-
Epic
-
Resolution: Done
-
Major
-
rhel-10.1
-
POC - Container Tools can use SHA512 digests - RHEL 10.1
-
-
Important
-
Red Hat Enterprise Linux
-
rhel-container-tools
-
26
-
26
-
False
-
-
QE ack, Dev ack, Docs ack
-
Unspecified
-
Unspecified
-
Unspecified
Epic Overview
Container tools need to be ready for SHA512 digests in order to be PQ compliant.
Goals
Make sure that all related tools and libraries can work with SHA512 digests. We will need to build Proof of Concept code to test that Podman, Buildah, Skopeo, and Podman-py can interoperate with SHA512 successfully.
Creating more than Proof of Concept code will not be possible for RHEL 9.7/10.1. The SHA512 digests have not yet been fully incorporated by OCI, and most likely will not be before the end of 2025. In addition, many of the big registries such as Quay and Docker do not yet fully support SHA512.
So the end goal for this Epic is to prove that pulling, pushing, and operating an image with SHA512 digests is possible. Then, as part of the final delivery for this Epic, a design doc should be created documenting what needs to change code wise in each of the projects for the final delivery. That is currently scheduled for RHEL 9.8/10.2, and Podman v5.8.
For this epic, there will be no Productization testing or Documentation
- clones
-
RHEL-88750 [RHEL EPIC] POC - Container Tools can use SHA512 digests - RHEL 9.7
-
- Closed
-
- depends on
-
RUN-2452 Digest change from sha256
-
- Closed
-
- impacts account
-
RUN-2651 Investigate registry implementations that support sha512 digest
-
- Closed
-