-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add a simple tool to sign the manifest files #1010
base: master
Are you sure you want to change the base?
Conversation
c83c2a0
to
3bf6362
Compare
dest="key", | ||
required=True, | ||
type=Path, | ||
help="JSON file containing the manifest to be signed.", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
help text should probably be different (it's the same as for manifest
)
VM_CAPS_VPN: str = "vpn" | ||
VM_CAPS_VPN: Final[str] = "vpn" | ||
VM_CAPS_MANIFEST: Final[str] = "manifest-support" | ||
VM_CAPS_INET: Final[str] = "inet" | ||
|
||
VmCaps = Literal["vpn", "inet", "manifest-support"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use the variables above in defining the VmCaps
variable?
@@ -23,16 +23,15 @@ | |||
class ApiCallService(Service): | |||
@staticmethod | |||
async def get_payload(): | |||
manifest = open("manifest.json", "rb").read() | |||
manifest = base64.b64encode(manifest).decode("utf-8") | |||
manifest = open("manifest.json.base64", "rb").read().decode("utf-8") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add checks if this file (and maybe the files below) exists and is in the correct format (base64)?
|
||
manifest_sig = open("manifest.json.base64.sign.sha256", "rb").read() | ||
manifest_sig = base64.b64encode(manifest_sig).decode("utf-8") | ||
|
||
manifest_sig_algorithm = "sha256" | ||
|
||
# both DER and PEM formats are supported | ||
manifest_cert = open("requestor.cert.der", "rb").read() | ||
manifest_cert = open("certs/foo_req.cert.pem", "rb").read() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It does not matter, but do want to commit this foo_req.cert.pem
name and leave it in git history?
authors = ["GolemFactory <contact@golem.network>"] | ||
license = "GPL v3" | ||
readme = "README.md" | ||
packages = [{include = "sign_manifest"}] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is useful to point out to user how they can sign manifest.json
in a build process, but I always thought we will publish external-api-request
with a signature under source control.
The goal of the example will be to show working example of an outbound network request. In order to be able to run it we need providers with Golem certificate. In order to sign example's manifest.json
we would need to share with user one of Golem's private keys. We do not plan to commit private keys into source control.
) | ||
parser.add_argument( | ||
"-f", | ||
"-format", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-f -format
arg is a bit unnecessary and makes example more complicated.
In general having any utility code in yapapi
examples feels like admitting to a defeat when it comes to usability.
waits for release, then to be discussed with Core |
No description provided.