Project

Profile

Help

Story #3444

closed

I can sign packages ONLY with gpg, and only with one key

Added by mihai.ibanescu@gmail.com over 6 years ago. Updated over 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.16.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

As a user, I need the ability to use a different signing command. In some environments a Hardware Security Module may be used for signing, and interaction with it requires a different command line.

Also, I need the ability to determine which signature key to use based on the repository name.

Note

This functionality has already been implemented in pulp_deb, and may be useful as a starting point for a central signing facility offered by pulpcore.

Actions #2

Updated by mihai.ibanescu@gmail.com over 6 years ago

  • Subject changed from I cannot sign packages with anything but gpg, and only with one key to I can sign packages ONLY with gpg, and only with one key
Actions #3

Updated by mihai.ibanescu@gmail.com over 6 years ago

  • Tracker changed from Issue to Story
  • % Done set to 0
Actions #4

Updated by mihai.ibanescu@gmail.com over 6 years ago

  • Status changed from NEW to POST
Actions #5

Updated by mihai.ibanescu@gmail.com over 6 years ago

  • % Done changed from 0 to 100

Added by Mihai Ibanescu over 6 years ago

Revision 09ba819c | View on GitHub

Extensible way to GPG-sign repository metadata.

In certain environments, GPG private keys are secured in an HSM, instead of being in a keyring, unprotected by a passphrase.

This allows one to change the signing command, and passes repository ID information as an envronment variable into the signing command, in case different keys need to be used.

Fixes: #3444 https://pulp.plan.io/issues/3444

Actions #7

Updated by Anonymous over 6 years ago

  • Status changed from POST to MODIFIED
Actions #8

Updated by bmbouter over 6 years ago

  • Platform Release set to 2.16.0

Adding into 2.16 post dev freeze based on agreement w/ other pulp_rpm devs and pcreech

Actions #9

Updated by bmbouter over 6 years ago

  • Status changed from MODIFIED to 5
Actions #10

Updated by bmbouter over 6 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE
Actions #11

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF