[Pulp-list] GPG Keys (review)
Jeff Ortel
jortel at redhat.com
Tue Oct 12 15:42:21 UTC 2010
All,
I added support for GPG keys as follows. I made some assumptions on the user case(s) so,
I'd appreciate a sanity check.
* Added 'gpgkeys=[]' to the model and exposed through WS. This contains
the actual GPG key and not a URL to a file stored on the server. Didn't
see any point to making this complicated.
* Added --gpgkeys option to the 'repo update' command.
Eg: pulp-admin repo update --id=myrepo --gpgkeys=/tmp/mykeys
pulp-admin repo update --id=myrepo --gpgkeys=/tmp/mykeys/primary,/tmp/mykeys/alt
pulp-admin repo update --id=myrepo --gpgkeys= # clear the keys
Where /tmp/mykeys contains files containing keys that are uploaded and
stored in mongodb in the repo object.
* Updated the RepoLib in the Agent to:
- Download GPG keys for each subscribed repo(s) into /etc/pki/rpm-gpg/pulp/<repo>
Stored as /etc/pki/rpm-gpg/pulp/myrepo/primary
/etc/pki/rpm-gpg/pulp/myrepo/alt-1
/etc/pki/rpm-gpg/pulp/myrepo/alt-2
....
- Include gpgkeys in the repo definition in pulp.repo.
Eg: gpgkey=file:///etc/pki/rpm-gpg/pulp/myrepo/primary
file:///etc/pki/rpm-gpg/pulp/myrepo/alt-1
file:///etc/pki/rpm-gpg/pulp/myrepo/alt-2
* Locally stored keys no longer associated with a pulp repo are removed. That is,
/etc/pki/rpm-gpg/pulp/foobar/* is removed when no longer subscribed. Also,
unreferenced keys are cleaned up.
As of now keys --gpgkeys can contain a comma separated list of files and/or directories.
When directories are listed, all of the files in directories are considered to be GPG keys
and uploaded.
The GPG keys are set in the pulp.repo files in the order stored in the domain model. By
convention, The first key in the list is stored in the file named 'primary' and all the
others are stored in files named 'alt-N'. There is not real significance to the file
naming. I just did it this way for readability and consistency with fedora key naming.
Comments?
-jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5126 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20101012/f30383d5/attachment.p7s>
More information about the Pulp-list
mailing list