Project

Profile

Help

Actions
Send by e-mail Copy link

Story #5945

closed

As an administrator I can provide a script that signs files

Added by dkliban@redhat.com over 4 years ago. Updated about 4 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

As a pulp administrator, I can create a SigningService by providing a script that implements the following interface:

script-name <file-name>

The script can produce any number of files in the current working directory and then output a JSON structure that has a key for every file generated and the value for each is the sha256 sum of the file. e.g.

$ /var/lib/pulp/mysigningscript.sh repomd.xml
{"repomd.xml.asc": "ce72f1c9f90c6ca85a88352b677ed8cc85d4ba81b4887be39afb01ad9c4fd8f8", "repomd.xml.gpg": "e36e08b23107745247855b1a06d6d8ae27883fb56d7d7a282d93393db801cfe0"}

Related issues

Is duplicate of Pulp - Story #5943: Add a SigningService model, viewset, and serializerCLOSED - CURRENTRELEASElmjachky

Actions
Actions
Copy link
 #1

Updated by bmbouter over 4 years ago

Why the random name with --detached?

Actions
Copy link
 #2

Updated by bmbouter over 4 years ago

  • Sprint/Milestone set to 3.1.0
  • Sprint Candidate changed from No to Yes
Actions
Copy link
 #3

Updated by bmbouter over 4 years ago

  • Groomed changed from No to Yes
Actions
Copy link
 #4

Updated by rchan over 4 years ago

  • Sprint set to Sprint 64
Actions
Copy link
 #5

Updated by daviddavis over 4 years ago

  • Tracker changed from Issue to Story
  • % Done set to 0
Actions
Copy link
 #6

Updated by mihai.ibanescu@gmail.com over 4 years ago

There is a reason the interface implemented for metadata signing in pulp2 is modifying the file in place.

Sometimes, the plugin writer may not know what types of signatures (detached or not) are needed.

As an extreme (and maybe hypothetical) example, let's look at a yum repository (repomd, really).

yum expects a clear-text signature. zypper expects a detached signature.

At the time the plugin developer writes the plugin, it may not be aware that the repo may even be used for zypper.

So, the plugin should typically only care that a call to make a signature was made. The instance of the signing service, as implemented by the pulp administrator, will decide whether it's a detached or clear-text signature.

Actions
Copy link
 #7

Updated by dkliban@redhat.com over 4 years ago

  • Description updated (diff)

Mihai, thanks for the input. That makes sense to me. I've updated the description to reflect your idea.

Actions
Copy link
 #8

Updated by dkliban@redhat.com over 4 years ago

  • Description updated (diff)
Actions
Copy link
 #9

Updated by dkliban@redhat.com over 4 years ago

  • Description updated (diff)
Actions
Copy link
 #10

Updated by bmbouter over 4 years ago

  • Sprint/Milestone deleted (3.1.0)
  • Sprint deleted (Sprint 64)
Actions
Copy link
 #11

Updated by rchan about 4 years ago

  • Sprint Candidate deleted (Yes)
Actions
Copy link
 #12

Updated by bmbouter about 4 years ago

  • Description updated (diff)
  • Status changed from NEW to CLOSED - DUPLICATE
  • Sprint Candidate set to No
Actions
Copy link
 #13

Updated by bmbouter about 4 years ago

  • Is duplicate of Story #5943: Add a SigningService model, viewset, and serializer added
Actions
Send by e-mail Copy link

Also available in: Atom PDF