-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
rhel-9.4.z
-
No
-
Low
-
rhel-jotnar
-
ssg_core_services
-
3
-
False
-
False
-
-
None
-
Red Hat OpenShift Container Platform
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
Cu was trying to pull a GPG-signed container image using CRI-IO, but the operation is failing due to the stuck gpg-agent process.
It "seems" to be related to https://github.com/containers/image/issues/1777
What is the impact of this issue to you?
The impact is significant as it prevents us from securely pulling and deploying GPG-signed container images and also block Cu production environment. Also, this can lead to potential security risks if we're unable to verify the authenticity of the images.
Please provide the package NVR for which the bug is seen:
gpgme-1.15.1-6.el9.x86_64
using cri-o-1.30.10-8.rhaos4.17.gite22f6d2.el9.x86_64 on Red Hat Enterprise Linux CoreOS release 4.17
How reproducible is this bug?:
Always
Steps to reproduce
- Having a pod referencing a container registry with a signed GPG signature
Expected results
Image pull succesfully
Actual results
- container creation is hanging for ever.
- blocks
-
OCPBUGS-57893 Pulling image with signature checking with CRI-O hangs
-
- New
-