Bug 1257306 - [RFE][glance] Image Signing and Verification Support
[RFE][glance] Image Signing and Verification Support
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-glance (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: 8.0 (Liberty)
Assigned To: Flavio Percoco
upstream_milestone_liberty-3 upstream...
: FutureFeature, TechPreview, Triaged, ZStream
Depends On:
Blocks: 1365571 1316607
  Show dependency treegraph
Reported: 2015-08-26 13:56 EDT by Sean Cohen
Modified: 2017-07-25 09:24 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
This release includes a tech preview of Image Signing and Verification for glance images. This feature helps protect image integrity by ensuring no modifications occur after the image is uploaded by a user. This capability includes both signing of the image, and signature validation of bootable images when used.
Story Points: ---
Clone Of:
: 1316607 (view as bug list)
Last Closed: 2017-07-25 09:24:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2604741 None None None 2016-09-06 10:29 EDT
OpenStack gerrit 177948 None None None Never
OpenStack gerrit 183137 None None None Never

  None (edit)
Description Sean Cohen 2015-08-26 13:56:31 EDT
OpenStack currently doesn't support either of the following features:

* Signing and signature validation of bootable images
* Validation of uploaded signed images

This blueprint adds support for both of these features. If an uploaded image is signed, Glance will verify the signature prior to storing it. In each of the uploadable cases, proper entry of the appropriate crypto mode selection and keys will be necessary. Deploying authentication will protect against counterfeit images as well as unauthorized images. Integration with Barbican will provide key management support for signing keys. This feature improves the enterprise-ready posture of OpenStack.
Comment 9 Mike McCune 2016-03-28 18:35:49 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 12 Sean Cohen 2017-07-25 09:24:02 EDT
Closing the backport request for OSP7 (Feature is scoped for OSP13)

Note You need to log in before you can comment on or make changes to this bug.