Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-563

operators use tag for containerImage reference instead of digest

XMLWordPrintable

    • Hide

      $ oc get packagemanifest/codeready-workspaces -o=jsonpath='

      {.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end}

      '
      codeready-workspaces crwoperator.v2.0.0 registry.redhat.io/codeready-workspaces/server-operator-rhel8:2.0
      crwoperator.v1.2.2 registry.redhat.io/codeready-workspaces/server-operator-rhel8:1.2

      Show
      $ oc get packagemanifest/codeready-workspaces -o=jsonpath=' {.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end} ' codeready-workspaces crwoperator.v2.0.0 registry.redhat.io/codeready-workspaces/server-operator-rhel8:2.0 crwoperator.v1.2.2 registry.redhat.io/codeready-workspaces/server-operator-rhel8:1.2

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

        1. redhatreg
          1 kB
        2. Screenshot_2020-02-21_12-02-23.png
          Screenshot_2020-02-21_12-02-23.png
          154 kB

          1.
          		 registries: rewrite of tags to digests fails when can't read from reg.rh.io Sub-task Closed Blocker Nick Boldt

              dfestal David Festal
              rhn-support-jshepher Jason Shepherd
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: