Project

Profile

Help

Story #3444

I can sign packages ONLY with gpg, and only with one key

Added by mihai.ibanescu@gmail.com about 1 year ago. Updated 5 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
% Done:

100%

Platform Release:
2.16.0
Blocks Release:
Backwards Incompatible:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

As a user, I need the ability to use a different signing command. In some environments a Hardware Security Module may be used for signing, and interaction with it requires a different command line.

Also, I need the ability to determine which signature key to use based on the repository name.

Note

This functionality has already been implemented in pulp_deb, and may be useful as a starting point for a central signing facility offered by pulpcore.

Associated revisions

Revision 09ba819c View on GitHub
Added by Mihai Ibanescu about 1 year ago

Extensible way to GPG-sign repository metadata.

In certain environments, GPG private keys are secured in an HSM,
instead of being in a keyring, unprotected by a passphrase.

This allows one to change the signing command, and passes
repository ID information as an envronment variable into
the signing command, in case different keys need to be used.

Fixes: #3444
https://pulp.plan.io/issues/3444

History

#2 Updated by mihai.ibanescu@gmail.com about 1 year ago

  • Subject changed from I cannot sign packages with anything but gpg, and only with one key to I can sign packages ONLY with gpg, and only with one key

#3 Updated by mihai.ibanescu@gmail.com about 1 year ago

  • Tracker changed from Issue to Story
  • % Done set to 0

#4 Updated by mihai.ibanescu@gmail.com about 1 year ago

  • Status changed from NEW to POST

#5 Updated by mihai.ibanescu@gmail.com about 1 year ago

  • % Done changed from 0 to 100

#7 Updated by Anonymous about 1 year ago

  • Status changed from POST to MODIFIED

#8 Updated by bmbouter about 1 year ago

  • Platform Release set to 2.16.0

Adding into 2.16 post dev freeze based on agreement w/ other pulp_rpm devs and @pcreech

#9 Updated by bmbouter about 1 year ago

  • Status changed from MODIFIED to ON_QA

#10 Updated by bmbouter about 1 year ago

  • Status changed from ON_QA to CLOSED - CURRENTRELEASE

#11 Updated by bmbouter 5 days ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF