Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-99339

GPGME Mechanism Causing gpg-agent Process Stuck Issue

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • No
    • Low
    • rhel-jotnar
    • ssg_core_services
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat OpenShift Container Platform
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      Cu was trying to pull a GPG-signed container image using CRI-IO, but the operation is failing due to the stuck gpg-agent process.
      It "seems" to be related to https://github.com/containers/image/issues/1777

      What is the impact of this issue to you?

      The impact is significant as it prevents us from securely pulling and deploying GPG-signed container images and also block Cu production environment. Also, this can lead to potential security risks if we're unable to verify the authenticity of the images.

      Please provide the package NVR for which the bug is seen:

      gpgme-1.15.1-6.el9.x86_64

      using cri-o-1.30.10-8.rhaos4.17.gite22f6d2.el9.x86_64 on Red Hat Enterprise Linux CoreOS release 4.17

      How reproducible is this bug?:
      Always

      Steps to reproduce

      1. Having a pod referencing a container registry with a signed GPG signature

      Expected results

      Image pull succesfully

      Actual results

      1. container creation is hanging for ever.

              jotnar-project Jötnar Project
              rh-ee-scaps Sebastien Caps
              Michal Hlavinka Michal Hlavinka
              Jötnar Project Jötnar Project
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: