canonical · swetha1654 · Jan 20, 2025 · Jan 15, 2025 · Jan 15, 2025 · Jan 15, 2025
@@ -11,10 +11,15 @@ header:
     - '.github/**'
     - '**/*.json'
     - '**/*.md'
+    - '**/*.conf'
     - '**/*.txt'
+    - '**/*.sh'
     - '.jujuignore'
     - '.gitignore'
     - '.licenserc.yaml'
+    - '.trivyignore'
+    - '.woke.yaml'
+    - '.woke.yml'
     - 'CODEOWNERS'
     - 'LICENSE'
     - 'trivy.yaml'

@@ -0,0 +1,3 @@
+GHSA-9763-4f94-gfch
+CVE-2024-45337  
+CVE-2024-45338
@@ -0,0 +1,3 @@
+rules:
+# Ignore "blacklist" - since the hockeypuck binaries look for this configuation option
+  - name: blacklist
@@ -2,10 +2,49 @@
 # See LICENSE file for licensing details.
 
 type: charm
-bases:
-  - build-on:
-    - name: ubuntu
-      channel: "22.04"
-    run-on:
-    - name: ubuntu
-      channel: "22.04"
+name: hockeypuck-k8s
+title: Hockeypuck K8S Charm
+summary: Hockeypuck OpenPGP public keyserver
+links:
+  documentation: https://github.com/canonical/hockeypuck-k8s-operator/blob/main/README.md
+  issues: https://github.com/canonical/hockeypuck-k8s-operator/issues
+  source: https://github.com/canonical/hockeypuck-k8s-operator
+  contact: https://launchpad.net/~canonical-is-devops
+
+description: |
+  A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators)
+  for deploying and managing [Hockeypuck](https://hockeypuck.io/) on Kubernetes. Hockeypuck is an
+  OpenPGP public keyserver tool used to manage public key infrastructure for PGP 
+  (Pretty Good Privacy). PGP is a system for securing communication through encryption and 
+  digital signatures.
+
+  The server provides interfaces to add, look up, replace and delete public keys from the 
+  keyserver. Hockeypuck can synchronize public key material with SKS (Synchronizing Key Server) 
+  and other Hockeypuck servers. It implements the HTTP Keyserver Protocol and the SKS database 
+  reconciliation protocol.
+
+  For DevOps and SRE teams, this charm will make operating Hockeypuck simple and straightforward
+  through Juju's clean interface.
+
+assumes:
+  - juju >= 3.1
+  - k8s-api
+
+containers:
+  hockeypuck:
+    resource: hockeypuck-image
+
+resources:
+  hockeypuck-image:
+    type: oci-image
+    description: OCI image for Hockeypuck
+
+requires:
+  database:
+    interface: postgresql_client
+    limit: 1
+
+base: [email protected]
+build-base: [email protected]
+platforms:
+  amd64:
diff --git a/hockeypuck_rock/hockeypuck.conf.tmpl b/hockeypuck_rock/hockeypuck.conf.tmpl
@@ -30,7 +30,7 @@ blacklist=[
 
 [hockeypuck.openpgp.db]
 driver="postgres-jsonb"
-dsn="database=hkp host=${POSTGRES_HOST} user=${POSTGRES_USER} password=${POSTGRES_PASSWORD} port=${POSTGRES_PORT} sslmode=disable"
+dsn="database=hockeypuck host=${POSTGRES_HOST} user=${POSTGRES_USER} password=${POSTGRES_PASSWORD} port=${POSTGRES_PORT} sslmode=disable"
 
 [hockeypuck.conflux.recon]
 allowCIDRs=["127.0.0.1/8"]
@@ -41,4 +41,4 @@ path="/hockeypuck/data/ptree"
 # Gossip peers
 #[hockeypuck.conflux.recon.partner.keyserver_example_com]
 #httpAddr="keyserver.example.com:11371"
-#reconAddr="keyserver.example.com:11370"
+#reconAddr="keyserver.example.com:11370"
diff --git a/hockeypuck_rock/hockeypuck_wrapper.sh b/hockeypuck_rock/hockeypuck_wrapper.sh
@@ -1,18 +1,15 @@
-# Copyright 2025 Canonical Ltd.
-# See LICENSE file for licensing details.
-
 #!/bin/bash
 
 TEMPLATE_FILE="/hockeypuck/etc/hockeypuck.conf.tmpl"
 OUTPUT_FILE="/hockeypuck/etc/hockeypuck.conf"
 
 if [[ ! -f $TEMPLATE_FILE ]]; then
-    echo "Template file $TEMPLATE_FILE not found."
+    echo "Template file $TEMPLATE_FILE not found." >&2
     exit 1
 fi
 
 envsubst < "$TEMP_FILE" > "$OUTPUT_FILE"
 
 echo "Substitution complete. Output written to $OUTPUT_FILE."
 
-exec /hockeypuck/bin/hockeypuck -config $OUTPUT_FILE
+exec /hockeypuck/bin/hockeypuck -config $OUTPUT_FILE
@@ -6,10 +6,9 @@ base: [email protected]
 version: 0.1
 summary: Hockeypuck is an OpenPGP public keyserver.
 description: |
-  Hockeypuck is an openPGP public keyserver or a software tool
-  used to manage public key infrastructure for PGP (Pretty Good Privacy),
-  which is a system for securing communication through encryption and
-  digital signatures.
+  Hockeypuck is an OpenPGP public keyserver tool used to manage public key 
+  infrastructure for PGP (Pretty Good Privacy). PGP is a system for securing 
+  communication through encryption and digital signatures.
 platforms:
   amd64:
     build-on:
@@ -40,4 +39,4 @@ parts:
       hockeypuck.conf.tmpl: hockeypuck/etc/hockeypuck.conf.tmpl
       hockeypuck_wrapper.sh: hockeypuck/bin/hockeypuck_wrapper.sh
     prime:
-    - hockeypuck/*
+    - hockeypuck/*
@@ -1,13 +1,19 @@
 # Copyright 2025 Canonical Ltd.
 # See LICENSE file for licensing details.
 
-"""Fixtures for charm tests."""
+"""Fixtures for hockeypuck-k8s tests."""
 
+import pytest
 
-def pytest_addoption(parser):
+
+def pytest_addoption(parser: pytest.Parser):
     """Parse additional pytest options.
 
     Args:
         parser: Pytest parser.
     """
-    parser.addoption("--charm-file", action="store")
+    # The prebuilt charm file.
+    parser.addoption("--charm-file", action="append", default=[])
+    # The Hockeypuck image name:tag.
+    parser.addoption("--hockeypuck-image", action="store", default="")
+    # The path to kubernetes config.