在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称:Notary开源软件地址:https://gitee.com/mirrors/Notary开源软件介绍:NoticeThe Notary project has officially been accepted in to the Cloud Native Computing Foundation (CNCF).It has moved to https://github.com/theupdateframework/notary. Any downstream consumers should updatetheir Go imports to use this new location, which will be the canonical location going forward. We have moved the repo in GitHub, which will allow existing importers to continue using the oldlocation via GitHub's redirect. OverviewThe Notary project comprises a server and a client for running and interactingwith trusted collections. See the service architecture documentationfor more information. Notary aims to make the internet more secure by making it easy for people topublish and verify content. We often rely on TLS to secure our communicationswith a web server, which is inherently flawed, as any compromise of the serverenables malicious content to be substituted for the legitimate content. With Notary, publishers can sign their content offline using keys kept highlysecure. Once the publisher is ready to make the content available, they canpush their signed trusted collection to a Notary Server. Consumers, having acquired the publisher's public key through a secure channel,can then communicate with any Notary server or (insecure) mirror, relyingonly on the publisher's key to determine the validity and integrity of thereceived content. GoalsNotary is based on The Update Framework, a secure general design for the problem of software distribution and updates. By using TUF, Notary achieves a number of key advantages:
SecurityAny security vulnerabilities can be reported to [email protected]. See Notary's service architecture docs for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations. Security AuditsNotary has had two public security audits:
Getting started with the Notary CLIGet the Notary Client CLI binary from the official releases page or you can build one yourself.The version of the Notary server and signer should be greater than or equal to Notary CLI's version to ensure feature compatibility (ex: CLI version 0.2, server/signer version >= 0.2), and all official releases are associated with GitHub tags. To use the Notary CLI with Docker hub images, have a look at Notary'sgetting started docs. For more advanced usage, see theadvanced usage docs. To use the CLI against a local Notary server rather than against Docker Hub:
You can run through the examples in thegetting started docs andadvanced usage docs, butwithout the You can also leave off the Upgrading dependenciesTo prevent mistakes in vendoring the go modules a buildscript has been added to properly vendor the modules using the correct version of Go to mitigate differences in CI and development environment. Following procedure should be executed to upgrade a dependency. Preferably keep dependency upgrades in a separate commit from your code changes. go get -u github.com/spf13/viperbuildscripts/circle-validate-vendor.shgit add .git commit -m "Upgraded github.com/spf13/viper" The Building NotaryNote that Notary's latest stable release is at the head of thereleases branch. The master branch is the developmentbranch and contains features for the next release. Prerequisites:
Set $ export GO111MODULE=on$ go get github.com/theupdateframework/notary# build with pkcs11 support by default to support yubikey$ go install -tags pkcs11 github.com/theupdateframework/notary/cmd/notary$ notary To build the server and signer, run License |
请发表评论