Actions
Story #3444
closed
I can sign packages ONLY with gpg, and only with one key
Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
2.16.0
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
As a user, I need the ability to use a different signing command. In some environments a Hardware Security Module may be used for signing, and interaction with it requires a different command line.
Also, I need the ability to determine which signature key to use based on the repository name.
Note¶
This functionality has already been implemented in pulp_deb, and may be useful as a starting point for a central signing facility offered by pulpcore.
Updated by mihai.ibanescu@gmail.com over 6 years ago
Updated by mihai.ibanescu@gmail.com over 6 years ago
- Subject changed from I cannot sign packages with anything but gpg, and only with one key to I can sign packages ONLY with gpg, and only with one key
Updated by mihai.ibanescu@gmail.com over 6 years ago
- Tracker changed from Issue to Story
- % Done set to 0
Updated by mihai.ibanescu@gmail.com over 6 years ago
- Status changed from NEW to POST
Updated by mihai.ibanescu@gmail.com over 6 years ago
- % Done changed from 0 to 100
Added by Mihai Ibanescu over 6 years ago
Updated by Anonymous over 6 years ago
- Status changed from POST to MODIFIED
Applied in changeset 09ba819caa936a532a5f9d90c60baea9450a1431.
Updated by bmbouter over 6 years ago
- Platform Release set to 2.16.0
Adding into 2.16 post dev freeze based on agreement w/ other pulp_rpm devs and pcreech
Updated by bmbouter over 6 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
Actions
.
Extensible way to GPG-sign repository metadata.
In certain environments, GPG private keys are secured in an HSM, instead of being in a keyring, unprotected by a passphrase.
This allows one to change the signing command, and passes repository ID information as an envronment variable into the signing command, in case different keys need to be used.
Fixes: #3444 https://pulp.plan.io/issues/3444