Implement signing service

Now that we have an agreed design for the signing service (#272 (closed), !616 (merged)), we need to implement it:

Add database models (!883 (merged))
Allow configuring workers to require HTTPS (!895 (merged))
Define new worker and task types (!896 (merged))
Adjust behaviour of debusine-admin list_workers and debusine-admin manage_worker (!896 (merged))
Add base signing task (!897 (merged))
Add debusine:signing-key artifact and GenerateKey task (!898 (merged))
Support running signing tasks from signing workers (!900 (merged))
Send worker type when registering a worker (!903 (merged))
Add debusine-signing generate_service_key command (!906 (merged))
Add a separate debusine.signing Django project (!907 (merged))
Add debusine-signing signing_worker command (!909 (merged))
Use HTTPS in integration tests (!910 (merged))
Add debusine:signing-input and debusine:signing-output artifacts, and Sign task (!911 (merged))
Add debian:suite-signing-keys collection (!912 (merged))
Add systemd service and packages for signing worker (!913 (merged))
Add documentation for signing worker (!914 (merged))
Add unit and integration tests for signing worker (!920 (merged))
Only depend on sbsigntool on architectures that have it (!922 (merged))
Add AssembleSignedSource task (!953 (merged))
Add design for ExtractForSigning task (!966 (merged))
Add ExtractForSigning task (!981 (merged))

Edited Jul 11, 2024 by Colin Watson

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Assignee Loading

Time tracking Loading