Collection of tools producing signed artifacts

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for midnightercz from gravatar.com midnightercz

Unverified details

These details have not been verified by PyPI
Meta

License: MIT License

Author: Jindrich Luza

Requires: Python >=3.7

Provides-Extra: dev

Classifiers

Project description

Set of scripts used for signing artifacts via configured signers

Requirements

  • Python 3.7+

Features

  • pubtools-sign

  • pubtools-sign-clearsign

  • pubtools-sign-containersign

Setup

$ pip install -r requirements.txt
$ pip install .
or
$ python setup.py install

Usage

$ pubtools-sign --help
$ pubtools-sign-clearsign --help
$ pubtools-sign-containersign --help

Configuration

Configuration is done via a yaml file. The default location is ~/.config/.pubtools-sign/conf.yaml or /etc/pubtools-sign/conf.yaml. You can also specify a custom location via the –config argument. The configuration file is divided into sections, each section is a signer. Each signer has a set of attributes that are used to configure the signer Conf.yaml has following structure::

msg_signer:
  messaging_brokers:
    - <protocol://<host>:<port> for messaging broker
  messaging_cert_key: <path to messaging client key + certificate in PEM format>
  messaging_ca_cert: <path to CA certificate bundle>
  topic_send_to: topic://<topic> - topic where to send signing requests
  topic_listen_to: queue://<queue> - queue where to listen for answers from signing server. Supported templating variables: {creator - UID from client cert}, {task_id}
  environment: <env> - environment attribute which is included in signing request
  service: <service> - service attribute which is included in signing request
  timeout: <int> - timeout for signing request
  retries: <int> - number of retries for receiving signing responses from messaging brokers
  send_retries: <int> - number of retries for whole send + receive cycle
  message_id_key: <id> - attribute in message response used as unique identifier for signing request
  log_level: <level> - log level for pubtools-sign
cosign_signer:
  rekor_url: <rekor-url>
  upload_tlog: <true|false>
  registry_user: <user> - used to login to registry where images will be signed
  registry_password: <password>
  env_variables:
    <key>: <val> - mapping of environment variables used in signing process. This can be used for example for AWS setup
  key_aliases:
    <alias>: <key> - mapping of key aliases to actual keys. When passing alias as signing key, <key> is used instead. This
                     way you cna define for example "prod-key" alias and have different real keys for different signers

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for midnightercz from gravatar.com midnightercz

Unverified details

These details have not been verified by PyPI
Meta

License: MIT License

Author: Jindrich Luza

Requires: Python >=3.7

Provides-Extra: dev

Classifiers

Release history Release notifications | RSS feed

This version

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pubtools_sign-0.0.9.tar.gz (45.1 kB view hashes)

Uploaded Source

Built Distribution

pubtools_sign-0.0.9-py3-none-any.whl (32.0 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page