-
Task
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
Goal
We need to have a documented process on how will the signing of the conversions script work - who, when and how.
The conversion script needs to be signed to ascertain integrity of the content, that is that it hasn't been tampered with by an unauthorized actor.
The process will likely follow the signing process used for the Remediations:
https://source.redhat.com/groups/public/insights_rule_and_framework_engineering_team/team_blog/workflow_for_insights_playbook_signing_requests
The conversion script signature will be verified by the rhc-worker-bash on the CentOS Linux host (HMS-1994).
Open questions
Chris Hambridge:
do we need any ok to use the same signing key? I know Ansible Automation Hub had to get their own key to sign certified collections.
Toshio Kuratomi:
That's a good question. Since this is piggybacking on tasks we might not need one but since tasks is becoming a container for unrelated functionality, maybe we do (or will in the future)
- is depended on by
-
HMS-2015 Create a signed script to perform a CentOS7=>RHEL7 conversion
- Closed