F36 Change: Keylime subpackaging and agent alternatives (Self-Contained Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://fedoraproject.org/wiki/Changes/Keylime_subpackaging_and_agent_alternatives

== Summary ==
The [https://src.fedoraproject.org/rpms/keylime keylime] package will
be split into subpackages per role (agent, registrar, verifier, and
admin components), while allowing the alternative agent implementation
in Rust.

== Owner ==
* Name: [[User:Scorreia| Sergio Correia]]
* Email: scorreia@xxxxxxxxxx

* Name: [[User:Ueno| Daiki Ueno]]
* Email: dueno@xxxxxxxxxx


== Detailed Description ==
The current [https://keylime.dev/ Keylime] package available in Fedora
provides all the components as a single package. To support the usage
scenarios where only agent or management component is deployed on a
specific host, we plan to split the package into subpackages per role.
This change also enables the alternative Keylime agent implementation
in Rust, which will eventually be preferred over the Python
implementation.


== Benefit to Fedora ==
This makes it easier to deploy Keylime agent in IoT or Fedora CoreOS
spins and thus enable remote attestation without installing full
dependencies of Keylime.

== Scope ==
* Proposal owners:
** The keylime package will provide subpackages (keylime-agent,
keylime-registrar, etc)
** The keylime package will be a meta package that will install all
the subpackages
** The Rust based [https://github.com/keylime/rust-keylime agent] will
be packaged along with its build dependencies
** Both keylime-agent implementations, one written in Python, the
other written in Rust, will be selectively installable through
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Alternatives/
alternatives] or a similar mechanism

* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issues #Releng issue
number] N/A (not a System Wide Change)
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:


== Upgrade/compatibility impact ==

The keylime package will remain as a meta package for the
compatibility with the current packaging.

== How To Test ==
# Make sure that your systems meet the requirement to run either
Keylime agent or other components, as described in the
[https://keylime-docs.readthedocs.io/en/latest/ documentation]
# Install the subpackages individually and see if they function as expected
# Install the meta package (keylime) and see if it pulls all the subpackages
# Selectively install a package that provides the keylime-agent
functionality: either rust-keylime_agent (Rust-based) or
(python-)keylime-agent (Python-based), and see if they do not
interfere with each other
# If alternatives is used, check that both packages can simultaneously
exist on the same system and the user can switch the implementation
with the alternative --set command

== User Experience ==
No visible change should be observed by the existing users.

== Dependencies ==
N/A (not a System Wide Change)

== Contingency Plan ==
* Contingency mechanism: (What to do?  Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? No

== Documentation ==
N/A (not a System Wide Change)

-- 
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux