Back to bug 1316607
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sean Cohen | 2016-03-10 15:25:05 UTC | Keywords | TechPreview | |
| Priority | medium | high | ||
| Status | NEW | POST | ||
| Target Release | 8.0 | 9.0 | ||
| Target Milestone | ga | --- | ||
| Red Hat Bugzilla | 2016-03-10 15:25:05 UTC | Doc Type | Technology Preview | Enhancement |
| Sat6QE Jenkins | 2016-03-28 20:15:54 UTC | Status | POST | MODIFIED |
| Mike McCune | 2016-03-28 22:37:22 UTC | Status | MODIFIED | POST |
| John Skeoch | 2016-04-18 07:25:10 UTC | CC | yeylon | srevivo |
| Perry Myers | 2016-04-19 00:52:53 UTC | CC | pmyers | |
| Scott Lewis | 2016-04-22 12:42:40 UTC | Target Milestone | --- | ga |
| Avi Avraham | 2016-06-01 06:52:20 UTC | CC | aavraham | |
| Flags | needinfo? | |||
| Andrew Dahms | 2016-06-06 00:18:03 UTC | Blocks | 1342849 | |
| Jason Joyce | 2016-07-29 18:31:22 UTC | Status | POST | MODIFIED |
| CC | jjoyce | |||
| Fixed In Version | openstack-glance-12.0.0-1.el7ost | |||
| Flags | needinfo? | |||
| errata-xmlrpc | 2016-07-29 20:20:15 UTC | Status | MODIFIED | ON_QA |
| nlevinki | 2016-07-31 07:50:15 UTC | QA Contact | nlevinki | aavraham |
| Flavio Percoco | 2016-08-08 09:16:48 UTC | Doc Text | Feature: OpenStack currently doesn't support either of the following features: * Signing and signature validation of bootable images * Validation of uploaded signed images This blueprint adds support for both of these features. If an uploaded image is signed, Glance will verify the signature prior to storing it. In each of the uploadable cases, proper entry of the appropriate crypto mode selection and keys will be necessary. Deploying authentication will protect against counterfeit images as well as unauthorized images. Integration with Barbican will provide key management support for signing keys. This feature improves the enterprise-ready posture of OpenStack. Reason: Before Liberty, there was no method for users to verify that a previously uploaded image had not been modified. An image could potentially be modified in transit (such as when it is uploaded to Glance or transferred to Nova) or Glance itself could be untrusted and modify images without a user’s knowledge. An image that is modified could include malicious code. Providing support for image signatures and signature verification would allow the user to verify that an image has not been modified prior to booting the image. There are several use cases that this feature supports: An image is signed by an End User, using the user’s private key. The user then uploads the image to Glance, along with the signature created and a reference to the user’s public key certificate. Glance uses this information to verify that the signature is valid, and notifies the user if the signature is invalid. An image is created in Nova, and Nova signs the image at the request of the End User. When the image is uploaded to Glance, the signature and public key certificate reference are also provided. Glance verifies the signature before storing the image, and notifies Nova if the signature verification fails. A signed image is requested by Nova, and Glance provides the signature and a reference to the public key certificate to Nova along with the image so that Nova can verify the signature before booting the image. Dependencies: In order to take advantage of the signatures in Glance, Nova will need to be updated to retrieve the signatures from Glance and verify them. However, Glance does not depend on Nova to have this support in order to have the feature added. The spec for this in Nova has been approved. |
|
| Sean Cohen | 2016-08-08 15:16:26 UTC | Keywords | TechPreview | |
| Target Release | 9.0 (Mitaka) | 10.0 (Newton) | ||
| Scott Lewis | 2016-08-08 15:37:43 UTC | CC | sclewis, scohen | |
| Flags | needinfo?(scohen) | |||
| Sean Cohen | 2016-08-08 21:26:16 UTC | CC | ddomingo | |
| Docs Contact | ddomingo | |||
| Flags | needinfo?(scohen) | needinfo?(ddomingo) | ||
| Scott Lewis | 2016-08-09 13:47:28 UTC | Flags | needinfo?(scohen) | |
| Sean Cohen | 2016-08-09 14:59:32 UTC | Blocks | 1365571 | |
| Sean Cohen | 2016-08-09 15:02:11 UTC | Flags | needinfo?(ddomingo) needinfo?(scohen) | needinfo?(aavraham) |
| Jason Joyce | 2016-08-10 14:49:15 UTC | Keywords | TestOnly | |
| Don Domingo | 2016-08-11 00:35:45 UTC | Flags | needinfo?(scohen) | |
| RHEL Program Management | 2016-08-11 15:02:10 UTC | Keywords | ZStream | |
| Scott Lewis | 2016-08-22 12:47:04 UTC | Target Release | 10.0 (Newton) | 9.0 (Mitaka) |
| nlevinki | 2016-08-23 06:22:36 UTC | Status | ON_QA | VERIFIED |
| Andrew Dahms | 2016-08-23 23:25:50 UTC | CC | adahms | |
| Doc Text | Feature: OpenStack currently doesn't support either of the following features: * Signing and signature validation of bootable images * Validation of uploaded signed images This blueprint adds support for both of these features. If an uploaded image is signed, Glance will verify the signature prior to storing it. In each of the uploadable cases, proper entry of the appropriate crypto mode selection and keys will be necessary. Deploying authentication will protect against counterfeit images as well as unauthorized images. Integration with Barbican will provide key management support for signing keys. This feature improves the enterprise-ready posture of OpenStack. Reason: Before Liberty, there was no method for users to verify that a previously uploaded image had not been modified. An image could potentially be modified in transit (such as when it is uploaded to Glance or transferred to Nova) or Glance itself could be untrusted and modify images without a user’s knowledge. An image that is modified could include malicious code. Providing support for image signatures and signature verification would allow the user to verify that an image has not been modified prior to booting the image. There are several use cases that this feature supports: An image is signed by an End User, using the user’s private key. The user then uploads the image to Glance, along with the signature created and a reference to the user’s public key certificate. Glance uses this information to verify that the signature is valid, and notifies the user if the signature is invalid. An image is created in Nova, and Nova signs the image at the request of the End User. When the image is uploaded to Glance, the signature and public key certificate reference are also provided. Glance verifies the signature before storing the image, and notifies Nova if the signature verification fails. A signed image is requested by Nova, and Glance provides the signature and a reference to the public key certificate to Nova along with the image so that Nova can verify the signature before booting the image. Dependencies: In order to take advantage of the signatures in Glance, Nova will need to be updated to retrieve the signatures from Glance and verify them. However, Glance does not depend on Nova to have this support in order to have the feature added. The spec for this in Nova has been approved. | This update adds support for signing and signature validation of bootable images, and validation of uploaded signed images. If an uploaded image is signed, Glance verifies the signature before storing it, and in cases where the image can be uploaded, the crypto mode and keys must be correctly entered. Authentication protects against counterfeit images and unauthorized images. | ||
| errata-xmlrpc | 2016-08-24 00:29:42 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2016-08-24 12:53:08 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-08-24 08:53:08 UTC | |||
| Paul Needle | 2016-09-06 14:29:01 UTC | CC | pneedle | |
| Link ID | Red Hat Knowledge Base (Solution) 2604741 | |||
| Avi Avraham | 2016-11-07 13:57:54 UTC | Flags | needinfo?(aavraham) needinfo?(scohen) | |
| Red Hat One Jira (issues.redhat.com) | 2022-08-16 14:06:22 UTC | Link ID | Red Hat Issue Tracker OSP-4547 |
Back to bug 1316607