Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1919

oc-mirror v2: extracts trusted keys from mirrored target release images

XMLWordPrintable

    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Feature Overview (aka. Goal Summary)  

      oc-mirror v2 extracts trusted keys from the target release images it mirrors.

      Goals (aka. expected user outcomes)

      oc-mirror v2 can discover and extract trusted keys from target release images during the mirroring process, without relying on hardcoded keys.

      Background

      OpenShift release images are subject to periodic trusted key updates for security purposes, as illustrated by the SHA-1 to SHA-256 self-signature migration captured in OCPBUGS-35528/cluster-update-keys#57.  oc-mirror's current solution (OCPBUGS-47453) involves updating hardcoded keys, which is considered a temporary measure.  A more sustainable approach would be to dynamically extract the trusted key from a target release image during the mirroring process.

      Requirements (aka. Acceptance Criteria):

      • Discover and extract the trusted key: Eliminate the reliance on hardcoded trusted keys by dynamically discovering and extracting them from target images.

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios.  Initial completion during Refinement status.

      <your text here>

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin.  Initial completion during Refinement status.

      <your text here>

      Out of Scope

      High-level list of items that are out of scope.  Initial completion during Refinement status.

      <your text here>

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature.  Initial completion during Refinement status.

      <your text here>

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs.  If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.

      <your text here>

      Interoperability Considerations

      Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact?  What interoperability test scenarios should be factored by the layered products?  Initial completion during Refinement status.

      <your text here>

              rhn-coreos-tunwu Tony Wu
              rhn-coreos-tunwu Tony Wu
              None
              None
              None
              None
              Subhashini T K Subhashini T K
              None
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: