-
Epic
-
Resolution: Done
-
Major
-
rhel-9.7
-
POC - Container Tools can use SHA512 digests - RHEL 9.7
-
-
Important
-
Red Hat Enterprise Linux
-
rhel-container-tools
-
26
-
26
-
False
-
-
QE ack, Dev ack, Docs ack
-
Unspecified
-
Unspecified
-
Unspecified
Epic Overview
Container tools need to be ready for SHA512 digests in order to be PQ compliant.
Goals
Make sure that all related tools and libraries can work with SHA512 digests. We will need to build Proof of Concept code to test that Podman, Buildah, Skopeo, and Podman-py can interoperate with SHA512 successfully.
Creating more than Proof of Concept code will not be possible for RHEL 9.7/10.1. The SHA512 digests have not yet been fully incorporated by OCI, and most likely will not be before the end of 2025. In addition many of the big registries, such as Quay and Docker, do not yet support SHA512.
So the end goal for this Epic is to prove that pulling, pushing, and operating an image with SHA512 digests is possible. Then, as part of the final delivery for this Epic, a design doc should be created documenting what needs to change code wise in each of the projects for the final delivery. That is currently scheduled for RHEL 9.8/10.2, and Podman v5.8.
For this epic, there will be no Productization testing or Documentation
- depends on
-
RUN-2452 Digest change from sha256
-
- Closed
-
- impacts account
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
