Project

Profile

Help

Story #9507

closed

Story #9502: [EPIC] Contrainer Signing and Verification

As a user I can sync container image with its original signature

Added by ipanova@redhat.com about 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 111
Quarter:

Description

Ticket moved to GitHub: "pulp/pulp_container/498":https://github.com/pulp/pulp_container/issues/498


Synced signatures are not verified. Signature verification is offloaded to the client.

If with-signature=True ( TBD agree on naming) was specified only those images that have signature with be mirrored. Rest of the images will be skipped. Signature server location needs to be specified ( it's the webserver location of signatures, for example https://registry.redhat.io/containers/sigstore). Otherwise it will be assumed that the signature is stored on the remote registry in a form of manifest or a separate object:

Q: does podman/skopeo support verification of cosign signature type? Only atomic type for now https://github.com/containers/image/blob/main/docs/containers-signature.5.md#criticaltype

Q: how this will work with mirror=True?

Actions #1

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #2

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #3

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #4

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #5

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #6

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #7

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #8

Updated by ipanova@redhat.com about 3 years ago

  • Description updated (diff)
Actions #9

Updated by ttereshc about 3 years ago

  • Subject changed from As a user I can mirror container image with its original signature to As a user I can sync container image with its original signature
  • Description updated (diff)
Actions #10

Updated by ttereshc about 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc
  • Sprint set to Sprint 110
Actions #11

Updated by pulpbot about 3 years ago

  • Status changed from ASSIGNED to POST

Added by ttereshc about 3 years ago

Revision aac67ec8 | View on GitHub

Add ManifestSignature model and related serializer/filter/viewset.

re #9507 https://pulp.plan.io/issues/9507

Added by ttereshc about 3 years ago

Revision aac67ec8 | View on GitHub

Add ManifestSignature model and related serializer/filter/viewset.

re #9507 https://pulp.plan.io/issues/9507

Actions #13

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 110 to Sprint 111

Added by ttereshc almost 3 years ago

Revision c381bbe0 | View on GitHub

Add ManifestSignature model and related serializer/filter/viewset.

re #9507 https://pulp.plan.io/issues/9507

Added by ttereshc almost 3 years ago

Revision c381bbe0 | View on GitHub

Add ManifestSignature model and related serializer/filter/viewset.

re #9507 https://pulp.plan.io/issues/9507

Actions #14

Updated by pulpbot almost 3 years ago

  • Description updated (diff)
  • Status changed from POST to CLOSED - DUPLICATE

Also available in: Atom PDF