1Signatures)
options = append(options, storage.Schema1SigningKey(app.trustKey))
}
// configure deletion
if d, ok := config.Storage["delete"]; ok {
e, ok := d["enabled"]