Skip to content

UPSTREAM: containers/image: <carry>: Do not check lifetime for v3 gpg signature #15490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Jul 27, 2017
Merged

UPSTREAM: containers/image: <carry>: Do not check lifetime for v3 gpg signature #15490

openshift-merge-robot merged 1 commit into from
Jul 27, 2017

Conversation

@mfojtik
Copy link
Contributor

@mfojtik mfojtik commented Jul 27, 2017
edited
Loading

Fixes: #15489

@mtrmac

With this fix:

$ oc adm verify-image-signature sha256:582cb940a6e730dbdffee7cc5e1983522fdeeb3c40bea7373b255a209124cc02 --expected-identity=registry.access.redhat.com/rhel7:latest --public-key=/tmp/redhat.pub --save

$ oc describe istag rhel7:latest
Image Signatures:
			Name:		sha256:582cb940a6e730dbdffee7cc5e1983522fdeeb3c40bea7373b255a209124cc02@rhel7
			Type:		AtomicImageV1
			Status:		Verified
			Issued By:	199E2F91FD431D51
			Signature is Trusted (verified by user "test-admin" on 2017-07-27 10:44:00 +0200 CEST)
			Signature is ForImage ( on 2017-07-27 10:44:00 +0200 CEST)

@openshift-merge-robot openshift-merge-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 27, 2017
@mfojtik mfojtik assigned soltysh and unassigned smarterclayton and bparees Jul 27, 2017
@mfojtik mfojtik added this to the 3.6.0 milestone Jul 27, 2017
This was referenced Jul 27, 2017
Closed
Merged
@soltysh
Copy link
Contributor

soltysh commented Jul 27, 2017

/approve
/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 27, 2017
@mfojtik
Copy link
Contributor Author

mfojtik commented Jul 27, 2017
edited
Loading

/approve no-issue

@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Jul 27, 2017

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mfojtik, soltysh

No associated issue. Update pull-request body to add a reference to an issue, or get approval with /approve no-issue

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 27, 2017
@mfojtik
Copy link
Contributor Author

mfojtik commented Jul 27, 2017

/retest

@mfojtik mfojtik mentioned this pull request Jul 27, 2017
Closed
@mtrmac
Copy link
Contributor

mtrmac commented Jul 27, 2017

ACK.

@mfojtik
Copy link
Contributor Author

mfojtik commented Jul 27, 2017

flake: #13536

@mfojtik
Copy link
Contributor Author

mfojtik commented Jul 27, 2017

/test extended_conformance_gce

openshift-merge-robot added a commit that referenced this pull request Jul 27, 2017
@openshift-merge-robot
Merge pull request #15491 from mfojtik/36-verify-image-fix
0e0901c 
Automatic merge from submit-queue

[3.6] UPSTREAM: containers/image: <carry>: Do not check lifetime for v3 gpg signatures

3.6 version of #15490
@mfojtik
Copy link
Contributor Author

mfojtik commented Jul 27, 2017

/test extended_conformance_gce

@0xmichalis
Copy link
Contributor

0xmichalis commented Jul 27, 2017

Shouldn't be tagged as critical since the freeze tomorrow should be for 3.6

@0xmichalis
Copy link
Contributor

0xmichalis commented Jul 27, 2017

/joke

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 27, 2017

@Kargakis: This is my step ladder. I never knew my real ladder..

Details

In response to this:

/joke

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@0xmichalis
Copy link
Contributor

0xmichalis commented Jul 27, 2017

/joke

should not work

@0xmichalis
Copy link
Contributor

0xmichalis commented Jul 27, 2017

/joke

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jul 27, 2017

@Kargakis: Without geometry life is pointless..

Details

In response to this:

/joke

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Jul 27, 2017

Automatic merge from submit-queue

@openshift-merge-robot openshift-merge-robot merged commit 39e156b into openshift:master Jul 27, 2017
@mfojtik mfojtik deleted the verify-image-fix branch September 5, 2018 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@soltysh soltysh

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. priority/P0 queue/critical-fix size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

3.6.0

Development

Successfully merging this pull request may close these issues.

oc adm verify-signature panics when verifying gpg v3 signature

8 participants

@mfojtik @soltysh @openshift-merge-robot @mtrmac @0xmichalis @openshift-ci-robot @smarterclayton @bparees