Bug 1375653

Summary: Add simple signing support to atomic command
Product: Red Hat Enterprise Linux 7 Reporter: Lokesh Mandvekar <lsm5>
Component: atomicAssignee: Lokesh Mandvekar <lsm5>
Status: CLOSED ERRATA QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: ajia, atomic-bugs, aweiteka, ddarrah, dwalsh, mjenner
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1375578 Environment:
Last Closed: 2016-11-04 09:06:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1378291    
Bug Blocks:    

Description Lokesh Mandvekar 2016-09-13 15:30:15 UTC 
+++ This bug was initially created as a clone of Bug #1375578 +++

This bugzilla is for a new feature being added to atomic command to allow users to sign OCI and Docker Images, indicating that the image is "trusted" by the signer.
Comment 2 Lokesh Mandvekar 2016-09-13 15:32:57 UTC 
*** Bug 1375578 has been marked as a duplicate of this bug. ***
Comment 4 Alex Jia 2016-09-22 04:42:02 UTC 
See Also: bug 1378291 and bug 1375891.
Comment 5 Alex Jia 2016-09-26 18:59:38 UTC 
1. atomic sign --sign-by testing                          ------ PASS
2. atomic trust show|add|delete|default testing           ------ PASS
3. atomic push --sign-by testing  <---- got questions


3. atomic push testing 

# docker login -p AtwRPnMfIfUP9pRSDZaSSvrOC_K9l8WZEOa0n-2fFqw -e unused -u unused atomic-registry.usersys.redhat.com:5000
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded


# atomic push --sign-by "" atomic-registry.usersys.redhat.com:5000/ajia/busybox:latest
Registry Username: 

NOTE: it still prompt users to input AUTH info

# atomic push --sign-by ajia atomic-registry.usersys.redhat.com:5000/ajia/busybox:latest
Registry Username: ajia
Registry Password: 
500 Server Error: Internal Server Error ("no successful auth challenge for http://atomic-registry.usersys.redhat.com:5000/v2/ - errors: [token auth attempt for registry http://atomic-registry.usersys.redhat.com:5000/v2/: http://atomic-registry.usersys.redhat.com:5000/openshift/token?account=ajia request failed with status: 401 Unauthorized]")

NOTE: I have successfully login atomic registry, but it still needs to input AUTH info.


In addition, is it enough to verify this bug w/ above 3 testing, thanks.
Comment 7 Martin Jenner 2016-09-27 18:47:12 UTC 
changing state to verified on ddarrah behalf.
Comment 9 errata-xmlrpc 2016-11-04 09:06:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2628.html