- Proposed title of this feature request
Registry-independent image verification
- What is the nature and description of the request?
A simple way to verify an image in local repositories, similar to rpm -qV
- Functional requirements
Running the verification command could compare the image layers to their digests or check an embedded signature similar to rpm. In the latter case there would also need to be a way to generate and attach the signature.
- For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Depending on the approach, first sign the image. After that, distribute the image to two different environments and run the verification command.
- Is there already an existing RFE upstream or in Red Hat Bugzilla?
- List any affected packages or components.
We were thinking skopeo would make sense but are open to other ideas
Miloslav what is the latest on this?
Created attachment 1541127 [details]
Results from test perfomed by Tom Lapp
We are awaiting feedback from RH engineering on this issue and haven't heard anything in a few days. Has there been any progress?