Uploaded image for project: 'AMQ Interconnect'
  1. AMQ Interconnect
  2. ENTMQIC-2403

operators use tag for containerImage reference instead of digest

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • None
    • None
    • Operator, Packaging
    • None
    • Hide

      $ oc get packagemanifest/amq7-interconnect-operator -n openshift-marketplace -o=jsonpath='

      {.metadata.name}

      {"\t"}{range .status.channels[*]}{.currentCSV}{"t"}

      {.currentCSVDesc.annotations.containerImage}

      {"\n"}

      {end}

      '
      amq7-interconnect-operator amq7-interconnect-operator.v1.1.0t registry.redhat.io/amq7/amq-interconnect-operator:1.1

      Show
      $ oc get packagemanifest/amq7-interconnect-operator -n openshift-marketplace -o=jsonpath=' {.metadata.name} {"\t"}{range .status.channels[*]}{.currentCSV}{"t"} {.currentCSVDesc.annotations.containerImage} {"\n"} {end} ' amq7-interconnect-operator amq7-interconnect-operator.v1.1.0t registry.redhat.io/amq7/amq-interconnect-operator:1.1

      In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.

      See:
      http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html

              ansmith@redhat.com Andrew Smith
              rhn-support-jshepher Jason Shepherd
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: