Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1748134

Summary: Enable Red Hat image signature verification by default
Product: OpenShift Container Platform Reporter: Jason Shepherd <jshepherd>
Component: NodeAssignee: Miloslav Trmač <mitr>
Status: CLOSED NOTABUG QA Contact: Sunil Choudhary <schoudha>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.2.0CC: amurdaca, aos-bugs, jokerman, kgarriso, rphillips
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 19:50:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1705984    
Bug Blocks:    

Description Jason Shepherd 2019-09-02 23:01:42 UTC 
Description of problem:

When pulling Red Hat images to OCP master and worker nodes image signatures are not verified by default. While it's not reasonable to expect all image signatures be verified, at least those shipped by Red Hat should be verified.


For details of enabling signature verification on RHEL 8 see:

   https://access.redhat.com/articles/3116561

This issue can't be completed until images are double signed, see:

   https://projects.engineering.redhat.com/browse/DELIVERY-6699

That is blocked by #1705984, so setting this issue as blocked on that too.
Comment 1 Antonio Murdaca 2019-09-03 08:23:12 UTC 
This is not a 4.2 deliverable so moving to 4.3 and assigning the Node team for enabling that in the future. Also, if this is realted to  a feature, it's probably better to have a card in Jira or something like that.
Comment 2 Jason Shepherd 2019-09-06 06:15:37 UTC 
Created https://jira.coreos.com/browse/RFE-336
Comment 3 Antonio Murdaca 2019-09-09 17:25:27 UTC 
As per discussion with Mrunal, moving to Miloslav
Comment 4 Kirsten Garrison 2019-11-07 21:15:37 UTC 
This is assigned to Miloslav, but the Jira card is in RHCOS, gonna change this over to Node, feel free to move to RHCOS if that's better.