Project

Profile

Help

Story #5945

As an administrator I can provide a script that signs files

Added by dkliban@redhat.com about 1 year ago. Updated about 1 year ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

As a pulp administrator, I can create a SigningService by providing a script that implements the following interface:

script-name <file-name>

The script can produce any number of files in the current working directory and then output a JSON structure that has a key for every file generated and the value for each is the sha256 sum of the file. e.g.

$ /var/lib/pulp/mysigningscript.sh repomd.xml
{"repomd.xml.asc": "ce72f1c9f90c6ca85a88352b677ed8cc85d4ba81b4887be39afb01ad9c4fd8f8", "repomd.xml.gpg": "e36e08b23107745247855b1a06d6d8ae27883fb56d7d7a282d93393db801cfe0"}

Related issues

Is duplicate of Pulp - Story #5943: Add a SigningService model, viewset, and serializerCLOSED - CURRENTRELEASE

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

History

#1 Updated by bmbouter about 1 year ago

Why the random name with --detached?

#2 Updated by bmbouter about 1 year ago

  • Sprint/Milestone set to 3.1.0
  • Sprint Candidate changed from No to Yes

#3 Updated by bmbouter about 1 year ago

  • Groomed changed from No to Yes

#4 Updated by rchan about 1 year ago

  • Sprint set to Sprint 64

#5 Updated by daviddavis about 1 year ago

  • Tracker changed from Issue to Story
  • % Done set to 0

#6 Updated by mihai.ibanescu@gmail.com about 1 year ago

There is a reason the interface implemented for metadata signing in pulp2 is modifying the file in place.

Sometimes, the plugin writer may not know what types of signatures (detached or not) are needed.

As an extreme (and maybe hypothetical) example, let's look at a yum repository (repomd, really).

yum expects a clear-text signature. zypper expects a detached signature.

At the time the plugin developer writes the plugin, it may not be aware that the repo may even be used for zypper.

So, the plugin should typically only care that a call to make a signature was made. The instance of the signing service, as implemented by the pulp administrator, will decide whether it's a detached or clear-text signature.

#7 Updated by dkliban@redhat.com about 1 year ago

  • Description updated (diff)

Mihai, thanks for the input. That makes sense to me. I've updated the description to reflect your idea.

#8 Updated by dkliban@redhat.com about 1 year ago

  • Description updated (diff)

#9 Updated by dkliban@redhat.com about 1 year ago

  • Description updated (diff)

#10 Updated by bmbouter about 1 year ago

  • Sprint/Milestone deleted (3.1.0)
  • Sprint deleted (Sprint 64)

#11 Updated by rchan about 1 year ago

  • Sprint Candidate deleted (Yes)

#12 Updated by bmbouter about 1 year ago

  • Description updated (diff)
  • Status changed from NEW to CLOSED - DUPLICATE
  • Sprint Candidate set to No

#13 Updated by bmbouter about 1 year ago

  • Is duplicate of Story #5943: Add a SigningService model, viewset, and serializer added

Please register to edit this issue

Also available in: Atom PDF