Support Post-Quantum Cryptography #2237
Description
Is your feature request related to a problem? Please describe.
AAP container images on "registry.redhat.io" were published with PQC (post-quantum cryptography) signatures in addition to legacy signatures. pulp_container cannot process the GPG v6 PQC signature layer, which causes container signature verification to fail during installs or upgrades.
pulp [48cb258faa9c4ea0913ddcf73031afef]: gnupg:WARNING: gpg returned a non-zero error code: 2 Mar 03 14:48:20 ip-10-0-1-203.ec2.internal gunicorn[43648]: pulp [48cb258faa9c4ea0913ddcf73031afef]: pulp_container.app.utils:INFO: It is not possible to read the signed document, GPG error: gpg: onepass_sig with unknown version
Describe the solution you'd like
This shouldn't fail outright
Additional context
https://issues.redhat.com/browse/AAP-67344
https://issues.redhat.com/browse/PULP-1288