Re: [package-drone-dev] Looking to Implement RPM signing service

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [package-drone-dev] Looking to Implement RPM signing service

From: Jens Reimann <jreimann@xxxxxxxxxx>
Date: Wed, 22 May 2019 08:43:32 +0200
Delivered-to: package-drone-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/package-drone-dev>
List-help: <mailto:package-drone-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/package-drone-dev>, <mailto:package-drone-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/package-drone-dev>, <mailto:package-drone-dev-request@eclipse.org?subject=unsubscribe>

Not at all. I am really thankful for your contributions.

It's been a while, but IIRC you need to define the virtualizer as an OSGi service/component (some XML file in the OSGI-INF, and add that to the MANIFEST.MF file). This should make it visible in the UI, so that you can add the aspect to the channel.

The YUM repo aspect doesn't see a difference in the artifacts, so you need to find another way to identify what you want to be present in the YUM repoo (e.g. require a signed RPM), and this is what you can do based on the metadata.

On Tue, May 21, 2019 at 7:42 PM Walker Funk <walker.funk@xxxxxxxxxxx> wrote:

Hello again,

I hope I am not too terribly annoying with my questions but I do have a couple more if you have the time...

As per your advice I have created an RpmSignerVirtualizer class and an RpmSignerAspectFactory class with a createAspect function to return the SignerVirtualizer. Within the RpmSignerVirtualizer I plan to read in the original (unsigned) rpm via its path, create a new signed rpm, add its signature to the metaData, and then add the signed rpm as a child of the original.

My question is how exactly do I get yum rpm channels to use the virtualizer aspect? It doesn't seem obvious to me thus far.

Thanks,
Walker

On Thu, May 16, 2019 at 10:12 AM Walker Funk <walker.funk@xxxxxxxxxxx> wrote:
Hey Jens,

No worries, I'm sure you're busy. That does help, and I appreciate it a lot. I am getting better oriented with the project but I have a couple more quick questions...
1) What exactly are virtual artifacts and generator/generated artifacts? Why are they used?
2) I see that there are methods for creating stored and generator artifacts, but how are virtual artifacts created?

Thanks!

On Wed, May 15, 2019 at 2:48 AM Jens Reimann <jreimann@xxxxxxxxxx> wrote:
Hi Walter,

I am really sorry for the late reply.

I think a good approach to that would be to:
a) create a new virtual artifact, which takes the original (unsigned) RPM and attached a virtual artifact as a child. The virtual artifact being the signed RPM
b) extract the information of the signature into the metadata (not matter if this is a virtual artifact or a real one)
c) Enhance the yum repository plugin to allow ignoring unsigned RPMs.

With this setup you would end up with a YUM repository of only signed RPMs. And RPMs would get either signed externally, or by package drone.

I hope this helps

Cheers

Jens

On Tue, May 14, 2019 at 6:48 PM Walker Funk <walker.funk@xxxxxxxxxxx> wrote:
Would like to implement an RPM signing service in addition to the yum repository signing service. I know this was in the works at some point, has any work been done in regards to this feature? Where might be a good place to start with this?
_______________________________________________
package-drone-dev mailing list
package-drone-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/package-drone-dev

--
Jens Reimann
Principal Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________

Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Tom Savage, Michael O'Neill
_______________________________________________
package-drone-dev mailing list
package-drone-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/package-drone-dev

Jens Reimann
Principal Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________

Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Tom Savage, Michael O'Neill

References:
- [package-drone-dev] Looking to Implement RPM signing service
  - From: Walker Funk
- Re: [package-drone-dev] Looking to Implement RPM signing service
  - From: Jens Reimann
- Re: [package-drone-dev] Looking to Implement RPM signing service
  - From: Walker Funk
- Re: [package-drone-dev] Looking to Implement RPM signing service
  - From: Walker Funk

Prev by Date: Re: [package-drone-dev] Looking to Implement RPM signing service
Next by Date: [package-drone-dev] This list has been closed
Previous by thread: Re: [package-drone-dev] Looking to Implement RPM signing service
Next by thread: [package-drone-dev] This list has been closed
Index(es):
- Date
- Thread

Breadcrumbs