<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>I'm glad you wrote this; this is definitely a gap now that we're doing content protection with 3.0.</div><div><br></div><div>I filed a story to add content protection [0] and that is part of the epic [1]. In terms of how to add it, there are a few ways (at least two). I wrote them into the issue description [0] and I need feedback on how to resolve it. I wrote my recommendation on the issue here [2].</div><div><br></div><div>What do you think we should do? Comments, feedback, and ideas are welcome, please post here [0]. Thanks!<br></div><div><br></div><div>[0]: <a href="https://pulp.plan.io/issues/4181" target="_blank">https://pulp.plan.io/issues/4181</a></div><div>[1]: <a href="https://pulp.plan.io/issues/3693" target="_blank">https://pulp.plan.io/issues/3693</a></div><div>[2]: <a href="https://pulp.plan.io/issues/4181#note-3" target="_blank">https://pulp.plan.io/issues/4181#note-3</a><br></div><div><br></div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Nov 26, 2018 at 10:27 AM Jeff Ortel <<a href="mailto:jortel@redhat.com" target="_blank">jortel@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
The initial planning for lazy omitted content protection for 3.0.
Since then, we have pulled content protection back into 3.0 re:
content-guards. In pulp2, the content app redirected using a
signed-url so that clients could not circumvent content protection.
Currently in 3.0, there is nothing to keep clients from
circumventing content protection by going directly to the streamer.
Isn't this a gap?<br>
<br>
<br>
<div class="m_-9087547690338709927m_-6791072676903148688moz-cite-prefix">On 11/20/18 3:51 PM, Brian Bouterse
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>I've been developing the streamer
functionality, and it's correctly working (in my
testing) as driven from the Remote.policy
attribute. It correctly works with 'immediate',
'on_demand', and 'cache_only'. Read more about the
expected behaviors in the epic [0].<br>
</div>
<div><br>
</div>
<div># Try it out!<br>
</div>
<div>Here is the core commit needed: <a href="https://github.com/pulp/pulp/pull/3738" target="_blank">https://github.com/pulp/pulp/pull/3738</a></div>
<div>Here is the streamer you should pip install
from master: <a href="https://github.com/bmbouter/pulp_streamer" target="_blank">https://github.com/bmbouter/pulp_streamer</a></div>
<div>Here is what it looks like to port a plugin
using DeclarativeVersion, e.g. pulp_file to
support lazy: <a href="https://github.com/pulp/pulp_file/pull/132" target="_blank">https://github.com/pulp/pulp_file/pull/132</a></div>
<div><br>
</div>
<div>You'll need to configure Pulp's webserver for
streaming. I did this by exporting an environment
var to dynaconf in the same bash environment as my
django run server. Specifically I configured Pulp
to redirect to port localhost:8080/streamer/ with
this command:</div>
<div><br>
</div>
<div>export PULP_CONTENT='@json {"HOST": null,
"WEB_SERVER": "django", "REDIRECT": {"ENABLED":
true, "PORT": 8080, "HOST": "localhost",
"PATH_PREFIX": "/streamer/"}}'</div>
<div><br>
</div>
<div>Then I run the streamer (after pip installed)
with gunicorn which you also need to pip install.
Run it with:</div>
<div><br>
</div>
<div>gunicorn pulpcore.streamer:server --bind
localhost:8080 --worker-class
aiohttp.GunicornWebWorker -w 2</div>
<div><br>
</div>
<div>Then sync a pulp_file repo with
policy='on_demand' or policy='cache_only' and see
how Pulp behaves.</div>
<div><br>
</div>
<div>Feedback, ideas, concerns are welcome in any
form. Note this is still rough, and the following
are known things to be done:</div>
<div><br>
</div>
<div>* fix tests to get Travis passing<br>
</div>
<div>* docs for the streamer and for pulpcore<br>
</div>
<div>* an installer role to install the streamer</div>
<div>* integration with squid to cache lots of data
at the streamer<br>
</div>
<div>* transfer the pulp_streamer to the Pulp org on
github</div>
<div>* publish an initial release to PyPI for users
to use it</div>
<div>* write a blog post about porting to it and
using it</div>
<div>* make a demo</div>
<div><br>
</div>
<div>[0]: <a href="https://pulp.plan.io/issues/3693" target="_blank">https://pulp.plan.io/issues/3693</a></div>
<div><br>
</div>
<div>Thanks!</div>
<div>Brian<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="m_-9087547690338709927m_-6791072676903148688mimeAttachmentHeader"></fieldset>
<pre class="m_-9087547690338709927m_-6791072676903148688moz-quote-pre">_______________________________________________
Pulp-dev mailing list
<a class="m_-9087547690338709927m_-6791072676903148688moz-txt-link-abbreviated" href="mailto:Pulp-dev@redhat.com" target="_blank">Pulp-dev@redhat.com</a>
<a class="m_-9087547690338709927m_-6791072676903148688moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pulp-dev" target="_blank">https://www.redhat.com/mailman/listinfo/pulp-dev</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>
Pulp-dev mailing list<br>
<a href="mailto:Pulp-dev@redhat.com" target="_blank">Pulp-dev@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/pulp-dev" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/pulp-dev</a><br>
</blockquote></div>