Project

Profile

Help

Story #5945

As an administrator I can provide a script that signs files

Added by dkliban@redhat.com about 2 months ago. Updated 8 days ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Platform Release:
Blocks Release:
Backwards Incompatible:
No
Groomed:
Yes
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

As a pulp administrator, I can create a SigningService by providing a script that implements the following interface:

script-name <file-name>

The script can produce any number of files in the current working directory and then output a JSON structure that has a key for every file generated and the value for each is the sha256 sum of the file. e.g.

$ /var/lib/pulp/mysigningscript.sh repomd.xml
{"repomd.xml.asc": "ce72f1c9f90c6ca85a88352b677ed8cc85d4ba81b4887be39afb01ad9c4fd8f8", "repomd.xml.gpg": "e36e08b23107745247855b1a06d6d8ae27883fb56d7d7a282d93393db801cfe0"}

Related issues

Duplicates Pulp - Story #5943: Add a SigningService model, viewset, and serializer CLOSED - CURRENTRELEASE Actions

History

#1 Updated by bmbouter about 2 months ago

Why the random name with --detached?

#2 Updated by bmbouter about 2 months ago

  • Sprint/Milestone set to 3.1.0
  • Sprint Candidate changed from No to Yes

#3 Updated by bmbouter about 2 months ago

  • Groomed changed from No to Yes

#4 Updated by rchan about 2 months ago

  • Sprint set to Sprint 64

#5 Updated by daviddavis about 2 months ago

  • Tracker changed from Issue to Story
  • % Done set to 0

#6 Updated by mihai.ibanescu@gmail.com about 1 month ago

There is a reason the interface implemented for metadata signing in pulp2 is modifying the file in place.

Sometimes, the plugin writer may not know what types of signatures (detached or not) are needed.

As an extreme (and maybe hypothetical) example, let's look at a yum repository (repomd, really).

yum expects a clear-text signature. zypper expects a detached signature.

At the time the plugin developer writes the plugin, it may not be aware that the repo may even be used for zypper.

So, the plugin should typically only care that a call to make a signature was made. The instance of the signing service, as implemented by the pulp administrator, will decide whether it's a detached or clear-text signature.

#7 Updated by dkliban@redhat.com about 1 month ago

  • Description updated (diff)

Mihai, thanks for the input. That makes sense to me. I've updated the description to reflect your idea.

#8 Updated by dkliban@redhat.com about 1 month ago

  • Description updated (diff)

#9 Updated by dkliban@redhat.com about 1 month ago

  • Description updated (diff)

#10 Updated by bmbouter about 1 month ago

  • Sprint/Milestone deleted (3.1.0)
  • Sprint deleted (Sprint 64)

#11 Updated by rchan about 1 month ago

  • Sprint Candidate deleted (Yes)

#12 Updated by bmbouter 8 days ago

  • Description updated (diff)
  • Status changed from NEW to CLOSED - DUPLICATE
  • Sprint Candidate set to No

#13 Updated by bmbouter 8 days ago

  • Duplicates Story #5943: Add a SigningService model, viewset, and serializer added

Please register to edit this issue

Also available in: Atom PDF