Bug 1829061
Summary: | Signature verification incorrectly uses mirror’s references | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Miloslav Trmač <mitr> |
Component: | podman | Assignee: | Jindrich Novy <jnovy> |
Status: | CLOSED ERRATA | QA Contact: | atomic-bugs <atomic-bugs> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.2 | CC: | bbaude, dkaylor, dornelas, dwalsh, jligon, jnovy, kanderso, lsm5, mheon, mitr, rspazzol, tsweeney, ypu |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | podman-1.9.3-2.el8 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-21 15:32:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1186913, 1793607 |
Description
Miloslav Trmač
2020-04-28 19:40:56 UTC
Assigning to Jindrich to verify per https://bugzilla.redhat.com/show_bug.cgi?id=1829061#c5 Matt, Miloslav and /or Jindrich, do you have an answer to Derrick's question about backporting to Podman v1.9? I know it will bin in v2.0 Derrick, do you need it three months earlier? Miloslav lets get a patch for this in podman-1.9.4 Then they can get it in July. Test with podman-1.9.3-2.module+el8.2.1+6867+366c07d6.x86_64. The location will not be replaced by mirror references for policy part from debug log. So set this to verified. Here is my registries.conf: unqualified-search-registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io'] [[registry]] prefix = "registry.access.redhat.com/ubi8" insecure = true blocked = false location = "quay.io/ypu/test" And here is the details: # podman --log-level debug pull registry.access.redhat.com/ubi8 ...... DEBU[0003] Using transport "docker" specific policy section registry.access.redhat.com DEBU[0003] Requirement 0: denied, done DEBU[0003] Error pulling image ref //registry.access.redhat.com/ubi8:latest: Source image rejected: A signature was required, but no signature exists A signature was required, but no signature exists ERRO[0003] error pulling image "registry.access.redhat.com/ubi8": unable to pull registry.access.redhat.com/ubi8: unable to pull image: Source image rejected: A signature was required, but no signature exists Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3053 |