Bug 42284 – Provide cryptographic signatures for UCS images hosted on Docker hub

Bug 42284 - Provide cryptographic signatures for UCS images hosted on Docker hub


Summary:	Provide cryptographic signatures for UCS images hosted on Docker hub

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	Docker
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assigned To:	App Center maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-09-06 12:43 CEST by Arvid Requate
Modified:	2020-07-03 20:55 CEST (History)
CC List:	1 user (show)

See Also:	42282
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016090521000549
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2016-09-06 12:43:46 CEST

Ticket#2016090521000549:

A customer asked for a way to verify the authenticity and integrity of the UCS Docker images hosted on https://hub.docker.com/u/univention/ .

The simple idea was that a univention controlled website should provide a signature (e.g. gpg) of the sha256 hash of the images (docker push shows the sha256 digest).

docker pull can retrieve images by the hash:

docker pull someimage@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a

see https://docs.docker.com/v1.10/engine/security/trust/content_trust/

Comment 1 Ingo Steuwer

2020-07-03 20:55:43 CEST

This issue has been filed against UCS 4.2.

UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.