Macaroons are authorization credentials for distributed systems. This proposal won't try to explain what macaroons are, there are very good resources online, so it will focus on how to used them to implement and authorization system for Docker's remote API.
The first command to run is docker id --init. This will create the root macaroon in the server and it will be shared with the client.
$ docker id --init --secret "Super secret token"
| execve("bin/ggrpc", ["bin/ggrpc"], [/* 24 vars */]) = 0 | |
| uname({sys="Linux", node="b50b7ae42849", ...}) = 0 | |
| brk(0) = 0x1f29000 | |
| brk(0x1f2a1c0) = 0x1f2a1c0 | |
| arch_prctl(ARCH_SET_FS, 0x1f29880) = 0 | |
| set_tid_address(0x1f29b50) = 1299 | |
| set_robust_list(0x1f29b60, 24) = 0 | |
| futex(0x7fffd5ac76e0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 1f29880) = -1 EAGAIN (Resource temporarily unavailable) | |
| rt_sigaction(SIGRTMIN, {0x83a540, [], SA_RESTORER|SA_SIGINFO, 0x8399a0}, NULL, 8) = 0 | |
| rt_sigaction(SIGRT_1, {0x83a5d0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x8399a0}, NULL, 8) = 0 |
| diff --git i/remote.go w/remote.go | |
| index 74ebe27..d7e10c7 100644 | |
| --- i/remote.go | |
| +++ w/remote.go | |
| @@ -5,6 +5,7 @@ package git | |
| #include <git2/errors.h> | |
| extern void _go_git_setup_callbacks(git_remote_callbacks *callbacks); | |
| +extern int _go_git_remote_ls(git_remote *remote, const git_remote_head **refs); | |
| calavera@dcp ~/src/libssh2 (userauth_memory●)$ ./configure --enable-debug | |
| checking whether to enable maintainer-specific portions of Makefiles... no | |
| checking for sed... /usr/bin/sed | |
| checking for a BSD-compatible install... /usr/bin/install -c | |
| checking whether build environment is sane... yes | |
| checking for a thread-safe mkdir -p... ./install-sh -c -d | |
| checking for gawk... no | |
| checking for mawk... no | |
| checking for nawk... no | |
| checking for awk... awk |
| #! /bin/sh | |
| # Enable FileVault | |
| if [[ `fdesetup status` != "FileVault is On." ]]; then | |
| sudo fdesetup enable | |
| fi | |
| xcode-select --install | |
| echo "###############################################################" |
I hereby claim:
To claim this, I am signing this object:
| # -*- coding: utf-8 -*- | |
| require 'fileutils' | |
| FileUtils.mkdir('images') unless File.directory?('images') | |
| Dir.glob("source/_posts/*.markdown").each do |post| | |
| content = File.read(post) | |
| images = content.scan(%r{(http://ieatcupcakes.com/wp-content/.+\.jpg|png|jpeg)}) | |
| images.flatten.each do |image| | |
| puts "Downloading #{image}" | |
| Dir.chdir('images') { `curl -O #{image}`} | |
| end |
| gem_package "minitest" do | |
| action :nothing | |
| end.run_action(:upgrade) | |
| gem_package "minitest-chef-handler" do | |
| action :nothing | |
| end.run_action(:upgrade) | |
| require 'rubygems' | |
| Gem.clear_paths |
| 1.9.3p0 :013 > foo = "bar" | |
| => "bar" | |
| 1.9.3p0 :014 > foo.is_a? String | |
| => true | |
| 1.9.3p0 :015 > foo < String | |
| ArgumentError: comparison of String with Class failed | |
| from (irb):15:in `<' | |
| from (irb):15 | |
| from /Users/david/.rvm/rubies/ruby-1.9.3-p0/bin/irb:16:in `<main>' | |
| 1.9.3p0 :016 > klass = Class.new |
| require './vms_init' | |
| Vagrant::Config.run do |config| | |
| @vms.each do |vm| | |
| config.vm.define vm.id do |definition| | |
| definition.vm.box = "lucid64" | |
| definition.vm.network :hostonly, vm.hostname | |
| definition.vm.provision :chef_solo do |chef| |