Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add key generator container image #296

Merged
merged 3 commits into from
Oct 12, 2023
Merged

Add key generator container image #296

merged 3 commits into from
Oct 12, 2023

Conversation

v0lkan
Copy link
Contributor

@v0lkan v0lkan commented Oct 8, 2023

  • adds key generator container image
  • replace Volkan’s email with a generic maintainer’s email in the LABELs of the container images.

@v0lkan
Add key generator container image
010f2d4 
* adds key generator container image
* replace Volkan’s email with a generic maintainer’s email in the LABELs of the container images.

Signed-off-by: Volkan Özçelik <ovolkan@vmware.com>
@v0lkan v0lkan requested a review from farhan-pasha as a code owner October 8, 2023 18:44
v0lkan
v0lkan commented Oct 8, 2023
View reviewed changes
Makefile
@@ -17,6 +17,9 @@ DEPLOYMENT_NAME=vsecm
include ./makefiles/VSecMMacOs.mk
include ./makefiles/VSecMDeploy.mk

## Keygen
include ./makefiles/VSecMKeyGen.mk
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The entry point to build the "keygen" container image.

We’ll use the keygen to manually create the root key if the user does not want to use auto-generated VSecM keys.

v0lkan
v0lkan commented Oct 8, 2023
View reviewed changes
app/safe/internal/bootstrap/privates.go
}

data := make(map[string][]byte)
keysCombined := crypto.CombineKeys(privateKey, publicKey, aesSeed)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved some of the private methods into the crypto module for reuse.

v0lkan
v0lkan commented Oct 8, 2023
View reviewed changes
dockerfiles/example/init-container.Dockerfile
@@ -22,7 +22,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o example \
# generate clean, final image for end users
FROM gcr.io/distroless/static-debian11

LABEL "maintainers"="Volkan Özçelik <volkan@vsecm.com>"
LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding a catch-all email instead of my company email.

v0lkan
v0lkan commented Oct 8, 2023
View reviewed changes
dockerfiles/util/keygen.Dockerfile
RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-keygen ./app/keygen/cmd/main.go

# generate clean, final image for end users
FROM gcr.io/distroless/static-debian11
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is a utility module, we don’t need to create the usual, photon, fips, etc variants. — A distroless base is just fine.

farhan-pasha
farhan-pasha reviewed Oct 8, 2023
View reviewed changes
app/keygen/cmd/main.go Outdated
privateKey, publicKey, aesSeed, err := crypto.GenerateKeys()

if err != nil {
fmt.Println(err)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a minor (to make it consistent), other than this, everything looks good to me.

if err != nil {
    fmt.Println("Failed to generate keys:")
    fmt.Println(err.Error())
    return
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted… will update.

@v0lkan v0lkan self-assigned this Oct 12, 2023
@vmwclabot
Copy link

@v0lkan, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.

@v0lkan v0lkan merged commit 5e627a7 into main Oct 12, 2023
@v0lkan v0lkan deleted the ovolkan/create-master-key branch October 12, 2023 06:05
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@farhan-pasha farhan-pasha farhan-pasha left review comments

@st96d045 st96d045 Awaiting requested review from st96d045

@RamXX RamXX Awaiting requested review from RamXX

@abhishek44sharma abhishek44sharma Awaiting requested review from abhishek44sharma

@ats0stv ats0stv Awaiting requested review from ats0stv

Assignees

@v0lkan v0lkan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@v0lkan @vmwclabot @farhan-pasha