oc-mirror

Release 0.1.7

A utility that can be used to mirror OpenShift releases between docker registries.

Repository PyPI Python

Keywords
integrity, mirror, oc, oc-mirror, openshift, sign, signatures, verify
License
GPL-3.0
Install
pip install oc-mirror==0.1.7

Documentation

oc-mirror

pypi version build status coverage status python versions linting code style license

Overview

A utility that can be used to mirror OpenShift releases, Operator releases, and atomic signatures between docker registries.

Installation

From pypi.org 

$ pip install oc_mirror

From source code

$ git clone https://github.com/crashvb/oc-mirror
$ cd oc-mirror
$ virtualenv env
$ source env/bin/activate
$ python -m pip install --editable .[dev]

Usage

Creating an atomic signature

Note: Currently, only WebDAV upload is supported.

  atomic \
    --signature-store https://my-webdav-server/ \
    sign \
    --keyid=my-magic-keyid \
    registry.redhat.io/redhat/redhat-operator-index:v4.8@sha256:6ddf56b65877a0d603fcc8f06bca7314f18816d5734c878094b7a1b5598ce251

Verifying an atomic signature

DRCA_CREDENTIALS_STORE=~/.docker/quay.io-pull-secret.json \
  atomic \
    --signature-store=https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release \
    --signature-type=manifest \
    verify \
    quay.io/openshift-release-dev/ocp-release:4.4.6-x86_64@sha256:7613d8f7db639147b91b16b54b24cfa351c3cbde6aa7b7bf1b9c80c260efad06

Mirroring an OpenShift release

DRCA_CREDENTIALS_STORE=~/.docker/quay.io-pull-secret.json \
oc-mirror \
  --signature-store=https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release \
  mirror \
  quay.io/openshift-release-dev/ocp-release:4.4.6-x86_64 \
  some-other-registry.com:5000/openshift-release-dev/ocp-release:4.4.6-x86_64

Mirroring an Operator release

DRCA_CREDENTIALS_STORE=~/.docker/quay.io-pull-secret.json \
op-mirror \
  --no-check-signatures \
  mirror \
  registry.redhat.io/redhat/redhat-operator-index:v4.8 \
  some-other-registry.com:5000/redhat/redhat-operator-index:v4.8 \
  compliance-operator:release-0.1 \
  local-storage-operator \
  ocs-operator

Environment Variables

Variable Default Value Description
ATOMIC_KEYID Identifier of the GnuPG key to use for signing.
ATOMIC_KEYPASS The corresponding key passphrase.
ATOMIC_SIGNATURE_STORE https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release Signature store location at which atomic signatures are (to be) located.
ATOMIC_SIGNATURE_TYPE iamge-config Whether atomic signature digest reference Manifests or Image Configurations.
ATOMIC_SIGNING_KEY Path to the GnuPG armored keys used to verify atomic signatures.
OCM_SIGNATURE_STORE use locations embedded in release metadata Signature store location at which atomic signatures are located.
OCM_SIGNING_KEY use keys embedded in release metadata Path to the GnuPG armored keys used to verify atomic signatures.
OPM_SIGNATURE_STORE https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release Signature store location at which atomic signatures are located.
OPM_SIGNING_KEY Path to the GnuPG armored keys used to verify atomic signatures.

Development

Source Control

Stats

Dependencies
18
Dependent packages
0
Dependent repositories
0
Total releases
8
Latest release
First release
Stars
0
Forks
0
Watchers
1
Contributors
1
Repository size
252 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0

Contributors

Richard Davis


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-04-06 22:55:56 UTC

Login to resync this project