From 9eea8d74876fe07d5c28ba29b09214b0beb12948 Mon Sep 17 00:00:00 2001 From: Jan Wozniak Date: Fri, 15 Jun 2018 15:52:16 +0200 Subject: [PATCH] emphasize deletion of all signatures if using invalid identity --- admin_guide/image_signatures.adoc | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/admin_guide/image_signatures.adoc b/admin_guide/image_signatures.adoc index a7c9163f54b2..b05563775a57 100644 --- a/admin_guide/image_signatures.adoc +++ b/admin_guide/image_signatures.adoc @@ -124,9 +124,15 @@ $ oc adm policy add-cluster-role-to-user system:image-auditor endif::[] ==== +[IMPORTANT] +==== Using the `--save` flag on already verified image together with invalid GPG key -or invalid expected identity causes the saved verification status to be removed, -and the image will become unverified. +or invalid expected identity causes the saved verification status and all +signatures to be removed, and the image will become unverified. + +In order to avoid deleting all signatures by mistake, you can run the command +without the `--save` flag first and check the logs for potential issues. +==== To verify an image signature use the following format: