Bug 1769576 - [RFE]Local image validation
Summary: [RFE]Local image validation
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: podman
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tom Sweeney
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
: 1658282 (view as bug list)
Depends On:
Blocks: 1186913 1726784
TreeView+ depends on / blocked
 
Reported: 2019-11-06 21:40 UTC by David Kaylor
Modified: 2020-11-16 13:07 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-20 18:10:21 UTC
Type: Feature Request
Target Upstream Version:


Attachments (Terms of Use)

Description David Kaylor 2019-11-06 21:40:53 UTC
Proposed title of this feature request

  Local image validation

What is the nature and description of the request?

  The ability to validate all layers of an image at rest, both manually and at run time.

Functional requirements

  1. After an image had been download, podman or similar could be run to verify that the image has not been tampered with.

  2. cri-o can be configured to perform the same verification before running the container.

For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

  1. Download an image, modify a layer and then try the manual validation

  2. Configure cri-o to perform validation and attempt to deploy an image that has been modified

Is there already an existing RFE upstream or in Red Hat Bugzilla?

  No, but some of this was mentioned in bz 1658282

List any affected packages or components.

  Podman and cri-o

Comment 9 Daniel Walsh 2019-11-08 21:56:08 UTC
Well I was actually think of this as podman. As I said `podman image verify`

Comment 17 Derrick Ornelas 2020-03-19 15:51:26 UTC
*** Bug 1658282 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.