Task #5944
[Epic] As a plugin writer, I can use a SigningService to produce ascii-armored signatures
100%
Description
This is an epic that will enable plugin writers to use scripts provided by Pulp administrators to sign files.
Pulp Administrators will use django-admin shell_plus or a python script to CRUD an instance of a SigningService model.
Pulp Administrators will be able to retrieve an instance of a SigningService using the REST API.
Plugin writers will be able to use SigningService.sign_file(filename) to retrieve an ascii-armored detached gpg signature and public key for verifying it.
Administrators will have documentation that states the signing script needs to print a dictionary that looks like this:
{"file": "repomd.xml", "signature": "repomd.xml.asc", "key": "public.key"}
Subtasks
History
#1
Updated by bmbouter about 1 year ago
Could we get away with having users use shell_plus for the nearterm? Otherwise we'll need to made the create, list, and delete interfaces too.
#2
Updated by dkliban@redhat.com about 1 year ago
- Subject changed from As an administrator I can create a Signing Service to Document how an administrator can create a Signing Service
- Description updated (diff)
- Tags Documentation added
bmbouter, yes we can get away with having admins use django-admin shell_plus command to create the Signing Service. I updated the description to reflect that this is simply a documentation task.
#3
Updated by bmbouter about 1 year ago
- Sprint/Milestone set to 3.1.0
- Sprint Candidate changed from No to Yes
#4
Updated by bmbouter about 1 year ago
- Groomed changed from No to Yes
#5
Updated by rchan about 1 year ago
- Sprint set to Sprint 64
#6
Updated by daviddavis about 1 year ago
- Tracker changed from Issue to Task
- % Done set to 0
#7
Updated by dkliban@redhat.com 12 months ago
- Subject changed from Document how an administrator can create a Signing Service to As a plugin writer, I can use a SigningService to produce ascii-armored signatures
- Description updated (diff)
#11
Updated by lmjachky 12 months ago
- At the end, it was decided that a detached signature will have the same name as a signed file. This consensus will be mentioned in the docs. The file type ".asc" shall be then appended to the signed filename, like so:
"repomd.xml" -> "repomd.xml.asc"
- Furthermore, in the future, there might be used a different signing method for a different type of content. Due to that, the model SigningService should be a parent class of more specific models (in our case, we currently have one example of such a model - AsciiArmorDetachedSigningService). The interface for the signing method remains untouched:
SigningService(Model):
def sign():
"""Invoke an external signing service."""
AsciiArmorDetachedSigningService(SigningService):
def sign():
""""Invoke inherited SigningService.sign() and validate returned data."""
#13
Updated by daviddavis 11 months ago
- Sprint/Milestone changed from 3.1.0 to 3.2.0
Please register to edit this issue