Add support for overwrite when adding content#1458
Draft
daviddavis wants to merge 9 commits into
Draft
Conversation
Assisted By: GPT-5.1-Codex fixes pulp#1300
Assisted By: GPT-5.1-Codex fixes pulp#1300
Add support for release overrides to signed_add_and_remove
Assisted By: Claude Sonnet 4.5
Switch package_signing_fingerprint fields from raw 40-char hex strings to a prefixed format (e.g. 'v4:<hex>' or 'keyid:<hex>'). This allows the signing system to distinguish between fingerprint types. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add an ArrayField to BasePackage (Package and InstallerPackage) that records which key fingerprints were used to sign the package. The field is read-only, null by default, and populated with a fingerprint when a package is signed via upload or repository modify. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Previously, we were checking package signatures against the package signing service's key fingerprint to see if they were already signed by the repo's package signing service. Instead the check should be using the repo's package signing fingerprint. For this fix, we extract the signature and use `gpg --list-packets` to find the package's fingerprint, which is compared against the repo fingerprint. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
ruff was introduced to pulp_deb and needs to run against the new package signing code.
Contributor
Author
|
This PR includes the changes from the package signing PR. Only the last commit is new. |
Plumb the new pulpcore `overwrite` parameter to sign_and_create and signed_add_and_remove and override AptRepository.check_content_overwrite to exempt incoming packages already in the version that were produced by the signing workflow (tracked via DebPackageSigningResult).
daviddavis
force-pushed
the
signing-overwrite-noop
branch
from
22e7906 to
82a7ee4
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Plumb the new pulpcore
overwriteparameter to sign_and_create and signed_add_and_remove and override AptRepository.check_content_overwrite to exempt incoming packages already in the version that were produced by the signing workflow (tracked via DebPackageSigningResult).