Actions
Story #3444
closed
I can sign packages ONLY with gpg, and only with one key
Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
2.16.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
As a user, I need the ability to use a different signing command. In some environments a Hardware Security Module may be used for signing, and interaction with it requires a different command line.
Also, I need the ability to determine which signature key to use based on the repository name.
Note¶
This functionality has already been implemented in pulp_deb, and may be useful as a starting point for a central signing facility offered by pulpcore.
Actions
.
Extensible way to GPG-sign repository metadata.
In certain environments, GPG private keys are secured in an HSM, instead of being in a keyring, unprotected by a passphrase.
This allows one to change the signing command, and passes repository ID information as an envronment variable into the signing command, in case different keys need to be used.
Fixes: #3444 https://pulp.plan.io/issues/3444