All,I added support for GPG keys as follows. I made some assumptions on the user case(s) so, I'd appreciate a sanity check.
* Added 'gpgkeys=' to the model and exposed through WS. This contains the actual GPG key and not a URL to a file stored on the server. Didn't see any point to making this complicated. * Added --gpgkeys option to the 'repo update' command. Eg: pulp-admin repo update --id=myrepo --gpgkeys=/tmp/mykeys pulp-admin repo update --id=myrepo --gpgkeys=/tmp/mykeys/primary,/tmp/mykeys/alt pulp-admin repo update --id=myrepo --gpgkeys= # clear the keys Where /tmp/mykeys contains files containing keys that are uploaded and stored in mongodb in the repo object. * Updated the RepoLib in the Agent to: - Download GPG keys for each subscribed repo(s) into /etc/pki/rpm-gpg/pulp/<repo> Stored as /etc/pki/rpm-gpg/pulp/myrepo/primary /etc/pki/rpm-gpg/pulp/myrepo/alt-1 /etc/pki/rpm-gpg/pulp/myrepo/alt-2 .... - Include gpgkeys in the repo definition in pulp.repo. Eg: gpgkey=file:///etc/pki/rpm-gpg/pulp/myrepo/primary file:///etc/pki/rpm-gpg/pulp/myrepo/alt-1 file:///etc/pki/rpm-gpg/pulp/myrepo/alt-2 * Locally stored keys no longer associated with a pulp repo are removed. That is, /etc/pki/rpm-gpg/pulp/foobar/* is removed when no longer subscribed. Also, unreferenced keys are cleaned up.As of now keys --gpgkeys can contain a comma separated list of files and/or directories. When directories are listed, all of the files in directories are considered to be GPG keys and uploaded.
The GPG keys are set in the pulp.repo files in the order stored in the domain model. By convention, The first key in the list is stored in the file named 'primary' and all the others are stored in files named 'alt-N'. There is not real significance to the file naming. I just did it this way for readability and consistency with fedora key naming.
Description: S/MIME Cryptographic Signature