Project

Profile

Help

Story #4009

Updated by bmbouter about 3 years ago

In RPM for Pulp2, there is a WSGIAccessScript that uses the client script to verify the client's right to access a specific URL. This should be a RPM-specific guard that is provided by the RPM plugin.

In Pulp2 here are some links that are related:

https://github.com/pulp/pulp/tree/2-master/repoauth/pulp/repoauth <--- the actual checking code itself
https://github.com/pulp/pulp_rpm/blob/2-master/plugins/etc/httpd/conf.d/pulp_rpm.conf#L48 <---- the httpd WSGIAccessScript

We need to get some test data posted on here that can be used for development.

For crypto the Red Hat security team has recommended: https://pypi.org/project/cryptography/ as a portable crypto library for Python.

Back