Uploaded image for project: 'Insights Experiences'
  1. Insights Experiences
  2. HMS-2893

Conversion script signing process

      Goal

      We need to have a documented process on how will the signing of the conversions script work - who, when and how.

      The conversion script needs to be signed to ascertain integrity of the content, that is that it hasn't been tampered with by an unauthorized actor.

      The process will likely follow the signing process used for the Remediations:
      https://source.redhat.com/groups/public/insights_rule_and_framework_engineering_team/team_blog/workflow_for_insights_playbook_signing_requests

      The conversion script signature will be verified by the rhc-worker-bash on the CentOS Linux host (HMS-1994).

      Open questions

      Chris Hambridge:
      do we need any ok to use the same signing key? I know Ansible Automation Hub had to get their own key to sign certified collections.
      Toshio Kuratomi:
      That's a good question. Since this is piggybacking on tasks we might not need one but since tasks is becoming a container for unrelated functionality, maybe we do (or will in the future)

              mbocek@redhat.com Michal Bocek
              mbocek@redhat.com Michal Bocek
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: