/etc/pki/rpm-gpg/ISV-Container-signing-key is missing in OpenShift Container Platform 4.13 and later

Solution Verified - Updated -

Issue

  • We have Container image signatures configured and found that with OpenShift 4.13 and later version, verification of 3rd party container is failing because /etc/pki/rpm-gpg/ISV-Container-signing-key is missing on the RHCOS system. Previously in OpenShift Container Platform 4.12 and before, /etc/pki/rpm-gpg/ISV-Container-signing-key was there and available and hence verification of the Images was working as expected.
  • While /etc/pki/rpm-gpg/ISV-Container-signing-key is available in Red Hat Enterprise Linux 8 it was found that the key is missing in Red Hat Enterprise Linux 9, causing container image verification to fail
  • Why is /etc/pki/rpm-gpg/ISV-Container-signing-key missing in Red Hat Enterprise Linux 9

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.13
    • 4.14
    • 4.15
  • Red Hat Enterprise Linux (RHEL) 9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content