You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enable use-sigstore-attachments: true in /etc/containers/registries.d/default.yaml.
Copy container image with --sign-by-sigstore-private-key option to Harbor registry server.
[root@cbfe85fba3e6 /]# skopeo copy docker://docker.io/library/alpine:3 docker://harbor.xxx.com/library/alpine:3 --dest-tls-verify=false --sign-by-sigstore-private-key=./sigstore.private Passphrase for key ./sigstore.private: Getting image source signaturesCopying blob 4abcf2066143 skipped: already exists Copying config 05455a0888 done | Writing manifest to image destinationCreating signature: Signing image using a sigstore signatureStoring signaturesFATA[0005] copying system image from manifest list: writing signatures: reading manifest sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig in harbor.xxx.com/library/alpine: unknown: artifact library/alpine:sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig not found
Debug output:
[root@cbfe85fba3e6 /]# skopeo copy docker://docker.io/library/alpine:3 docker://harbor.xxx.com/library/alpine:3 --dest-tls-verify=false --sign-by-sigstore-private-key=./sigstore.private --debugPassphrase for key ./sigstore.private:DEBU[0002] Using registries.d directory /etc/containers/registries.dDEBU[0002] Loading registries configuration "/etc/containers/registries.conf"DEBU[0002] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf"DEBU[0002] Found credentials for harbor.xxx.com/library/alpine in credential helper containers-auth.json in file /tmp/auth.jsonDEBU[0002] Lookaside configuration: using "default-docker" configurationDEBU[0002] No signature storage configuration found for harbor.xxx.com/library/alpine:3, using built-in default file:///var/lib/containers/sigstoreDEBU[0002] Looking for TLS certificates and private keys in /etc/docker/certs.d/harbor.xxx.comDEBU[0002] Sigstore attachments: using "default-docker" configurationDEBU[0002] Using registries.d directory /etc/containers/registries.dDEBU[0002] Trying to access "docker.io/library/alpine:3"DEBU[0002] No credentials matching docker.io/library/alpine found in /tmp/auth.jsonDEBU[0002] No credentials for docker.io/library/alpine foundDEBU[0002] Lookaside configuration: using "default-docker" configurationDEBU[0002] No signature storage configuration found for docker.io/library/alpine:3, using built-in default file:///var/lib/containers/sigstoreDEBU[0002] Looking for TLS certificates and private keys in /etc/docker/certs.d/docker.ioDEBU[0002] Sigstore attachments: using "default-docker" configurationDEBU[0002] GET https://registry-1.docker.io/v2/DEBU[0002] Ping https://registry-1.docker.io/v2/ status 401DEBU[0002] GET https://auth.docker.io/token?scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.ioDEBU[0003] GET https://registry-1.docker.io/v2/library/alpine/manifests/3DEBU[0003] Content-Type from manifest GET is "application/vnd.docker.distribution.manifest.list.v2+json"DEBU[0003] Using SQLite blob info cache at /var/lib/containers/cache/blob-info-cache-v1.sqliteDEBU[0004] Source is a manifest list; copying (only) instance sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 for current systemDEBU[0004] GET https://registry-1.docker.io/v2/library/alpine/manifests/sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0DEBU[0004] Content-Type from manifest GET is "application/vnd.docker.distribution.manifest.v2+json"DEBU[0004] IsRunningImageAllowed for image docker:docker.io/library/alpine:3DEBU[0004] Using default policy sectionDEBU[0004] Requirement 0: allowedDEBU[0004] Overall: allowedGetting image source signaturesDEBU[0004] Reading /var/lib/containers/sigstore/library/alpine@sha256=6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0/signature-1DEBU[0004] Looking for sigstore attachments in docker.io/library/alpine:sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sigDEBU[0004] GET https://registry-1.docker.io/v2/library/alpine/manifests/sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sigDEBU[0004] Content-Type from manifest GET is "application/json"DEBU[0004] Fetching sigstore attachment manifest failed, assuming it does not exist: reading manifest sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig in docker.io/library/alpine: manifest unknownDEBU[0004] Manifest has MIME type application/vnd.docker.distribution.manifest.v2+json, ordered candidate list [application/vnd.docker.distribution.manifest.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, application/vnd.oci.image.manifest.v1+json, application/vnd.oci.image.index.v1+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.docker.distribution.manifest.v1+json]DEBU[0004] ... will first try using the original manifest unmodifiedDEBU[0004] Checking if we can reuse blob sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8: general substitution = false, compression for MIME type "application/vnd.docker.image.rootfs.diff.tar.gzip" = trueDEBU[0004] Checking /v2/library/alpine/blobs/sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8DEBU[0004] GET https://harbor.xxx.com/v2/DEBU[0004] Ping https://harbor.xxx.com/v2/ err Get "https://harbor.xxx.com/v2/": http: server gave HTTP response to HTTPS client (&url.Error{Op:"Get", URL:"https://harbor.xxx.com/v2/", Err:(*errors.errorString)(0x5616c1ab7820)})DEBU[0004] GET http://harbor.xxx.com/v2/DEBU[0004] Ping http://harbor.xxx.com/v2/ status 401DEBU[0004] GET http://harbor.xxx.com/service/token?account=admin&scope=repository%3Alibrary%2Falpine%3Apull%2Cpush&service=harbor-registryDEBU[0004] HEAD http://harbor.xxx.com/v2/library/alpine/blobs/sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8DEBU[0004] ... already existsDEBU[0004] Skipping blob sha256:4abcf20661432fb2d719aaf90656f55c287f8ca915dc1c92ec14ff61e67fbaf8 (already present):Copying blob 4abcf2066143 skipped: already existsDEBU[0004] Downloading /v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bdDEBU[0004] GET https://registry-1.docker.io/v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bdCopying config 05455a0888 [--------------------------------------] 0.0b / 1.4KiB | 0.0 b/sDEBU[0004] No compression detectedDEBU[0004] Compression change for blob sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bd ("application/vnd.docker.container.image.v1+json") not supportedDEBU[0004] Using original blob without modificationDEBU[0004] Checking /v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bdDEBU[0004] HEAD http://harbor.xxx.com/v2/library/alpine/blobs/sha256:05455a08881ea9cf0e752bc48e61bbd71a34c029bb13df01e40e3e70e0d007bdCopying config 05455a0888 done |Writing manifest to image destinationDEBU[0004] PUT http://harbor.xxx.com/v2/library/alpine/manifests/3Creating signature: Signing image using a sigstore signatureStoring signaturesDEBU[0004] Looking for sigstore attachments in harbor.xxx.com/library/alpine:sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sigDEBU[0004] GET http://harbor.xxx.com/v2/library/alpine/manifests/sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sigDEBU[0004] Content-Type from manifest GET is "application/json; charset=utf-8"DEBU[0004] Fetching sigstore attachment manifest failed: reading manifest sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig in harbor.xxx.com/library/alpine: unknown: artifact library/alpine:sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig not foundFATA[0004] copying system image from manifest list: writing signatures: reading manifest sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig in harbor.xxx.com/library/alpine: unknown: artifact library/alpine:sha256-6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0.sig not found
Description
To reproduce:
use-sigstore-attachments: true
in/etc/containers/registries.d/default.yaml
.--sign-by-sigstore-private-key
option to Harbor registry server.Debug output:
1.15.0
v2.8.5
Related code position: https://github.com/containers/image/blob/v5.30.0/docker/docker_client.go#L1112C3-L1115C4
The text was updated successfully, but these errors were encountered: