Offline transfer and import

Status: draft — content will evolve as procedures are finalized.

How to move artifacts from the connected mirror factory to the disconnected site.

Prepare bundle

• Export registry content, package mirrors, wheel caches, and BOM metadata into signed archives.
• Generate checksum manifests for each archive and store them separately for verification.

Transfer

• Use approved removable media or a guarded jump host with one-way controls.
• Record chain-of-custody details for each handoff.

flowchart LR
    A[Export artifacts] --> B[Checksum & sign]
    B --> C[Controlled media handoff]
    C --> D[Integrity verification]
    D --> E[Restore into disconnected site]

    C:::checkpoint
    D:::gate

    classDef stage fill:#e7f1fb,stroke:#0d6efd,stroke-width:1px,color:#0d1126;
    classDef checkpoint fill:#fff3cd,stroke:#f0ad4e,stroke-width:2px,color:#4a3b00;
    classDef gate fill:#d1e7dd,stroke:#198754,stroke-width:2px,color:#0b2a1b;

    class A,B,E stage;

Import

1. Verify signatures and checksums before attaching media to the disconnected environment.
2. Restore registries and mirrors to their expected paths and namespaces.
3. Publish BOM metadata and validation logs to the results store.

Validation

• Pull sample images and install representative packages to confirm offline availability.
• Capture command outputs and upload them with the BOM for auditability.