Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-32723

[RHEL EPIC] Adopting Sigstore for Containers - RHEL 9.5

XMLWordPrintable

    • [RHEL EPIC] Adopting Sigstore for Containers RHEL 9.5
    • Red Hat Enterprise Linux
    • sst_container_tools
    • 23
    • 3
    • False
    • Hide

      None

      Show
      None
    • Yes
    • QE ack, Dev ack, Docs ack
    • Enhancement
    • TBD

      Description

      SME: Miloslav Trmac

      Begin using Sigstore signatures for container signing in RHEL / UBI.

      Detailed Sigstore rationale and background here.

      Goals

      Adopting sigstore for signing RHEL/UBI based containers provides a more ergonomic experience for users and is in line with wider container-signing plans.

      RHEL/UBI 7/8/9 will continue to have simple-signatures. RHEL 10 images would be sigstore only.

      Note: simple-signing code will not be removed from RHEL container tools, so any user re-signing workflows will continue to function.

      Requirements

      All supported versions of RHEL container tools in RHEL and in layered products must have the code paths and correctly configured policy in order to use UBI10 containers from RHEL9 based systems.

       

       

            container-runtime-eng Container Runtime Eng Bot
            tsweeney@redhat.com Tom Sweeney
            Container Runtime Eng Bot Container Runtime Eng Bot
            Container Runtime Bugs Bot Container Runtime Bugs Bot
            Gabriela Necasova Gabriela Necasova
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: