1779351 – Verify outgoing manifests when uploading or creating new manifests

Bug 1779351 - Verify outgoing manifests when uploading or creating new manifests

Summary: Verify outgoing manifests when uploading or creating new manifests

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	oc
Sub Component:
Version:	4.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Clayton Coleman
QA Contact:	zhou ying
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1779353 1779355
TreeView+	depends on / blocked

Reported:	2019-12-03 19:50 UTC by Clayton Coleman
Modified:	2020-05-04 11:18 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1779353 (view as bug list)
Environment:
Last Closed:	2020-05-04 11:18:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift oc pull 210	0	None	closed	Bug 1779351: Verify outbound manifests now that schema1 support is dropped	2020-05-04 14:30:44 UTC
Red Hat Product Errata	RHBA-2020:0581	0	None	None	None	2020-05-04 11:18:49 UTC

Description Clayton Coleman 2019-12-03 19:50:56 UTC

To better catch failures due to misbehaving or faulty registries, the verifying manifest service used by image and release tooling should verify outgoing manifests (as well as incoming manifests) by digest.

This is acceptable now that we require schema2 container image registry support for our release tooling, and helps close another possible failure point by verifying what we send matches what the server tells us it gets.

Comment 1 Maciej Szulik 2020-01-31 11:23:05 UTC

The code from the linked PR is coming from library-go which was bumped several times by now. Moving to QA for verification.

Comment 3 zhou ying 2020-02-06 05:44:26 UTC

Contact with dev on slack, we need a misbehaving registry, but it's hard to build the misbehaving registry , will verify it directly.

Comment 5 errata-xmlrpc 2020-05-04 11:18:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581

Note You need to log in before you can comment on or make changes to this bug.