OpenStack Compute (nova)

Cleanup of signature_utils code

Registered by Dane Fichter

Glance and Nova contain nearly identical digital signature modules. In order to reduce the effort required to maintain this code and to eliminate the possibility that the modules diverge, we propose removing this code and instead using the cursive library. The cursive library is a Stackforge project which implements OpenStack-specific verification of digital signatures.

We are targeting this cleanup for the Ocata-1 sprint.

Relevant links:

Bug report: https://bugs.launchpad.net/nova/+bug/1528349
Cursive library: https://launchpad.net/cursive

Blueprint information

Status:
Complete
Approver:
Matt Riedemann
Priority:
Low
Drafter:
Dane Fichter
Direction:
Approved
Assignee:
Dane Fichter
Definition:
Approved
Series goal:
Accepted for pike
Implementation:
Implemented
Milestone target:
milestone icon pike-1
Started by
Dane Fichter
Completed by
Matt Riedemann

Related branches

Sprints

Whiteboard

WIP patch: https://review.openstack.org/#/c/351232/

Gerrit topic: https://review.openstack.org/#q,topic:bug/1528349,n,z

Addressed by: https://review.openstack.org/351232
    Use cursive for signature verification

I'm going to approve this for Pike as a code cleanup effort so we reduce duplication of efforts between nova and glance. There is CI testing on this code path in the nova experimental queue now too:

http://logs.openstack.org/32/351232/11/experimental/gate-barbican-simple-crypto-dsvm-tempest-nova-ubuntu-xenial-nv/1664d5d/console.html#_2017-03-14_19_17_45_238336

http://git.openstack.org/cgit/openstack/barbican-tempest-plugin/tree/barbican_tempest_plugin/tests/scenario/test_image_signing.py

-- mriedem 20170315

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.