Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing task doesn't properly use the MANIFEST.json file for the signature creation. #841

Closed
gerrod3 opened this issue Feb 17, 2022 · 0 comments · Fixed by #843
Closed

Signing task doesn't properly use the MANIFEST.json file for the signature creation. #841

gerrod3 opened this issue Feb 17, 2022 · 0 comments · Fixed by #843
Assignees
@gerrod3
Labels
GalaxyNG Issue Triage-Needed

Comments

@gerrod3
Copy link
Contributor

gerrod3 commented Feb 17, 2022

Version
pulpcore 3.17+, ansible- 0.12.0

Describe the bug
The current implementation of the signature task doesn't properly extract the current MANIFEST.json file from the collection tarball and use that to create that collection's signature. Instead it uses the manifest field on the collection-version's model and dumps the json to a temporary file and signs that. However, the json dumping of the manifest field could create a file with completely different formatting compared to the original MANIFEST.json file and thus produce an invalid signature. The signature task should use the exact MANIFEST.json file that the ansible-galaxy-cli will use for its verification.
@gerrod3 gerrod3 self-assigned this Feb 17, 2022
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
ce2dcb5 
fixes: pulp#841
@gerrod3 gerrod3 mentioned this issue Feb 23, 2022
Merged
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
c780dd1 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
3b90efe 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
9c43133 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
2d7eb0e 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
cac9d18 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 23, 2022
@gerrod3
Fix improper signatures
afec30b 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 24, 2022
@gerrod3
Fix improper signatures
61b90c7 
fixes: pulp#841
gerrod3 added a commit to gerrod3/pulp_ansible that referenced this issue Feb 24, 2022
@gerrod3
Fix improper signatures
482ed4f 
fixes: pulp#841
mdellweg pushed a commit that referenced this issue Feb 24, 2022
@gerrod3 @mdellweg
Fix improper signatures
77537cc 
fixes: #841
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gerrod3 gerrod3

Labels
GalaxyNG Issue Triage-Needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix improper signatures gerrod3/pulp_ansible
1 participant
@gerrod3