Proposed title of this feature request
Local image validation
What is the nature and description of the request?
The ability to validate all layers of an image at rest, both manually and at run time.
Functional requirements
1. After an image had been download, podman or similar could be run to verify that the image has not been tampered with.
2. cri-o can be configured to perform the same verification before running the container.
For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
1. Download an image, modify a layer and then try the manual validation
2. Configure cri-o to perform validation and attempt to deploy an image that has been modified
Is there already an existing RFE upstream or in Red Hat Bugzilla?
No, but some of this was mentioned in bz 1658282
List any affected packages or components.
Podman and cri-o