New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenPGP key support #5133
base: main
Are you sure you want to change the base?
OpenPGP key support #5133
Conversation
This adds a repository type as a keyring and content types to handle keys, keyids and key signatures. fixes pulp#3024
} | ||
|
||
|
||
def packet_iter(data): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, this appears to be a de-novo implementation of PGP packet parsing that we'd be on the hook to maintain. Is that 100% necessary? And if so, why?
Is it at all possible to use an existing maintained library such as sequoia-pgp (via pysequoia)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think i looked for such things and none really ticked all the boxes (It's been a while though).
About pysequoia (from their pypi representation):
Note: This is a work in progress. The API is not stable!
Note that since pysequoia is implemented largely in Rust, a [Rust toolchain](https://rustup.rs/) is necessary for the installation to succeed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that since pysequoia is implemented largely in Rust, a Rust toolchain is necessary for the installation to succeed.
This part at least would be nothing new for us, several of our deps already check this box. (py)cryptography
and json-stream-rs-tokenizer
(transitive dep via json-stream
) for instance. I think there were maybe one or two others.
Note: This is a work in progress. The API is not stable!
True, but this note is also a few years old, and the API doesn't seem to be particularly unstable. In a tradeoff between occasionally needing to tweak a few lines vs. maintaining a parser implementation for cryptography... my personal preference would be the former.
rpm
uses sequoia-pgp
(though not via Python) so the quality of the underlying implementation is already trusted so far as Red Hat is concerned. One of the primary authors is the maintainer of the crypto subsystem of the linux kernel.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What i still don't see (from looking at their README) is a way to disassemble the bytestream into openpgp packets which we want to store individually. But i should take a closer look.
This adds a repository type as a keyring and content types to handle keys, keyids and key signatures.
fixes #3024