1257306 – [RFE][glance] Image Signing and Verification Support

Bug 1257306 - [RFE][glance] Image Signing and Verification Support

Summary: [RFE][glance] Image Signing and Verification Support

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-glance
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	8.0 (Liberty)
Assignee:	Flavio Percoco
QA Contact:	nlevinki
Docs Contact:
URL:	https://blueprints.launchpad.net/glan...
Whiteboard:	upstream_milestone_liberty-3 upstream...
Depends On:
Blocks:	1316607 1365571
TreeView+	depends on / blocked

Reported:	2015-08-26 17:56 UTC by Sean Cohen
Modified:	2023-09-20 22:28 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	This release includes a tech preview of Image Signing and Verification for glance images. This feature helps protect image integrity by ensuring no modifications occur after the image is uploaded by a user. This capability includes both signing of the image, and signature validation of bootable images when used.
Clone Of:
Clones:	1316607 (view as bug list)
Environment:
Last Closed:	2017-07-25 13:24:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	177948	None	None	None	Never
OpenStack gerrit	183137	None	None	None	Never
Red Hat Issue Tracker	OSP-4531	None	None	None	2022-08-17 13:14:38 UTC
Red Hat Knowledge Base (Solution)	2604741	None	None	None	2016-09-06 14:29:12 UTC

Description Sean Cohen 2015-08-26 17:56:31 UTC

OpenStack currently doesn't support either of the following features:

* Signing and signature validation of bootable images
* Validation of uploaded signed images

This blueprint adds support for both of these features. If an uploaded image is signed, Glance will verify the signature prior to storing it. In each of the uploadable cases, proper entry of the appropriate crypto mode selection and keys will be necessary. Deploying authentication will protect against counterfeit images as well as unauthorized images. Integration with Barbican will provide key management support for signing keys. This feature improves the enterprise-ready posture of OpenStack.

Comment 3 Sean Cohen 2015-08-26 17:59:14 UTC

https://review.openstack.org/gitweb?p=openstack/glance-specs.git;a=commit;h=6208626ef46ee62b025e52bb97eb2ce541746244

Comment 9 Mike McCune 2016-03-28 22:35:49 UTC

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

Comment 12 Sean Cohen 2017-07-25 13:24:02 UTC

Closing the backport request for OSP7 (Feature is scoped for OSP13)
Sean

Note You need to log in before you can comment on or make changes to this bug.