Project

Profile

Help

Story #5945

closed

As an administrator I can provide a script that signs files

Added by dkliban@redhat.com about 4 years ago. Updated about 4 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

As a pulp administrator, I can create a SigningService by providing a script that implements the following interface:

script-name <file-name>

The script can produce any number of files in the current working directory and then output a JSON structure that has a key for every file generated and the value for each is the sha256 sum of the file. e.g.

$ /var/lib/pulp/mysigningscript.sh repomd.xml
{"repomd.xml.asc": "ce72f1c9f90c6ca85a88352b677ed8cc85d4ba81b4887be39afb01ad9c4fd8f8", "repomd.xml.gpg": "e36e08b23107745247855b1a06d6d8ae27883fb56d7d7a282d93393db801cfe0"}

Related issues

Is duplicate of Pulp - Story #5943: Add a SigningService model, viewset, and serializerCLOSED - CURRENTRELEASElmjachky

Actions
Actions #1

Updated by bmbouter about 4 years ago

Why the random name with --detached?

Actions #2

Updated by bmbouter about 4 years ago

  • Sprint/Milestone set to 3.1.0
  • Sprint Candidate changed from No to Yes
Actions #3

Updated by bmbouter about 4 years ago

  • Groomed changed from No to Yes
Actions #4

Updated by rchan about 4 years ago

  • Sprint set to Sprint 64
Actions #5

Updated by daviddavis about 4 years ago

  • Tracker changed from Issue to Story
  • % Done set to 0
Actions #6

Updated by mihai.ibanescu@gmail.com about 4 years ago

There is a reason the interface implemented for metadata signing in pulp2 is modifying the file in place.

Sometimes, the plugin writer may not know what types of signatures (detached or not) are needed.

As an extreme (and maybe hypothetical) example, let's look at a yum repository (repomd, really).

yum expects a clear-text signature. zypper expects a detached signature.

At the time the plugin developer writes the plugin, it may not be aware that the repo may even be used for zypper.

So, the plugin should typically only care that a call to make a signature was made. The instance of the signing service, as implemented by the pulp administrator, will decide whether it's a detached or clear-text signature.

Actions #7

Updated by dkliban@redhat.com about 4 years ago

  • Description updated (diff)

Mihai, thanks for the input. That makes sense to me. I've updated the description to reflect your idea.

Actions #8

Updated by dkliban@redhat.com about 4 years ago

  • Description updated (diff)
Actions #9

Updated by dkliban@redhat.com about 4 years ago

  • Description updated (diff)
Actions #10

Updated by bmbouter about 4 years ago

  • Sprint/Milestone deleted (3.1.0)
  • Sprint deleted (Sprint 64)
Actions #11

Updated by rchan about 4 years ago

  • Sprint Candidate deleted (Yes)
Actions #12

Updated by bmbouter about 4 years ago

  • Description updated (diff)
  • Status changed from NEW to CLOSED - DUPLICATE
  • Sprint Candidate set to No
Actions #13

Updated by bmbouter about 4 years ago

  • Is duplicate of Story #5943: Add a SigningService model, viewset, and serializer added

Also available in: Atom PDF