Bug 1769576

Summary: [RFE]Local image validation
Product: Red Hat Enterprise Linux 8 Reporter: David Kaylor <dkaylor>
Component: podmanAssignee: Tom Sweeney <tsweeney>
Status: CLOSED DEFERRED QA Contact: atomic-bugs <atomic-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.1CC: bbaude, dornelas, dwalsh, echen, jligon, jnovy, lsm5, mheon, mitr, vbatts, walters, ypu
Target Milestone: rcKeywords: FutureFeature, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-20 18:10:21 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1186913, 1726784    

Description David Kaylor 2019-11-06 21:40:53 UTC 
Proposed title of this feature request

  Local image validation

What is the nature and description of the request?

  The ability to validate all layers of an image at rest, both manually and at run time.

Functional requirements

  1. After an image had been download, podman or similar could be run to verify that the image has not been tampered with.

  2. cri-o can be configured to perform the same verification before running the container.

For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

  1. Download an image, modify a layer and then try the manual validation

  2. Configure cri-o to perform validation and attempt to deploy an image that has been modified

Is there already an existing RFE upstream or in Red Hat Bugzilla?

  No, but some of this was mentioned in bz 1658282

List any affected packages or components.

  Podman and cri-o
Comment 9 Daniel Walsh 2019-11-08 21:56:08 UTC 
Well I was actually think of this as podman. As I said `podman image verify`
Comment 17 Derrick Ornelas 2020-03-19 15:51:26 UTC 
*** Bug 1658282 has been marked as a duplicate of this bug. ***