Skip to content

Offline delivery and import

Status: coming in next versions — detailed packaging, integrity, and handoff steps will be documented here.

This LLD outlines how artifacts move from the connected mirror factory into the disconnected build site.

Transfer bundle

  • Assemble registry exports, package mirror snapshots, wheel caches, and BOM metadata into a signed bundle.
  • Include checksum manifests for every tarball and image list to support integrity verification.

Transport controls

  • Use one-way transfer media (write-once removable storage or guarded jump hosts) with chain-of-custody logging.
  • Verify signatures and checksums before the media crosses the trust boundary.

Import steps

  • Restore registry layers and manifests into the disconnected registry namespace.
  • Rehydrate package mirrors to the expected directory layout and validate against recorded counts and digests.
  • Import BOM metadata and publish it to object storage for traceability.

Post-import verification

  • From a build node, pull sample images and install representative packages using only the restored endpoints.
  • Record results alongside the BOM to prove the offline environment matches the bundle.