Project

Profile

Help

Story #5523

closed

As a user, I can view certificate-base signatures of Collection content

Added by bmbouter about 5 years ago. Updated about 3 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Ticket moved to GitHub: "pulp/pulp_ansible/694":https://github.com/pulp/pulp_ansible/issues/694


Problem

Users can get their collection content from many places, and they want to understand where it came from. One great way to do this while increasing security is to have the mechanism of data provenance be a signature along with the claim of who it was made by.

This signature would be for a specific CollectionVersion asset (for a specific version). If the asset is modified even one bit (literally) it wouldn't cryptographically validate anymore so every version would need a signature.

How these signatures are generated or verified is beyond the scope of this ticket.

Solution

Add a new Model to pulp_ansible called CollectionVersionSignature and have it be a ForeignKey to CollectionVersion. Have the backref relationship be called 'signatures'. Assuming both data tables are populated you could:

my_collection_version = CollectionVersion.objects.get(pk=1)
my_collection_version.signatures   #  <---- this would be the Queryset of related objects.

To expose this to the user, we would extend the CollectionVersion serializer to display the signatures themselves.
Actions #1

Updated by bmbouter about 5 years ago

  • Parent issue set to #5517
Actions #2

Updated by bmbouter about 5 years ago

  • Parent issue deleted (#5517)

Removing since signing is being pushed post GA per https://github.com/ansible/galaxy-dev/issues/103#issuecomment-539037285

Actions #3

Updated by fao89 over 3 years ago

  • Sprint/Milestone set to 1.0.0 - Candidates
Actions #4

Updated by pulpbot about 3 years ago

  • Description updated (diff)
  • Status changed from NEW to CLOSED - DUPLICATE

Also available in: Atom PDF