Project

Profile

Help

Task #912

closed

Importer needs to support additional configuration properties

Added by jortel@redhat.com over 9 years ago. Updated over 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Target Release - OSTree:
1.0.0
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
May 2015
Quarter:

Description

The importer needs to support the following additional configuration properties:

Standard:

  • KEY_SSL_CA_CERT = 'ssl_ca_cert'
  • KEY_SSL_VALIDATION = 'ssl_validation'
  • KEY_SSL_CLIENT_CERT = 'ssl_client_cert'
  • KEY_SSL_CLIENT_KEY = 'ssl_client_key'

Custom:

  • KEY_GPG = 'gpg_key'

Values are set in the remote options on remote-add.
(see: man ostree.repo-config):

       tls-client-cert-path = KEY_SSL_CLIENT_CERT
           Path to file for client-side certificate, to present when making requests to this repository.

       tls-client-key-path = KEY_SSL_CLIENT_KEY
           Path to file containing client-side certificate key, to present when making requests to this repository.

       tls-ca-path = KEY_SSL_CA_CERT
           Path to file containing trusted anchors instead of the system CA database.

       tls-permissive = (not KEY_SSL_VALIDATION)
           A boolean value, defaults to false. By default, server TLS certificates will be checked against the system certificate store. If this variable is
           set, any certificate will be accepted.
       gpg-verify = (KEY_GPG is not None)
           A boolean value, defaults to true. Controls whether or not OSTree will require commits to be signed by a known GPG key. For more information, see
           the ostree(1) manual under GPG.

The GPG key will need to be stored as keyring files in /usr/share/ostree/trusted.gpg.d
When a GPG key is specifed, gpg-verify=1 must be specified in the remote options.

Notes:

  • Pulp stores the GPG keys in the DB.
  • Find out if libostree can be handed the keys directly. If not, let's see if libostree can be changed to support a different file location.

Related issues

Blocks OSTree Support - Story #911: As a user, I want the CLI to support additional settings used to sync with the remote.CLOSED - CURRENTRELEASEjortel@redhat.com

Actions

Also available in: Atom PDF