Project

Profile

Help

Task #5946

Updated by dkliban@redhat.com almost 5 years ago

A plugin author should be able to use an instance of a SigningService to produce a signed Artifact from an Artifact. 

 SigningService needs to provide a method called 'sign_file(filename)'. 'sign_artifact(artifact, detached=False)'. This method always returns a dictionary where each key an Artifact. When detached=False, the new Artifact is a relative path inside copy of the worker's working directory and original Artifact with a signature attached to it. When detached=True, the value new Artifact is a detatched signature for the sha256 sum of that file. E.g.: 

 <pre> 
 <code class="python"> 
 { 
  "repomd.xml.asc": "ce72f1c9f90c6ca85a88352b677ed8cc85d4ba81b4887be39afb01ad9c4fd8f8", 
  "repomd.xml.gpg": "e36e08b23107745247855b1a06d6d8ae27883fb56d7d7a282d93393db801cfe0" 
 } 
 </code> 
 </pre> 


 The following code[0] in pulp_rpm: 

 <pre> 
 <code class="python"> 
 with open(repomd_path, "w") as repomd_f: 
     repomd_f.write(repomd.xml_dump()) 

 PublishedMetadata.create_from_file( 
     relative_path=os.path.join(repodata_path, os.path.basename(repomd_path)), 
     publication=publication, 
     file=File(open(repomd_path, 'rb')) 
 ) 
 </code> 
 </pre> 

 Would look more like this: 

 <pre> 
 <code class="python"> 
 signer = SigningService.objects.get(pk=blah) 

 with open(repomd_path, "w") as repomd_f: 
     repomd_f.write(repomd.xml_dump()) 

 signed_files = signer.sign_file(repomd_path) 

 for file_path, sha256 in signed_files.items(): 
     PublishedMetadata.create_from_file( 
         relative_path=os.path.join(repodata_path, os.path.basename(file_path)), 
         publication=publication, 
         file=File(open(file_path, 'rb')) 
     ) 
 </code> 
 </pre> 

 [0] https://github.com/pulp/pulp_rpm/blob/aecc23c41d384a34e661410ae389d3fa1a3c315b/pulp_rpm/app/tasks/publishing.py#L353-L360 original Artifact.  

Back