Project

Profile

Help

Actions
Send by e-mail Copy link

Story #1146

closed

As a user, I am assured that Pulp is downloading trusted manifests

Added by rbarlow about 9 years ago. Updated over 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Target Release - Docker:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

The v2 manifest[0] has support for cryptographic signatures. For this story, we need to learn how those signatures work and add support to the importer to verify the signatures of the downloaded manifests.

Deliverables:

  • Add support to the importer to validate the signatures
  • Consider whether this validation should be optional
  • Add support to pulp-admin
  • Documentation
  • Tests

[0] https://github.com/docker/distribution/blob/release/2.0/docs/spec/manifest-v2-1.md

Actions
Copy link
 #1

Updated by rbarlow almost 9 years ago

  • Blocks Task #1048: Tracker for Docker v2 API and Manifest work added
Actions
Copy link
 #2

Updated by rbarlow over 8 years ago

  • Blocks deleted (Task #1048: Tracker for Docker v2 API and Manifest work)
Actions
Copy link
 #3

Updated by mhrivnak about 8 years ago

  • Sprint Candidate changed from Yes to No
Actions
Copy link
 #4

Updated by bmbouter over 5 years ago

  • Status changed from NEW to CLOSED - WONTFIX
Actions
Copy link
 #5

Updated by bmbouter over 5 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

Actions
Copy link
 #6

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added
Actions
Send by e-mail Copy link

Also available in: Atom PDF