Software Defined Networking

FYI: External SDN Applications and OVA file formats for the App Store

HPE Blogger

FYI: External SDN Applications and OVA file formats for the App Store

Quick note on extrenal app file formats... 


The HP SDN App Store supports both internal apps as .zip file; and external apps as .ova packaged virtual machine images.


HP recommends that app developers include a EULA and sign the package (in whatever format is appropriate for that package) to give the user confidence that it has arrived without being tampered with.



External SDN apps are downloaded by the user via their web browser, then deployed as VM images to a user’s existing hypervisor.  Depending on the hypervisor, files might need converting.


OVA files are a single compressed archive that should contain or reference all you need to run up a VM of the app.


Citrix have a good overview of the OVA file format here


and I found the VMware OVFtool user guide here


Beyond OVA

Whilst the system is designed for hosting VM images, if you need to publish as an archive to be installed to a specific linux distribution (e.g. debian, rpm), this is possible (as long as you don't use a .zip archive).  We currently support .deb, which is already archived; but beyond that and if you need to include multiple files, I would recommend .tgz.


Signing RPM files

ISV will first need to create a public key

gpg --gen-key


and then to sign their rpm file

rpm --addsign package.rpm


which they’ll need to share the keyfile somehow…  I think the best solution for this is for ISV to host it on a website and provide the URL to it on the AppStore.  Then the user can see they’re downloading it from ISV (not HP). 


User then downloads the key file – and installs it into their system. 

rpm --import key_file


Once done, they can then use RPM to check the signature of the file they downloaded from the App Store.

# rpm --checksig xtoolwait-1.3-3.src.rpm

xtoolwait-1.3-3.src.rpm: (sha1) dsa sha1 md5 gpg OK


I think this does the same

rpm -K package.rpm


More links



Please feel free to add to this thread with additional information that you think other developers may find of use.


HPE WW Marketing for 5G / @AndyTelco