Epic Goal

• Add support in openshift-install to opt-out of the sigstore signature requirement which would be default as a result of the parent feature (https://github.com/openshift/enhancements/pull/1633)

Why is this important?

• While the goal is to make sigstore default for production clusters, there will likely be scenarios where it is necessary to disable the requirement, such as CI testing

Scenarios

1. Internal use for ci builds. CI builds may grow to use sigstore, but providing the ability to opt out will be useful.
2.  [open question] User facing. We may want to give users the ability to opt out. This is still an open question.

Acceptance Criteria

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• ...

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. …

Open questions::

1. Do we want to make the opt-out option user-facing or only available for internal usage? For the latter case, we will use an environment variable. If we want it to be user facing, it goes in the install config.

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>