You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be useful for us to have unsigned manifests.
This would allow us to remove the signing step from the cvmfs_receiver critical path, and also remove the operational need to maintain and rotate certs.
Proposal:
Add a configuration option CVMFS_NO_MANIFEST_SIGNATURE_CHECK that will cause manifest validation
to unconditionally skip signature validation, (avoiding the fetch of .cvmfswhitelist, and the X field object).
Add a configuration option CVMFS_NO_SIGN_MANIFEST that will cause publishing pathways to avoid performing any signing of new manifests, producing a manifest with no X field or signature block, and not trying any X object upload.
The text was updated successfully, but these errors were encountered:
It would be useful for us to have unsigned manifests.
This would allow us to remove the signing step from the cvmfs_receiver critical path, and also remove the operational need to maintain and rotate certs.
Proposal:
CVMFS_NO_MANIFEST_SIGNATURE_CHECKthat will cause manifest validationcvmfs/cvmfs/manifest_fetch.cc
Line 30 in 2333588
to unconditionally skip signature validation, (avoiding the fetch of .cvmfswhitelist, and the X field object).
CVMFS_NO_SIGN_MANIFESTthat will cause publishing pathways to avoid performing any signing of new manifests, producing a manifest with no X field or signature block, and not trying any X object upload.The text was updated successfully, but these errors were encountered: