Add signature verification to `file.managed`/`archive.extracted` #63611

lkubb · 2023-02-02T16:16:17Z

What does this PR do?

Allows file.managed and archive.extracted to optionally require valid signatures on source files and/or source_hash files.

~~Note that this PR relies on all my previous work on the gpg modules, the diff will be much smaller once they are merged and this one is rebased:~~

#63168
#63162
#63179

All of them were merged and this is rebased.

What issues does this PR fix or reference?

Fixes: #63143

Previous Behavior

Signature validation is highly cumbersome (see linked issue)

New Behavior

Signature validation happens automatically, if requested

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Docs
Changelog - https://docs.saltproject.io/en/master/topics/development/changelog.html
Tests written/updated

Commits signed with GPG?

Yes

changelog/63143.added

salt/states/archive.py

salt/states/file.py

lkubb force-pushed the file-managed-gpg branch from e8037eb to 03efc32 Compare February 2, 2023 16:35

twangboy requested changes May 8, 2023

View reviewed changes

changelog/63143.added Outdated Show resolved Hide resolved

salt/states/archive.py Outdated Show resolved Hide resolved

salt/states/file.py Outdated Show resolved Hide resolved

lkubb mentioned this pull request Jul 26, 2023

Unbreak the gpg state module #63162

Merged

3 tasks

lkubb force-pushed the file-managed-gpg branch from 03efc32 to 2467198 Compare November 16, 2023 02:55

lkubb temporarily deployed to ci November 16, 2023 03:26 — with GitHub Actions Inactive

lkubb temporarily deployed to ci November 16, 2023 03:27 — with GitHub Actions Inactive

lkubb force-pushed the file-managed-gpg branch from 2467198 to 1369317 Compare November 16, 2023 09:08

lkubb temporarily deployed to ci November 16, 2023 09:33 — with GitHub Actions Inactive

lkubb temporarily deployed to ci November 16, 2023 09:34 — with GitHub Actions Inactive

lkubb temporarily deployed to ci November 16, 2023 09:35 — with GitHub Actions Inactive

lkubb force-pushed the file-managed-gpg branch from 1369317 to 0cc2797 Compare November 16, 2023 11:10

lkubb temporarily deployed to ci November 16, 2023 11:23 — with GitHub Actions Inactive

lkubb temporarily deployed to ci November 16, 2023 13:37 — with GitHub Actions Inactive

lkubb temporarily deployed to ci November 16, 2023 13:38 — with GitHub Actions Inactive

lkubb temporarily deployed to ci December 12, 2023 10:39 — with GitHub Actions Inactive

Merge branch 'master' into file-managed-gpg

9861906

lkubb temporarily deployed to ci December 12, 2023 17:13 — with GitHub Actions Inactive

lkubb temporarily deployed to ci December 12, 2023 17:14 — with GitHub Actions Inactive

lkubb temporarily deployed to ci December 12, 2023 19:43 — with GitHub Actions Inactive

lkubb temporarily deployed to ci December 12, 2023 20:31 — with GitHub Actions Inactive

lkubb requested a review from twangboy December 12, 2023 21:13

dwoz approved these changes Dec 16, 2023

View reviewed changes

dwoz merged commit 627b321 into saltstack:master Dec 16, 2023
515 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add signature verification to `file.managed`/`archive.extracted` #63611

Add signature verification to `file.managed`/`archive.extracted` #63611

lkubb commented Feb 2, 2023 •

edited

Loading

Add signature verification to file.managed/archive.extracted #63611

Add signature verification to file.managed/archive.extracted #63611

Conversation

lkubb commented Feb 2, 2023 • edited Loading

What does this PR do?

What issues does this PR fix or reference?

Previous Behavior

New Behavior

Merge requirements satisfied?

Commits signed with GPG?

Add signature verification to `file.managed`/`archive.extracted` #63611

Add signature verification to `file.managed`/`archive.extracted` #63611

lkubb commented Feb 2, 2023 •

edited

Loading