Task #5944
closed
[Epic] As a plugin writer, I can use a SigningService to produce ascii-armored signatures
Status:
CLOSED - CURRENTRELEASE
Estimated time:
(Total: 0:00 h)
Description
This is an epic that will enable plugin writers to use scripts provided by Pulp administrators to sign files.
Pulp Administrators will use django-admin shell_plus or a python script to CRUD an instance of a SigningService model.
Pulp Administrators will be able to retrieve an instance of a SigningService using the REST API.
Plugin writers will be able to use SigningService.sign_file(filename) to retrieve an ascii-armored detached gpg signature and public key for verifying it.
Administrators will have documentation that states the signing script needs to print a dictionary that looks like this:
{"file": "repomd.xml", "signature": "repomd.xml.asc", "key": "public.key"}
Could we get away with having users use shell_plus for the nearterm? Otherwise we'll need to made the create, list, and delete interfaces too.
- Subject changed from As an administrator I can create a Signing Service to Document how an administrator can create a Signing Service
- Description updated (diff)
- Tags Documentation added
bmbouter, yes we can get away with having admins use django-admin shell_plus command to create the Signing Service. I updated the description to reflect that this is simply a documentation task.
- Sprint/Milestone set to 3.1.0
- Sprint Candidate changed from No to Yes
- Groomed changed from No to Yes
- Tracker changed from Issue to Task
- % Done set to 0
- Subject changed from Document how an administrator can create a Signing Service to As a plugin writer, I can use a SigningService to produce ascii-armored signatures
- Description updated (diff)
- Status changed from NEW to ASSIGNED
- Assignee set to lmjachky
- Subject changed from As a plugin writer, I can use a SigningService to produce ascii-armored signatures to [Epic] As a plugin writer, I can use a SigningService to produce ascii-armored signatures
- Sprint changed from Sprint 64 to Sprint 65
- At the end, it was decided that a detached signature will have the same name as a signed file. This consensus will be mentioned in the docs. The file type ".asc" shall be then appended to the signed filename, like so:
"repomd.xml" -> "repomd.xml.asc"
- Furthermore, in the future, there might be used a different signing method for a different type of content. Due to that, the model SigningService should be a parent class of more specific models (in our case, we currently have one example of such a model - AsciiArmorDetachedSigningService). The interface for the signing method remains untouched:
SigningService(Model):
def sign():
"""Invoke an external signing service."""
AsciiArmorDetachedSigningService(SigningService):
def sign():
""""Invoke inherited SigningService.sign() and validate returned data."""
- Sprint changed from Sprint 65 to Sprint 66
- Sprint/Milestone changed from 3.1.0 to 3.2.0
- Description updated (diff)
- Status changed from ASSIGNED to CLOSED - CURRENTRELEASE
- Sprint/Milestone deleted (
3.2.0)
All subtasks are complete, so I'm moving to CLOSED - CURRENT RELEASE
- Sprint/Milestone set to 3.1.0
Also available in: Atom
PDF
.