Bug 1779351 - Verify outgoing manifests when uploading or creating new manifests
Summary: Verify outgoing manifests when uploading or creating new manifests
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Clayton Coleman
QA Contact: zhou ying
Depends On:
Blocks: 1779353 1779355
TreeView+ depends on / blocked
Reported: 2019-12-03 19:50 UTC by Clayton Coleman
Modified: 2020-05-04 11:18 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1779353 (view as bug list)
Last Closed: 2020-05-04 11:18:30 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift oc pull 210 0 None closed Bug 1779351: Verify outbound manifests now that schema1 support is dropped 2020-05-04 14:30:44 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:18:49 UTC

Description Clayton Coleman 2019-12-03 19:50:56 UTC
To better catch failures due to misbehaving or faulty registries, the verifying manifest service used by image and release tooling should verify outgoing manifests (as well as incoming manifests) by digest.

This is acceptable now that we require schema2 container image registry support for our release tooling, and helps close another possible failure point by verifying what we send matches what the server tells us it gets.

Comment 1 Maciej Szulik 2020-01-31 11:23:05 UTC
The code from the linked PR is coming from library-go which was bumped several times by now. Moving to QA for verification.

Comment 3 zhou ying 2020-02-06 05:44:26 UTC
Contact with dev on slack, we need a misbehaving registry, but it's hard to build the misbehaving registry , will verify it directly.

Comment 5 errata-xmlrpc 2020-05-04 11:18:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.