[PATCH 1/2] schema: enforce singer config constraints via schema
1 view
Skip to first unread message
Felix Moessbauer
Apr 30, 2026, 6:15:11 AM (10 days ago) Apr 30
to kas-...@googlegroups.com, jan.k...@siemens.com, Felix Moessbauer
The signer configuration has various constraints (like if a gpg server
is configured, the key fingerprint must be provided as well). To harden
the configuration against split-brain cases, we now enforce these
constraints via the schema.
By that, we also document, that this part cannot be split across
multiple configuration files.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/userguide/project-configuration.rst | 3 ++-
kas/schema-kas.json | 14 ++++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/docs/userguide/project-configuration.rst b/docs/userguide/project-configuration.rst
index 37fecdbac..04c887b54 100644
--- a/docs/userguide/project-configuration.rst
+++ b/docs/userguide/project-configuration.rst
@@ -464,7 +464,8 @@ Configuration reference
This dict contains the public keys or certificates that are used to verify
the authenticity of the repositories. In case of GPG keys, these are made
available to the build environment as well by pointing the ``GNUPGHOME``
- environment variable to the local keystore.
+ environment variable to the local keystore. A single signer configuration
+ must not be split across multiple config files.
``<signer_id>``: dict [optional]
:kasschemadesc:`signers.additionalProperties`
diff --git a/kas/schema-kas.json b/kas/schema-kas.json
index ba9a583c6..1193d61ce 100644
--- a/kas/schema-kas.json
+++ b/kas/schema-kas.json
@@ -385,6 +385,20 @@
"type": "object",
"description": "Pairs of name and location of a public key or certificate. The name is used to reference the entry in the repository configuration.",
"additionalProperties": false,
+ "anyOf": [
+ {"required": ["path"]},
+ {"required": ["gpg_keyserver"]}
+ ],
+ "allOf": [
+ {
+ "if": {"required": ["path"]},
+ "then": {"required": ["repo"]}
+ },
+ {
+ "if": {"required": ["gpg_keyserver"]},
+ "then": {"required": ["fingerprint"]}
+ }
+ ],
"properties": {
"type": {
"description": "Type of the cryptographic material.",
--
2.53.0
is configured, the key fingerprint must be provided as well). To harden
the configuration against split-brain cases, we now enforce these
constraints via the schema.
By that, we also document, that this part cannot be split across
multiple configuration files.
Signed-off-by: Felix Moessbauer <felix.mo...@siemens.com>
---
docs/userguide/project-configuration.rst | 3 ++-
kas/schema-kas.json | 14 ++++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/docs/userguide/project-configuration.rst b/docs/userguide/project-configuration.rst
index 37fecdbac..04c887b54 100644
--- a/docs/userguide/project-configuration.rst
+++ b/docs/userguide/project-configuration.rst
@@ -464,7 +464,8 @@ Configuration reference
This dict contains the public keys or certificates that are used to verify
the authenticity of the repositories. In case of GPG keys, these are made
available to the build environment as well by pointing the ``GNUPGHOME``
- environment variable to the local keystore.
+ environment variable to the local keystore. A single signer configuration
+ must not be split across multiple config files.
``<signer_id>``: dict [optional]
:kasschemadesc:`signers.additionalProperties`
diff --git a/kas/schema-kas.json b/kas/schema-kas.json
index ba9a583c6..1193d61ce 100644
--- a/kas/schema-kas.json
+++ b/kas/schema-kas.json
@@ -385,6 +385,20 @@
"type": "object",
"description": "Pairs of name and location of a public key or certificate. The name is used to reference the entry in the repository configuration.",
"additionalProperties": false,
+ "anyOf": [
+ {"required": ["path"]},
+ {"required": ["gpg_keyserver"]}
+ ],
+ "allOf": [
+ {
+ "if": {"required": ["path"]},
+ "then": {"required": ["repo"]}
+ },
+ {
+ "if": {"required": ["gpg_keyserver"]},
+ "then": {"required": ["fingerprint"]}
+ }
+ ],
"properties": {
"type": {
"description": "Type of the cryptographic material.",
--
2.53.0
Jan Kiszka
Apr 30, 2026, 8:01:11 AM (10 days ago) Apr 30
to Felix Moessbauer, kas-...@googlegroups.com
code, shouldn't it?
Jan
> "properties": {
> "type": {
> "description": "Type of the cryptographic material.",
--
Linux Expert Center
MOESSBAUER, Felix
Apr 30, 2026, 8:29:27 AM (10 days ago) Apr 30
to Kiszka, Jan, kas-...@googlegroups.com
Yes, we could drop these. But this would couple the keyhandler class
tightly with the schema - which could be OK, as the config is already
coupled with the schema.
I'm not sure if we really want to drop them.
Felix
Jan Kiszka
Apr 30, 2026, 8:35:17 AM (10 days ago) Apr 30
to Moessbauer, Felix (FT RPD CED OES-DE), kas-...@googlegroups.com
Jan
Reply all
Reply to author
Forward
0 new messages