moby--moby/api/common.go

package api

import (
	"encoding/json"
	"encoding/pem"
	"fmt"
	"os"
	"path/filepath"

	"github.com/docker/docker/pkg/ioutils"
	"github.com/docker/docker/pkg/system"
	"github.com/docker/libtrust"
)

// Common constants for daemon and client.
const (
	// DefaultVersion of Current REST API
	DefaultVersion string = "1.31"

	// NoBaseImageSpecifier is the symbol used by the FROM
	// command to specify that no base image is to be used.
	NoBaseImageSpecifier string = "scratch"
)

// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
// otherwise generates a new one
func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
	if err != nil {
		return nil, err
	}
	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
	if err == libtrust.ErrKeyFileDoesNotExist {
		trustKey, err = libtrust.GenerateECP256PrivateKey()
		if err != nil {
			return nil, fmt.Errorf("Error generating key: %s", err)
		}
		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
		if err != nil {
			return nil, fmt.Errorf("Error serializing key: %s", err)
		}
		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
			return nil, fmt.Errorf("Error saving key file: %s", err)
		}
	} else if err != nil {
		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
	}
	return trustKey, nil
}

func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
	if ext == ".json" || ext == ".jwk" {
		encoded, err = json.Marshal(key)
		if err != nil {
			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
		}
	} else {
		pemBlock, err := key.PEMBlock()
		if err != nil {
			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
		}
		encoded = pem.EncodeToMemory(pemBlock)
	}
	return
}
api/common.go: code shared by the server and client implementation of the Docker remote api. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-24 14:48:14 -05:00			`package api`

			`import (`
Atomically save libtrust key file The libtrust keyfile which is used to set the "ID" property of a daemon must be generated or loaded on every startup. If the process crashes during startup this could cause the file to be incomplete causing future startup errors. Ensure that the file is written atomically to ensure the file is never in an incomplete state. Fixes #23985 Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-06-27 18:54:39 -04:00			`"encoding/json"`
			`"encoding/pem"`
api/common.go: code shared by the server and client implementation of the Docker remote api. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-24 14:48:14 -05:00			`"fmt"`
Atomically save libtrust key file The libtrust keyfile which is used to set the "ID" property of a daemon must be generated or loaded on every startup. If the process crashes during startup this could cause the file to be incomplete causing future startup errors. Ensure that the file is written atomically to ensure the file is never in an incomplete state. Fixes #23985 Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-06-27 18:54:39 -04:00			`"os"`
Use filepath instead of path Currently loading the trust key uses path instead of filepath. This creates problems on some operating systems such as Windows. Fixes #10319 Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-01-23 17:44:30 -05:00			`"path/filepath"`
Fix port mapping in ps display for public and private Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael) 2014-05-12 18:26:23 -04:00
Atomically save libtrust key file The libtrust keyfile which is used to set the "ID" property of a daemon must be generated or loaded on every startup. If the process crashes during startup this could cause the file to be incomplete causing future startup errors. Ensure that the file is written atomically to ensure the file is never in an incomplete state. Fixes #23985 Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-06-27 18:54:39 -04:00			`"github.com/docker/docker/pkg/ioutils"`
Windows: mkdirall volume path aware Signed-off-by: jhowardmsft <jhoward@microsoft.com> 2015-04-23 18:55:36 -04:00			`"github.com/docker/docker/pkg/system"`
Be consistent about libtrust import path. Docker-DCO-1.1-Signed-off-by: Jessica Frazelle <jess@docker.com> (github: jfrazelle) 2014-12-03 20:36:14 -05:00			`"github.com/docker/libtrust"`
api/common.go: code shared by the server and client implementation of the Docker remote api. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-24 14:48:14 -05:00			`)`

Add comments to api/common constants, closes #11583 Signed-off-by: Avi Das <andas222@gmail.com> 2015-03-23 21:30:09 -04:00			`// Common constants for daemon and client.`
api/common.go: code shared by the server and client implementation of the Docker remote api. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-24 14:48:14 -05:00			`const (`
Generate api/types:Port from swagger spec. Signed-off-by: Daniel Nephin <dnephin@docker.com> 2016-10-03 14:49:49 -04:00			`// DefaultVersion of Current REST API`
Bump API version With the Moby/Docker split, no decisions have been made yet how, and when to bump the API version. Although these decisions should not be lead by Docker releases, I'm bumping the API version to not complicate things for now; after this bump we should make a plan how to handle this in future (for example, using SemVer for the REST api, and bump with every change). Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 2017-06-09 08:39:55 -04:00			`DefaultVersion string = "1.31"`
Error out if client API version is too old Signed-off-by: Antonio Murdaca <runcom@linux.com> 2015-06-17 17:57:32 -04:00
Use constant instead of "scratch" Move NoBaseImageSpecifier to a common spot and then use it instead of "scratch" in a couple of places. Signed-off-by: Doug Davis <dug@us.ibm.com> 2015-12-31 08:57:58 -05:00			`// NoBaseImageSpecifier is the symbol used by the FROM`
			`// command to specify that no base image is to be used.`
			`NoBaseImageSpecifier string = "scratch"`
api/common.go: code shared by the server and client implementation of the Docker remote api. Docker-DCO-1.1-Signed-off-by: Solomon Hykes <solomon@docker.com> (github: shykes) 2014-02-24 14:48:14 -05:00			`)`

add ID and Hostname in docker info Signed-off-by: Victor Vieux <vieux@docker.com> 2014-11-17 14:23:41 -05:00			`// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,`
			`// otherwise generates a new one`
			`func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {`
LCOW: Create layer folders with correct ACL Signed-off-by: John Howard <jhoward@microsoft.com> 2017-06-01 21:59:11 -04:00			`err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")`
Windows: mkdirall volume path aware Signed-off-by: jhowardmsft <jhoward@microsoft.com> 2015-04-23 18:55:36 -04:00			`if err != nil {`
add ID and Hostname in docker info Signed-off-by: Victor Vieux <vieux@docker.com> 2014-11-17 14:23:41 -05:00			`return nil, err`
			`}`
			`trustKey, err := libtrust.LoadKeyFile(trustKeyPath)`
			`if err == libtrust.ErrKeyFileDoesNotExist {`
			`trustKey, err = libtrust.GenerateECP256PrivateKey()`
			`if err != nil {`
			`return nil, fmt.Errorf("Error generating key: %s", err)`
			`}`
Atomically save libtrust key file The libtrust keyfile which is used to set the "ID" property of a daemon must be generated or loaded on every startup. If the process crashes during startup this could cause the file to be incomplete causing future startup errors. Ensure that the file is written atomically to ensure the file is never in an incomplete state. Fixes #23985 Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-06-27 18:54:39 -04:00			`encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))`
			`if err != nil {`
			`return nil, fmt.Errorf("Error serializing key: %s", err)`
			`}`
			`if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {`
add ID and Hostname in docker info Signed-off-by: Victor Vieux <vieux@docker.com> 2014-11-17 14:23:41 -05:00			`return nil, fmt.Errorf("Error saving key file: %s", err)`
			`}`
			`} else if err != nil {`
Add file path to errors loading the key file Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-01-26 15:58:45 -05:00			`return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)`
add ID and Hostname in docker info Signed-off-by: Victor Vieux <vieux@docker.com> 2014-11-17 14:23:41 -05:00			`}`
			`return trustKey, nil`
			`}`
Atomically save libtrust key file The libtrust keyfile which is used to set the "ID" property of a daemon must be generated or loaded on every startup. If the process crashes during startup this could cause the file to be incomplete causing future startup errors. Ensure that the file is written atomically to ensure the file is never in an incomplete state. Fixes #23985 Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2016-06-27 18:54:39 -04:00
			`func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {`
			`if ext == ".json" \|\| ext == ".jwk" {`
			`encoded, err = json.Marshal(key)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to encode private key JWK: %s", err)`
			`}`
			`} else {`
			`pemBlock, err := key.PEMBlock()`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to encode private key PEM: %s", err)`
			`}`
			`encoded = pem.EncodeToMemory(pemBlock)`
			`}`
			`return`
			`}`