Summary: Implement functionality to allow users to configure the digest algorithm used for image hashes in Podman, enabling support for algorithms like SHA512.

Description:

Currently, Podman primarily uses SHA256 for image digests. With the evolving landscape of cryptography and the advent of post-quantum cryptography (PQC) requirements, there is a growing need to support stronger and more flexible digest algorithms, such as SHA512. This story aims to introduce a mechanism within Podman that allows users to specify the digest algorithm to be used when hashing images.

This change is a foundational step towards meeting future security mandates and providing users with greater control over the cryptographic properties of their images. It will enable Podman to align with upcoming PQC standards that may deprecate SHA256 in favor of more robust algorithms like SHA512.

The scope of this story is to make the digest algorithm configurable, not to fully implement PQC-compliant image signing or verification. Please note that registry support for alternative digest algorithms is not in scope for this story and is being addressed in separate efforts. It focuses on the hashing mechanism itself.

Proposed Solution:

• Introduce a new configuration option (e.g., in containers.conf or as a command-line flag for relevant commands like podman build, podman push, podman pull) that allows users to specify the desired digest algorithm (e.g., sha256, sha512).

• Ensure that Podman's internal image handling (storage, manifest generation, etc.) can correctly utilize and store images hashed with the configured algorithm.

• Validate user input for the digest algorithm to ensure only supported algorithms are accepted.

• Consider the impact on existing image formats and registries, ensuring backward and forward compatibility where possible, or clearly documenting any limitations.

Acceptance Criteria:

• Users can specify a digest algorithm (e.g., sha256, sha512) via a configuration setting or command-line option for `podman push`.

• Podman successfully generates image digests using the configured algorithm.

• Podman can correctly pull and push images that use the newly supported digest algorithms (e.g., SHA512).

• The chosen digest algorithm is correctly reflected in image manifests and other metadata.

• Error handling is in place for unsupported or invalid digest algorithm inputs.

• Documentation is updated to reflect the new configuration option and its implications.