Description of problem: In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag. Version-Release number of selected component (if applicable): How reproducible: $ oc get packagemanifest/kubevirt-hyperconverged -o=jsonpath='{.metadata.name}{"\t"}{range .status.channels[*]}{.currentCSV}{"\t"}{.currentCSVDesc.annotations.containerImage}{"\n"}{end}' Actual results: kubevirt-hyperconverged kubevirt-hyperconverged-operator.v2.0.0 registry.redhat.io/container-native-virtualization/container-native-virtualization/hyperconverged-cluster-operator:v2.0.0-32 kubevirt-hyperconverged-operator.v2.1.0 registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator:v2.1.0-22 Expected results: kubevirt-hyperconverged kubevirt-hyperconverged-operator.v2.0.0 registry.redhat.io/container-native-virtualization/container-native-virtualization/hyperconverged-cluster-operator@sha256:<blah> kubevirt-hyperconverged-operator.v2.1.0 registry.redhat.io/container-native-virtualization/hyperconverged-cluster-operator@sha256:<blah> Additional info: http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html
Please add fixed in version
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:2011