Skip to content

Key alias support [RHELDST-35396] #686

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rbikar merged 3 commits into from
Dec 9, 2025
Merged

Key alias support [RHELDST-35396] #686

rbikar merged 3 commits into from
Dec 9, 2025

Conversation

@rbikar
Copy link
Member

@rbikar rbikar commented Dec 8, 2025
edited
Loading

For PQC signed RPMs (not only), Errata tool API will provide a string called
"key alias" on sig_key field in format "name1,name2,...". In order support
this following changes are now implemented:

For Errata source:

  • replace , with + in string provided from sig_key field, this is
    later provided to Koji source as a signing key argument.

For Koji source:

  • keep backwards compatible behavior for parsing signing_key argument
  • replace + with , for each value in signing_key (later used for
    path to RPM file)
  • extract signing key ID from RPM headers every time as we don't know
    whether caller passed alias or actual key ID, as the alias can be
    formed as one name only ("sig_key":"alias_name")

@rbikar rbikar marked this pull request as ready for review December 8, 2025 15:29
@rbikar
Copy link
Member Author

rbikar commented Dec 8, 2025

pre-commit issue will be fixed in #687

@rbikar rbikar requested a review from MichalHaluza December 8, 2025 15:29
rajulkumar
rajulkumar approved these changes Dec 9, 2025
View reviewed changes
@rbikar
Key alias support [RHELDST-35396]
0386b68 
For PQC signed RPMs (not only), Errata tool API will provide a string called
"key alias" on `sig_key` field in format "name1,name2,...". In order support
this following changes are now implemented:

For Errata source:
* replace `,` with `+` in string provided from `sig_key` field, this is
   later provided to Koji source as a signing key argument.

For Koji source:
* keep backwards compatible behavior for parsing `signing_key` argument
* replace `+` with `,` for each value in `signing_key` (later used for
   path to RPM file)
* extract signing key ID from RPM headers every time as we don't know
   whether caller passed alias or actual key ID, as the alias can be
   formed as one name only ("sig_key":"alias_name")
MichalHaluza
MichalHaluza reviewed Dec 9, 2025
View reviewed changes
@rbikar rbikar merged commit cac304f into release-engineering:master Dec 9, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rajulkumar rajulkumar rajulkumar approved these changes

@MichalHaluza MichalHaluza MichalHaluza approved these changes

@chandwanitulsi chandwanitulsi Awaiting requested review from chandwanitulsi chandwanitulsi is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rbikar @rajulkumar @MichalHaluza