Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

signature: add OpenPGP signing mechanism based on Sequoia #2569

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Commits on Sep 19, 2024

  1. signature: add OpenPGP signing mechanism based on Sequoia

    This adds a new OpenPGP signing mechanism based Sequoia[1]. As Sequoia
    is written in Rust and doesn't provide a stable C FFI, this
    integration uses a minimal shared library as a "point solution".
    
    To build, first follow the instruction at [2] and install
    `libpodman_sequoia.so*` into the library path, and then build with the
    following command from the top-level directory:
    
      $ make BUILDTAGS="btrfs_noversion libdm_no_deferred_remove containers_image_sequoia"
    
    Note also that, for testing on Fedora, crypto-policies settings might
    need to be modified to explictly allow SHA-1 and 1024 bit RSA, as the
    testing keys in signature/fixtures are using those legacy algorithms.
    
    1. https://sequoia-pgp.org/
    2. https://github.com/ueno/podman-sequoia
    
    Signed-off-by: Daiki Ueno <[email protected]>
    ueno committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    23fec2d View commit details
    Browse the repository at this point in the history