-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add delegation #611
Add delegation #611
Conversation
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
roughly looking good to me!
func KeyPOPSign() *ffcli.Command { | ||
var ( | ||
flagset = flag.NewFlagSet("tuf key-pop-sign", flag.ExitOnError) | ||
challenge = flagset.String("challenge", "", "the challenge to sign, for a delegate this is the delegate name") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this makes sense? It's the unique delegation rolename, which we want the signer to attest "posession" over.
as specified in the delegated role. Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you like to move this out of draft and merge this first? I think we can split out the delegation target creation / signing to another PR
@asraa it's done. I think It should be in a good case. And as you said, we can work on the outstanding things in a different PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Summary
Fixes: #601
Some comments:
To simplify operation I made proof of possession as separate commands, as that typically happens less frequent, and with multiple keys in the delegate, it will be a pain to manage the command line options for it.
Release Note
N/A
Documentation
TBD