Project

Profile

Help

Story #9532

closed

As a pulp administrator, I want to write a signing service script, that is not hard coded to a particular key

Added by quba42 about 1 year ago. Updated 12 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Starting with pulpcore 3.13 (I think) signing services save the public key and its fingerprint in their model.

If they were to pass at least the fingerprint to the sub-process call of the signing service (either as a parameter or via ENV variable), it would no longer be necessary for signing service executables to be hard coded to a particular key (or otherwise guess what key they should use). This makes it much easier to document and share example signing service scripts, and is simply better design. ;-)

This is also how pulp_deb signing services in Pulp 2 times worked.

Actions #1

Updated by quba42 about 1 year ago

PR was not associated automatically for some reason: https://github.com/pulp/pulpcore/pull/1696

Added by quba42 about 1 year ago

Revision 7835faa4

Pass the public key fingerprint to the signing service subprocess

closes #9532 https://pulp.plan.io/issues/9532

This will allow for a signing service script that is not hard coded to a particular key. It should be fully backwards compatibile with all existing scripts, since they can simply ignore the new environmental variable.

Actions #2

Updated by quba42 about 1 year ago

  • Status changed from NEW to MODIFIED
  • % Done changed from 0 to 100
Actions #3

Updated by pulpbot 12 months ago

  • Sprint/Milestone set to 3.17.0
Actions #4

Updated by pulpbot 12 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF