New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CFE-965: [V2] Enable signature verification #709
Conversation
@lmzuccarelli: This pull request references CFE-965 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold |
@lmzuccarelli: This pull request references CFE-965 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work @lmzuccarelli !
Thank you
I have just a small doubt about removing the creation of workingDir
in executor.go code.
LGTM otherwise ;)
/unhold |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lmzuccarelli, sherine-k The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -1,268 +0,0 @@ | |||
package diff |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to see this diff mechanism going away
@lmzuccarelli: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Description
This change enables secure policy for signature verification on release and additionalImages (in V2) for all RedHat based images
Refer to v2/README.md for more details
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Testing
Checking additional images first - imagesetconfig
Ensure the additionalImages signature verification fails
Set a bad entry in /etc/container/policy.json (for registry.access.redhat.com)
Execute oc-binary with --secure-policy flag
Console output
Update /etc/containers/policy.json to correct value
Re-run oc-mirror
Console output
Update imagesetconfig to include a release
Ensure the release signature fails
Update /etc/containers/policy.json with a bad entry
Execute oc-mirror
Console output
Update the /etc/containers/policy.json to the correct value for quay.io/openshift-release-dev/openshift-release-dev
This should now execute without any problems
Checklist: