Bug 1915217 - OKD payloads expect to be signed with production keys
Summary: OKD payloads expect to be signed with production keys
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Release
Version: 4.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.7.0
Assignee: Luke Meyer
QA Contact: Wei Sun
Depends On:
Blocks: 1916582
TreeView+ depends on / blocked
Reported: 2021-01-12 09:31 UTC by Vadim Rutkovsky
Modified: 2021-02-24 15:52 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2021-02-24 15:51:54 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-update-keys pull 27 0 None closed Bug 1915217: readme: specify which keys are used in nightlies/OKD/OCP builds 2021-01-22 16:15:59 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:52:26 UTC

Description Vadim Rutkovsky 2021-01-12 09:31:56 UTC
cluster-update-keys release pipeline contains CI and official release keys. OKD payloads are signed using CI key, but CVO is configured to use release keys.

Comment 4 errata-xmlrpc 2021-02-24 15:51:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.