HPE Community
Software Defined Networking
1753259 Members
5737 Online
108792 Solutions
New Discussion

FYI: External SDN Applications and OVA file formats for the App Store

 
AndyBryant
HPE Blogger

‎09-29-2014 01:50 AM - edited ‎10-07-2014 01:09 AM

‎09-29-2014 01:50 AM - edited ‎10-07-2014 01:09 AM

FYI: External SDN Applications and OVA file formats for the App Store

Quick note on extrenal app file formats... 

 

The HP SDN App Store supports both internal apps as .zip file; and external apps as .ova packaged virtual machine images.

 

HP recommends that app developers include a EULA and sign the package (in whatever format is appropriate for that package) to give the user confidence that it has arrived without being tampered with.

 

 

External SDN apps are downloaded by the user via their web browser, then deployed as VM images to a user’s existing hypervisor.  Depending on the hypervisor, files might need converting.

 

OVA files are a single compressed archive that should contain or reference all you need to run up a VM of the app.

  

Citrix have a good overview of the OVA file format here

http://support.citrix.com/article/CTX121652

 

and I found the VMware OVFtool user guide here

https://www.vmware.com/support/developer/ovf/

 

Beyond OVA

Whilst the system is designed for hosting VM images, if you need to publish as an archive to be installed to a specific linux distribution (e.g. debian, rpm), this is possible (as long as you don't use a .zip archive).  We currently support .deb, which is already archived; but beyond that and if you need to include multiple files, I would recommend .tgz.

 

Signing RPM files

ISV will first need to create a public key

gpg --gen-key

 

and then to sign their rpm file

rpm --addsign package.rpm

 

which they’ll need to share the keyfile somehow…  I think the best solution for this is for ISV to host it on a website and provide the URL to it on the AppStore.  Then the user can see they’re downloading it from ISV (not HP). 

 

User then downloads the key file – and installs it into their system. 

rpm --import key_file

 

Once done, they can then use RPM to check the signature of the file they downloaded from the App Store.

# rpm --checksig xtoolwait-1.3-3.src.rpm

xtoolwait-1.3-3.src.rpm: (sha1) dsa sha1 md5 gpg OK

 

I think this does the same

rpm -K package.rpm

 

More links

https://wiki.archlinux.org/index.php/DeveloperWiki:Package_signing#Red_Hat.2FFedora.2FCentOS

http://www.slideshare.net/skalaivanibutp/rpm-red-hat-package-manager

http://blog.christian-stankowic.de/?p=5807&lang=en

http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch11s04.html

https://www.gnupg.org/download/

  

 

Please feel free to add to this thread with additional information that you think other developers may find of use.

 

HPE WW Telco Marketing / @AndyTelco
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.