Bug 1450337
| Summary: | [platformmanagement_public_788]Can't remove any signature from the image | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | zhou ying <yinzhou> |
| Component: | Image Registry | Assignee: | Michal Fojtik <mfojtik> |
| Status: | CLOSED ERRATA | QA Contact: | ge liu <geliu> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.6.0 | CC: | aos-bugs, pweil |
| Target Milestone: | --- | ||
| Target Release: | 3.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-11-28 21:54:33 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Confirmed with latest ocp3.6 , the issue has fixed: openshift v3.6.86 kubernetes v1.6.1+5115d708d7 etcd 3.1.0 oadm verify-image-signature sha256:1c44eeb0bcebff03b34d43851a651c721e7ae97f8a062aafc5492b1d3bd02571 --remove-all --public-key=/home/pubring.gpg --token=JplrvKS4dHtsEMCWqKRuSffl3AJ2NmoaR3ARS1OjAJs Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |
Description of problem: When use command `oadm verify-image-signature sha256:67326d0fcdc02a022a7b507b832b76a8609b8246de926ee0fa12f64886da1803 --expected-identity=172.30.205.231:5000/zhouy/hello-openshift:latest --remove-all`, the signature was not moved from the image object. Version-Release number of selected component (if applicable): openshift v3.6.74 kubernetes v1.6.1+5115d708d7 etcd 3.1.0 How reproducible: always Steps to Reproduce: 1. Login in Openshift and create project; 2. Create a GPG Key Pair; 3. Use the user token to login the integrated docker-registry; 4. Tag a image to integrated docker-registry: `docker tag openshift/hello-openshift docker-registry:5000/project/imagestream:latest` 5. Use the atomic command to sign and push the image to integrated docker-registry: `atomic push --type atomic --sign-by yinzhou 172.30.205.231:5000/zhouy/deployment-example:latest` 6. Check the image with signature; 7. Use command to remove the signature: `oadm verify-image-signature sha256:3f71e6dd452146b942f064d3aa4a8f33e7993aaae4e9edc691a638089944093f --expected-identity=172.30.205.231:5000/zhouy/deployment-example:latest --remove-all` 8. Use command to remove the signature: `oadm verify-image-signature sha256:3f71e6dd452146b942f064d3aa4a8f33e7993aaae4e9edc691a638089944093f --expected-identity=172.30.205.231:5000/zhouy/deployment-example:latest --remove-all --public-key=/root/.gnupg/pubring.gpg` Actual results: 7. The command will failed with error: unable to read --public-key: open pubring.gpg: no such file or directory 8. No error , but the '--remove-all' option does not work. Expected results: 7. When use '--remove-all' option should not work with '-public-key' option; 8. Should remove the signature succeed. Additional info: