syft icon indicating copy to clipboard operation
syft copied to clipboard
verified publisher icon anchore

Attestation Fails using GHCR as upstream image registry

Open spiffcs opened this issue 3 years ago • 2 comments

What happened: Keyless Attestation fails when interacting with GHCR: https://github.com/anchore/syft/issues/835#issuecomment-1138946411 https://github.com/anchore/syft/issues/835#issuecomment-1139082543

What you expected to happen: When I use syft's keyless attestation feature with GHCR I expect a status code 0 exit where:

  • Ephemeral keys are generated
  • A transparency log entry is created
  • And the attestation is successfully pushed to the GHCR registry
  • NO error regarding missing local PKI

How to reproduce it (as minimally and precisely as possible): syft attest <any GHCR IMAGE>

Anything else we need to know?: See report on this issue for more details: https://github.com/anchore/syft/issues/835

  • Output of syft version: v0.44.1

  • OS (e.g: cat /etc/os-release or similar): ubuntu 20.04

spiffcs avatar May 31 '22 13:05 spiffcs

cc @jauderho

spiffcs avatar May 31 '22 13:05 spiffcs

@spiffcs It's not OSX. I'm seeing this issue on a GitHub hosted runner using ubuntu 20.04.

Also, if you look at my last comment in #835, it appears NOT to be a GHCR only bug and more of a # of registries targeted bug. I reconfigured my workflow to only use Docker Hub and it still fails (when Docker Hub is the only registry defined).

jauderho avatar May 31 '22 15:05 jauderho