Impossible to provide keyring file via UI when using custom image source
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MAAS | Status tracked in 3.6 | |||||
3.5 |
Won't Fix
|
Low
|
Unassigned | |||
3.6 |
Triaged
|
Low
|
Unassigned | |||
maas-ui |
Triaged
|
Low
|
Unassigned |
Bug Description
In the "Choose [image] source" dialog, "Keyring data" field under advanced options is treated by MAAS as the actual kerying file content (== raw bytes without any encoding). This prevents users from adding signed custom image sources in UI without having to upload the keyring file to the region controller first.
There are multiple fixes that could be implemented:
1. Change the type of the field in MAAS UI, change the backend handling accordingly (if necessary at all: the current implementation simply dumps the contents of this field to the keyring file that then is used with `gpgv`).
2. Treat input as base64, decoding it before dumping the contents. Probably a viable solution, but seems more complicated from the user experience perspective (one should generate keyring file, then base64-encode it and then copy-and-paste it to the UI). Beware that CLI might be affected by the changes.
3. Ask for armor-exported keys instead of a keyring file. Simpler to validate, but adds more moving parts (MAAS will have to handle kerying generation on its own)
4. Get rid of keyring-related fields, asking whether the user trusts keys that were used to sign simplestreams contents. Very complicated to implement properly.
Changed in maas: | |
importance: | Undecided → Low |
Changed in maas-ui: | |
status: | New → Triaged |
milestone: | none → 3.5.0 |
importance: | Undecided → Low |
Changed in maas: | |
milestone: | 3.5.0 → 3.5.x |
Changed in maas-ui: | |
milestone: | 3.5.0 → 3.5.x |
Changed in maas-ui: | |
milestone: | 3.5.x → 3.6.x |
Also, the current field description is somewhat misleading