Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cosign tests began to fail on 2024-03-XX: cosign: Error: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key #2895

Closed
AkihiroSuda opened this issue Mar 24, 2024 · 2 comments · Fixed by #2896
Closed

Cosign tests began to fail on 2024-03-XX: cosign: Error: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key #2895

AkihiroSuda opened this issue Mar 24, 2024 · 2 comments · Fixed by #2896
Labels
area/ci e.g., CI failure area/cosign cosign bug Something isn't working

Comments

@AkihiroSuda
Copy link
Member

https://github.com/containerd/nerdctl/actions/runs/8397242607/job/23000193163?pr=2894

=== RUN   TestComposePushAndPullWithCosignVerify
    testutil.go:567: buildkitHost="unix:///run/buildkit-nerdctl-test/buildkitd.sock"
    testregistry_linux.go:49: hostIP="10.4.0.1", listenIP="0.0.0.0", listenPort=5000
    compose_run_linux_test.go:438: localhost IP="127.0.0.1"
    compose_run_linux_test.go:441: testImageRefPrefix="127.0.0.1:5000/"
    compose_run_linux_test.go:486: projectName="nerdctl-compose-test530510162"
    compose_run_linux_test.go:494: assertion failed: res.ExitCode is not exitCode: time="2024-03-22T22:59:35Z" level=info msg="Pulling image 127.0.0.1:5000/composebuild_svc0"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: Error: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: remote status:{"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\"mirror\": \"[https://sigstore-tuf-root.storage.googleapis.com\](https://sigstore-tuf-root.storage.googleapis.com/)","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\"metadata\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"root.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 9,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 6766,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"12 Sep 24 06:53 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t},"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"snapshot.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 132,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 2302,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"09 Apr 24 16:16 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t},"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"targets.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 9,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 5478,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"12 Sep 24 06:13 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t},"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"timestamp.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 170,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 721,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"29 Mar 24 16:08 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t}"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t}"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: }"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: main.go:74: error during command execution: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: remote status:{"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\"mirror\": \"[https://sigstore-tuf-root.storage.googleapis.com\](https://sigstore-tuf-root.storage.googleapis.com/)","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\"metadata\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"root.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 9,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 6766,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"12 Sep 24 06:53 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t},"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"snapshot.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 132,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 2302,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"09 Apr 24 16:16 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t},"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"targets.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 9,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 5478,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"12 Sep 24 06:13 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t},"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\"timestamp.json\": {"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"version\": 170,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"len\": 721,"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"expiration\": \"29 Mar 24 16:08 UTC\","
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t\t\"error\": \"\""
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t\t}"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: \t}"
        time="2024-03-22T22:59:36Z" level=info msg="cosign: }"
        time="2024-03-22T22:59:36Z" level=fatal msg="error while pulling image 127.0.0.1:5000/composebuild_svc0: exit status 1"
        
--- FAIL: TestComposePushAndPullWithCosignVerify (3.99s)
@AkihiroSuda AkihiroSuda added bug Something isn't working area/ci e.g., CI failure area/cosign cosign labels Mar 24, 2024
@AkihiroSuda
Copy link
Member Author

cc @developer-guy PTAL

@AkihiroSuda AkihiroSuda changed the title Cosign tests began to fail on 2023-03-XX: cosign: Error: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key Cosign tests began to fail on 2024-03-XX: cosign: Error: getting Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key Mar 24, 2024
@developer-guy
Copy link
Contributor

Cosign needs to be upgraded, https://sigstore.slack.com/archives/C01DGF0G8U9/p1710871645742299

@djdongjin djdongjin mentioned this issue Mar 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ci e.g., CI failure area/cosign cosign bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Cherry-picked to v1.7.6] update cosign image to latest release djdongjin/nerdctl
2 participants
@AkihiroSuda @developer-guy