Task #5946
Updated by dkliban@redhat.com over 4 years ago
A plugin author should be able to use an instance of a SigningService to produce a signed Artifact from an Artifact. SigningService needs to provide a method called 'sign_file(filename)'. 'sign_artifact(artifact, detached=False)'. This method always returns a dictionary where each key an Artifact. When detached=False, the new Artifact is a relative path inside copy of the worker's working directory and original Artifact with a signature attached to it. When detached=True, the value new Artifact is a detatched signature for the sha256 sum of that file. E.g.: <pre> <code class="python"> { "repomd.xml.asc": "ce72f1c9f90c6ca85a88352b677ed8cc85d4ba81b4887be39afb01ad9c4fd8f8", "repomd.xml.gpg": "e36e08b23107745247855b1a06d6d8ae27883fb56d7d7a282d93393db801cfe0" } </code> </pre> The following code[0] in pulp_rpm: <pre> <code class="python"> with open(repomd_path, "w") as repomd_f: repomd_f.write(repomd.xml_dump()) PublishedMetadata.create_from_file( relative_path=os.path.join(repodata_path, os.path.basename(repomd_path)), publication=publication, file=File(open(repomd_path, 'rb')) ) </code> </pre> Would look more like this: <pre> <code class="python"> signer = SigningService.objects.get(pk=blah) with open(repomd_path, "w") as repomd_f: repomd_f.write(repomd.xml_dump()) signed_files = signer.sign_file(repomd_path) for file_path, sha256 in signed_files.items(): PublishedMetadata.create_from_file( relative_path=os.path.join(repodata_path, os.path.basename(file_path)), publication=publication, file=File(open(file_path, 'rb')) ) </code> </pre> [0] https://github.com/pulp/pulp_rpm/blob/aecc23c41d384a34e661410ae389d3fa1a3c315b/pulp_rpm/app/tasks/publishing.py#L353-L360 original Artifact.
.