add a simple tool to sign the manifest files #1010
Conversation
shadeofblue
force-pushed
the
blue/sign-manifest
branch
from
c83c2a0
to
3bf6362
Compare
| dest="key", | ||
| required=True, | ||
| type=Path, | ||
| help="JSON file containing the manifest to be signed.", |
There was a problem hiding this comment.
help text should probably be different (it's the same as for manifest)
| VM_CAPS_VPN: str = "vpn" | ||
| VM_CAPS_VPN: Final[str] = "vpn" | ||
| VM_CAPS_MANIFEST: Final[str] = "manifest-support" | ||
| VM_CAPS_INET: Final[str] = "inet" | ||
|
|
||
| VmCaps = Literal["vpn", "inet", "manifest-support"] |
There was a problem hiding this comment.
Should we use the variables above in defining the VmCaps variable?
| @@ -23,16 +23,15 @@ | |||
| class ApiCallService(Service): | |||
| @staticmethod | |||
| async def get_payload(): | |||
| manifest = open("manifest.json", "rb").read() | |||
| manifest = base64.b64encode(manifest).decode("utf-8") | |||
| manifest = open("manifest.json.base64", "rb").read().decode("utf-8") | |||
There was a problem hiding this comment.
Should we add checks if this file (and maybe the files below) exists and is in the correct format (base64)?
|
|
||
| manifest_sig = open("manifest.json.base64.sign.sha256", "rb").read() | ||
| manifest_sig = base64.b64encode(manifest_sig).decode("utf-8") | ||
|
|
||
| manifest_sig_algorithm = "sha256" | ||
|
|
||
| # both DER and PEM formats are supported | ||
| manifest_cert = open("requestor.cert.der", "rb").read() | ||
| manifest_cert = open("certs/foo_req.cert.pem", "rb").read() |
There was a problem hiding this comment.
It does not matter, but do want to commit this foo_req.cert.pem name and leave it in git history?
| authors = ["GolemFactory <contact@golem.network>"] | ||
| license = "GPL v3" | ||
| readme = "README.md" | ||
| packages = [{include = "sign_manifest"}] |
There was a problem hiding this comment.
It is useful to point out to user how they can sign manifest.json in a build process, but I always thought we will publish external-api-request with a signature under source control.
The goal of the example will be to show working example of an outbound network request. In order to be able to run it we need providers with Golem certificate. In order to sign example's manifest.json we would need to share with user one of Golem's private keys. We do not plan to commit private keys into source control.
| ) | ||
| parser.add_argument( | ||
| "-f", | ||
| "-format", |
There was a problem hiding this comment.
-f -format arg is a bit unnecessary and makes example more complicated.
In general having any utility code in yapapi examples feels like admitting to a defeat when it comes to usability.
|
waits for release, then to be discussed with Core |
No description provided.