Project

Profile

Help

Story #3444

I can sign packages ONLY with gpg, and only with one key

Added by mihai.ibanescu@gmail.com about 3 years ago. Updated about 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.16.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

As a user, I need the ability to use a different signing command. In some environments a Hardware Security Module may be used for signing, and interaction with it requires a different command line.

Also, I need the ability to determine which signature key to use based on the repository name.

Note

This functionality has already been implemented in pulp_deb, and may be useful as a starting point for a central signing facility offered by pulpcore.

Associated revisions

Revision 09ba819c View on GitHub
Added by Mihai Ibanescu about 3 years ago

Extensible way to GPG-sign repository metadata.

In certain environments, GPG private keys are secured in an HSM, instead of being in a keyring, unprotected by a passphrase.

This allows one to change the signing command, and passes repository ID information as an envronment variable into the signing command, in case different keys need to be used.

Fixes: #3444 https://pulp.plan.io/issues/3444

History

#2 Updated by mihai.ibanescu@gmail.com about 3 years ago

  • Subject changed from I cannot sign packages with anything but gpg, and only with one key to I can sign packages ONLY with gpg, and only with one key

#3 Updated by mihai.ibanescu@gmail.com about 3 years ago

  • Tracker changed from Issue to Story
  • % Done set to 0

#4 Updated by mihai.ibanescu@gmail.com about 3 years ago

  • Status changed from NEW to POST

#5 Updated by mihai.ibanescu@gmail.com about 3 years ago

  • % Done changed from 0 to 100

#7 Updated by Anonymous about 3 years ago

  • Status changed from POST to MODIFIED

#8 Updated by bmbouter about 3 years ago

  • Platform Release set to 2.16.0

Adding into 2.16 post dev freeze based on agreement w/ other pulp_rpm devs and pcreech

#9 Updated by bmbouter about 3 years ago

  • Status changed from MODIFIED to 5

#10 Updated by bmbouter about 3 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE

#11 Updated by bmbouter about 2 years ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF