attempt to download signing keys upon artifact installation, new origin keys Depot API #488
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bookshelfdave
force-pushed
the
dp_depot_key_api
branch
from
d457267 to
46fea65
Compare
- updated depot key api - added raml WIP doc for depot API - set Content-Disposition for package + key download - removed GPG key installation from test setup - attempt to download keys upon verify failure - add /origins/:origin/keys/latest route Signed-off-by: Dave Parfitt <[email protected]>
bookshelfdave
force-pushed
the
dp_depot_key_api
branch
from
46fea65 to
c3fbab3
Compare
| let origin = chunks.join("-").trim().to_owned(); | ||
| Ok((origin, rev.trim().to_owned())) | ||
| } | ||
|
|
There was a problem hiding this comment.
It's conventional to put all tests within a module called tests inside the file you're writing the tests for
#[cfg(test)]
mod tests {
// this line will get you access to the outer module's functions/structs
use super::*;
#[test]
fn my_test() { }
}
|
📌 Commit c3fbab3 has been approved by |
thesentinels
pushed a commit
that referenced
this pull request
May 6, 2016
- updated depot key api - added raml WIP doc for depot API - set Content-Disposition for package + key download - removed GPG key installation from test setup - attempt to download keys upon verify failure - add /origins/:origin/keys/latest route Signed-off-by: Dave Parfitt <[email protected]> Pull request: #488 Approved by: reset
|
☀️ Test successful - travis |
jtimberman
pushed a commit
that referenced
this pull request
Jun 12, 2016
- updated depot key api - added raml WIP doc for depot API - set Content-Disposition for package + key download - removed GPG key installation from test setup - attempt to download keys upon verify failure - add /origins/:origin/keys/latest route Signed-off-by: Dave Parfitt <[email protected]> Pull request: #488 Approved by: reset
raskchanky
pushed a commit
that referenced
this pull request
Apr 16, 2019
- updated depot key api - added raml WIP doc for depot API - set Content-Disposition for package + key download - removed GPG key installation from test setup - attempt to download keys upon verify failure - add /origins/:origin/keys/latest route Signed-off-by: Dave Parfitt <[email protected]> Pull request: #488 Approved by: reset
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Upon artifact install, check to see if we have the signing origin key for an artifact in our local key cache (
HAB_CACHE_KEY_PATH). If not, try to download it from the origin and continue with artifact verification. Initially, I had implemented package install to download all keys for an origin. Upon discussion with the team, we decided it would be best for the depot to download a single key at a time, since we have the exact key w/ revision in the .hart header.This PR adds 4 new routes to the depot API for uploading/download origin keys. Origin keys are stored in a hashed file structure on disk, and metadata is stored as a Redis set with
origin_keysas the prefix. For example,origin_keys:coreis a set of all keys for thecoreorigin. Redis-backed storage for keys buys us the ability to list all keys for a given origin.New
habcommands:hab origin key upload /path/to/some_origin.pubhab origin key download some_originHAB_CACHE_KEY_PATHdirectory.hab origin key download some_origin revisionHAB_CACHE_KEY_PATHdirectory.Depot API
The new routes in the Depot API are as follows:
List all keys
GET
/origins/:origin/keysReturn a list of all keys for an origin in the following format:
Example response:
Get a specific origin key by revision
/origins/:origin/keys/:revisionReturns a plain-text origin public key:
Example response:
Get the newest key revision for an origin
/origins/:origin/keys/latestReturns a plain-text origin public key:
Example response:
Upload a new origin key with revision
/origins/:origin/keys/:revisionRAML
This PR includes an initial implementation of RAML for the new
/originskey routes. The rest of the routes are marked as TODO. I'd love for this to help test and document our API's in the future.Misc Notes
Sadly, this PR is light on testing. We'll need to get some integration test stuff together soonish. Perhaps a testing spike is in order across the board.