RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1769576 - [RFE]Local image validation
Summary: [RFE]Local image validation
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: podman
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tom Sweeney
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
: 1658282 (view as bug list)
Depends On:
Blocks: 1186913 1726784
TreeView+ depends on / blocked
 
Reported: 2019-11-06 21:40 UTC by David Kaylor
Modified: 2023-09-07 20:57 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-20 18:10:21 UTC
Type: Feature Request
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description David Kaylor 2019-11-06 21:40:53 UTC 
Proposed title of this feature request

  Local image validation

What is the nature and description of the request?

  The ability to validate all layers of an image at rest, both manually and at run time.

Functional requirements

  1. After an image had been download, podman or similar could be run to verify that the image has not been tampered with.

  2. cri-o can be configured to perform the same verification before running the container.

For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.

  1. Download an image, modify a layer and then try the manual validation

  2. Configure cri-o to perform validation and attempt to deploy an image that has been modified

Is there already an existing RFE upstream or in Red Hat Bugzilla?

  No, but some of this was mentioned in bz 1658282

List any affected packages or components.

  Podman and cri-o
Comment 9 Daniel Walsh 2019-11-08 21:56:08 UTC 
Well I was actually think of this as podman. As I said `podman image verify`
Comment 17 Derrick Ornelas 2020-03-19 15:51:26 UTC 
*** Bug 1658282 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.