Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1915968

Summary: OSUS should support extracting GPG signatures from image
Product: OpenShift Container Platform Reporter: Vadim Rutkovsky <vrutkovs>
Component: OpenShift Update ServiceAssignee: Lalatendu Mohanty <lmohanty>
OpenShift Update Service sub component: operand QA Contact: liujia <jiajliu>
Status: CLOSED DEFERRED Docs Contact: Kathryn Alexander <kalexand>
Severity: medium    
Priority: unspecified CC: lmohanty, wking, yanyang
Version: 4.7Flags: jiajliu: needinfo+
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: OSUS downloads release signatures by pulling the image Reason: In order to support release verification in disconnected environments OSUS needs a way to fetch release signatures. To keep in line with other artifacts signatures are provided as a container image Result: customers can configure a plugin to pull signature images and OSUS would use it to verify downloaded images
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-15 16:12:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vadim Rutkovsky 2021-01-13 20:30:28 UTC 
For disconnected installations image signatures would be assembled in the image instead of reaching out to https://mirror.openshift.org.
Cincinnati should be configured to use this image during secondary metadata parse and to verify image signatures.

See https://issues.redhat.com/browse/OTA-323 for details and discussion
Comment 2 liujia 2021-01-25 02:54:15 UTC 
According to the discussion in OTA-323, we can not test this user story until graph-data build pipeline work finished. So change this bug status to MODIFIED to wait for available build.
Comment 4 liujia 2021-01-29 02:18:10 UTC 
Set bug's status back according to comment 2.
Comment 5 W. Trevor King 2021-07-20 15:23:24 UTC 
We won't cut 4.7 or 4.8 operators; moving to 4.9.0 (folks with 4.6 releases will be able to update straight to 4.9).
Comment 9 liujia 2021-09-30 02:25:57 UTC 
According to comment 2, we can not test this user story until graph-data build pipeline work finished. So i think we should remove this bug from the advisory RHBA-2021:81907 this time. Change the bug status back to MODIFIED first.
Comment 11 liujia 2021-10-08 01:25:32 UTC 
Hi Lala
Would you mind removing this bug from the advisory #81907? Or else it will be changed to ON_QA status by bot.
Comment 15 Lalatendu Mohanty 2023-02-15 16:12:01 UTC 
Closing the bug as we do not have a way to verify this. Also we are not planning to release signed images in near future , hence there is no point in keeping this bug open in this state.