Project

Profile

Help

Story #1156

closed

As a user, I can have an "signature" attribute stored for RPMs, SRPMs, and DRPMs

Added by jluza over 9 years ago. Updated over 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.10.0
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
Sprint 4
Quarter:

Description

Pulp currently doesn't support the signature attribute for rpm, srpm, or drpm packages. When an RPM, SRPM, or DRPM is either uploaded or imported via sync, the signature should be extracted from the file and stored.

Where to store the attribute?

The NonMetadataPackage model is the ancestor of RPM, SRPM, and DRPM so the attribute should be stored there.

Suggested change is here: https://github.com/release-engineering/pulp_rpm/commit/f31f90d864fb884710d3da07a1b9644e98f04a53

This will allow further package verification process based on the signature which is story #1991. https://pulp.plan.io/issues/1991
We don't need all signature information header, but just the signing key, so more appropriate name for the attribute would be 'signing_key'


Related issues

Blocks RPM Support - Story #1991: As a user, uploaded units which don't pass the signature check are not importedCLOSED - CURRENTRELEASEipanova@redhat.com

Actions

Also available in: Atom PDF