Merge lp:~jason-hobbs/maas/use-key-text into lp:~maas-committers/maas/trunk
Proposed by
Jason Hobbs
Status: | Merged |
---|---|
Approved by: | Jason Hobbs |
Approved revision: | no longer in the source branch. |
Merged at revision: | 2262 |
Proposed branch: | lp:~jason-hobbs/maas/use-key-text |
Merge into: | lp:~maas-committers/maas/trunk |
Diff against target: |
202 lines (+98/-37) 4 files modified
contrib/preseeds_v2/generic (+58/-6) etc/maas/drivers.yaml (+8/-1) src/maasserver/tests/test_third_party_drivers.py (+5/-26) src/maasserver/third_party_drivers.py (+27/-4) |
To merge this branch: | bzr merge lp:~jason-hobbs/maas/use-key-text |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andres Rodriguez (community) | Approve | ||
Review via email: mp+215517@code.launchpad.net |
Commit message
Insert the repository key directly into the yaml and preseed rather than retrieving it insecurely over http. This prevents MITM attacks when adding packages from the repository.
To post a comment you must log in.
* hard coded 'trusty' seems wrong in multiple places setup/local0/ key
* you replaced what *was* a public key in
apt-
with a keyring. Does something under the covers just handle either?
Will updates to that repo work ? ie, will the key be installed
into the target system properly?
* test "$expected_sha256" = "$actual_sha256"
no one is going to be able to look at a log and see what went wrong here
this is repeated line again with the udeb.
* it'd be nice to have some doc on how you make a keyring from a key
to reduce the unfriendly binary content in the drivers.yaml file.
Also, info on how to list what key is in that keyring.
* i wonder if upgrades work (replacement of 'key' and 'key_binary' in third_party_ drivers. py)
* modprobe <driver>
what if the driver is already loaded ? (which is likely if the booted kernel
contains this driver).