Issue #366: Fedora Cloud Base and Container Base should support machinectl --verify=signature - cloud-sig

cloud-sig

#366 Fedora Cloud Base and Container Base should support machinectl --verify=signature

Opened 2 years ago by chrismurphy. Modified 2 years ago

Fedora Cloud Base and Container Base should support machinectl --verify=signature
https://bugzilla.redhat.com/show_bug.cgi?id=2048035

$ sudo machinectl pull-raw https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.raw.xz FCB35-20220127
Enqueued transfer job 2. Press C-c to continue download in background.
Pulling 'https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.raw.xz', saving as 'FCB35-20220127'.
Downloading 299.4M for https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.raw.xz.
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.roothash.p7s failed with code 404.
Root hash signature file could not be retrieved, proceeding without.
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.nspawn failed with code 404.
Settings file could not be retrieved, proceeding without.
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.verity failed with code 404.
Verity integrity file could not be retrieved, proceeding without. https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.verity
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/SHA256SUMS.gpg failed with code 404.
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/Fedora-Cloud-Base-35-20220128.0.x86_64.roothash failed with code 404.
Root hash file could not be retrieved, proceeding without.
HTTP request to https://kojipkgs.fedoraproject.org//packages/Fedora-Cloud-Base/35/20220128.0/images/SHA256SUMS failed with code 404.
Failed to retrieve SHA256 checksum, cannot verify. (Try --verify=no?)
Exiting.

machinectl uses --verify=signature by default, but we're not publishing anything that it can use to verify the image.

Metadata Update from @davdunc:
- Issue tagged with: meeting

2 years ago

Metadata

Assignee

None

Tags

Blocking

None

Depending on

None

cloud-sig

Source Code

#366 Fedora Cloud Base and Container Base should support machinectl --verify=signature Opened 2 years ago by chrismurphy. Modified 2 years ago

Close issue as:

Metadata

meeting

#366 Fedora Cloud Base and Container Base should support machinectl --verify=signature

Opened 2 years ago by chrismurphy. Modified 2 years ago