for-mac
for-mac copied to clipboard
docker
Docker Content Trust failing to sign images with **no hashes specified for target** error on Docker Desktop
Description
I'm experiencing issues using Docker Content Trust to sign images using Docker Desktop on an M1 Mac (v4.30.0). I've tested the exact same process using Docker in a Multipass VM and it works fine there.
Reproduce
- Generate a new keypair.
$ docker trust key generate nigel
Generating key for nigel...
Enter passphrase for new nigel key with ID 1f78609:
Repeat passphrase for new nigel key with ID 1f78609:
Successfully generated and loaded private key.... public key available: /root/nigel.pub
- Associate keypair with new Docker Hub repo. Obviously create a new repo of your own.
$ docker trust signer add --key nigel.pub nigel nigelpoulton/ddd-trust2024
Adding signer "nigel" to nigelpoulton/dct...
Initializing signed repository for nigelpoulton/dct...
Enter passphrase for root key with ID aee3314:
Enter passphrase for new repository key with ID 1a18dd1:
Repeat passphrase for new repository key with ID 1a18dd1:
Successfully initialized "nigelpoulton/dct"
Successfully added signer: nigel to nigelpoulton/dct
- Sign an image and push to the new repo.
$ docker trust sign nigelpoulton/ddd-trust2024:signed
Signing and pushing trust data for local image nigelpoulton/ddd-trust2024:signed, may overwrite remote trust data
The push refers to repository [docker.io/nigelpoulton/ddd-trust2024]
4f4fb700ef54: Layer already exists
6495b414566f: Already exists
798676f7ef8b: Layer already exists
bca4290a9639: Layer already exists
5e1fc7f5df34: Layer already exists
28ad2149d870: Layer already exists
signed: digest: sha256:b65f9a1aa4e670bbafd0fbb91281ea95f9cdc5728aa546579e248dfbc0ea4bde size: 856
Signing and pushing trust metadata
failed to sign docker.io/nigelpoulton/ddd-trust2024:signed: no hashes specified for target ""
The image is pushed tot he repo but isn't signed. The last line of the output form step 3 seems to indicate the image name isn't being parsed properly. But that's a guess.
Expected behavior
The last command should ask me to enter passphrase, sign the image and push the signed image to the repo.
It's failing to sign the image.
docker version
Client:
Cloud integration: v1.0.35+desktop.13
Version: 26.1.1
API version: 1.45
Go version: go1.21.9
Git commit: 4cf5afa
Built: Tue Apr 30 11:44:56 2024
OS/Arch: darwin/arm64
Context: desktop-linux
Server: Docker Desktop 4.30.0 (149282)
Engine:
Version: 26.1.1
API version: 1.45 (minimum version 1.24)
Go version: go1.21.9
Git commit: ac2de55
Built: Tue Apr 30 11:48:04 2024
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.31
GitCommit: e377cd56a71523140ca6ae87e30244719194a521
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client:
Version: 26.1.1
Context: desktop-linux
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.14.0-desktop.1
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.27.0-desktop.2
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-compose
debug: Get a shell into any image or container (Docker Inc.)
Version: 0.0.29
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-debug
dev: Docker Dev Environments (Docker Inc.)
Version: v0.1.2
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-dev
extension: Manages Docker extensions (Docker Inc.)
Version: v0.2.23
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-extension
feedback: Provide feedback, right in your terminal! (Docker Inc.)
Version: v1.0.4
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-feedback
init: Creates Docker-related starter files for your project (Docker Inc.)
Version: v1.1.0
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-init
sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
Version: 0.6.0
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-sbom
scout: Docker Scout (Docker Inc.)
Version: v1.8.0
Path: /Users/nigelpoulton/.docker/cli-plugins/docker-scout
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 5
Server Version: 26.1.1
Storage Driver: overlayfs
driver-type: io.containerd.snapshotter.v1
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e377cd56a71523140ca6ae87e30244719194a521
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
seccomp
Profile: unconfined
cgroupns
Kernel Version: 6.6.26-linuxkit
Operating System: Docker Desktop
OSType: linux
Architecture: aarch64
CPUs: 10
Total Memory: 7.657GiB
Name: docker-desktop
ID: 4ef89f69-f58d-4f36-9010-79143e42e0b7
Docker Root Dir: /var/lib/docker
Debug Mode: false
HTTP Proxy: http.docker.internal:3128
HTTPS Proxy: http.docker.internal:3128
No Proxy: hubproxy.docker.internal
Labels:
com.docker.desktop.address=unix:///Users/nigelpoulton/Library/Containers/com.docker.docker/Data/docker-cli.sock
Experimental: false
Insecure Registries:
hubproxy.docker.internal:5555
127.0.0.0/8
Live Restore Enabled: false
WARNING: daemon is not using the default seccomp profile
Diagnostics ID
1B03B269-2302-40C7-8949-C2B1DE453584/20240507131954
Additional Info
It works as expected on a Multipass VM (Multipass on Mac M1/arm) running the following Docker version.
Docker version from Multipass VM
Client: Docker Engine - Community
Version: 26.1.0
API version: 1.45
Go version: go1.21.9
Git commit: 9714adc
Built: Mon Apr 22 17:07:40 2024
OS/Arch: linux/arm64
Context: default
Server: Docker Engine - Community
Engine:
Version: 26.1.0
API version: 1.45 (minimum version 1.24)
Go version: go1.21.9
Git commit: c8af8eb
Built: Mon Apr 22 17:07:40 2024
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.31
GitCommit: e377cd56a71523140ca6ae87e30244719194a521
runc:
Version: 1.1.12
GitCommit: v1.1.12-0-g51d5e94
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Docker info from Multipass VM
Client: Docker Engine - Community
Version: 26.1.0
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.14.0
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.26.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 4
Server Version: 26.1.0
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: active
NodeID: tk9eblzjujzg46n55uxksrbx3
Is Manager: true
ClusterID: ww5xm6bym7v0plt3ov09g3ng9
Managers: 1
Nodes: 3
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 4 weeks
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 192.168.64.84
Manager Addresses:
192.168.64.84:2377
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: e377cd56a71523140ca6ae87e30244719194a521
runc version: v1.1.12-0-g51d5e94
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.0-102-generic
Operating System: Ubuntu 22.04.4 LTS
OSType: linux
Architecture: aarch64
CPUs: 2
Total Memory: 3.819GiB
Name: docker2
ID: 8d36f2de-9153-45cc-95b7-2521b744fa69
Docker Root Dir: /var/lib/docker
Debug Mode: false
Username: nigelpoulton
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
I have this issue as well:
The push refers to repository [docker.io/deindorfer/signtest:0.2] 0.2: digest: sha256:f93075552d3e4a5e944556131f230f3e1ff80f39aa96634bae03bcc7d7374968 size: 424 Signing and pushing trust metadata failed to sign docker.io/deindorfer/signtest:0.2: no hashes specified for target ""
same here; its been 5 months now since the issue was first reported, what has been a work-around if any?
I encounter same issue on Mac Air.
$ docker version
Client:
Version: 27.4.0
API version: 1.47
Go version: go1.22.10
Git commit: bde2b89
Built: Sat Dec 7 10:35:43 2024
OS/Arch: darwin/amd64
Context: desktop-linux
Same on M2 MBP as well. Here’s debug output from docker desktop v4.38.0, hope it helps!
docker -D trust sign username/content-trust-demo:alpine-signed
time="2025-02-05T10:55:51-05:00" level=debug msg="otel error" error="1 errors occurred detecting resource:\n\t* conflicting Schema URL: https://opentelemetry.io/schemas/1.21.0 and https://opentelemetry.io/schemas/1.26.0"
time="2025-02-05T10:55:51-05:00" level=debug msg="reading certificate directory: /Users/brentchang/.docker/tls/notary.docker.io"
time="2025-02-05T10:55:51-05:00" level=debug msg="Making dir path: /Users/brentchang/.docker/trust/tuf/docker.io/username/content-trust-demo/changelist"
time="2025-02-05T10:55:51-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="updating TUF client"
time="2025-02-05T10:55:51-05:00" level=debug msg="Loading timestamp..."
time="2025-02-05T10:55:51-05:00" level=debug msg="200 when retrieving metadata for timestamp"
time="2025-02-05T10:55:51-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="successfully verified downloaded timestamp"
time="2025-02-05T10:55:51-05:00" level=debug msg="Loading snapshot..."
time="2025-02-05T10:55:51-05:00" level=debug msg="snapshot role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="successfully verified cached snapshot"
time="2025-02-05T10:55:51-05:00" level=debug msg="Loading targets..."
time="2025-02-05T10:55:51-05:00" level=debug msg="targets role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="successfully verified cached targets"
time="2025-02-05T10:55:51-05:00" level=debug msg="skipping targets/demo-key because there is no checksum for it"
time="2025-02-05T10:55:51-05:00" level=debug msg="skipping targets/releases because there is no checksum for it"
time="2025-02-05T10:55:51-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:51-05:00" level=debug msg="updating TUF client"
time="2025-02-05T10:55:51-05:00" level=debug msg="Loading timestamp..."
time="2025-02-05T10:55:51-05:00" level=debug msg="200 when retrieving metadata for timestamp"
time="2025-02-05T10:55:51-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="successfully verified downloaded timestamp"
time="2025-02-05T10:55:51-05:00" level=debug msg="Loading snapshot..."
time="2025-02-05T10:55:51-05:00" level=debug msg="snapshot role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="successfully verified cached snapshot"
time="2025-02-05T10:55:51-05:00" level=debug msg="Loading targets..."
time="2025-02-05T10:55:51-05:00" level=debug msg="targets role has key IDs: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:51-05:00" level=debug msg="successfully verified cached targets"
time="2025-02-05T10:55:51-05:00" level=debug msg="skipping targets/demo-key because there is no checksum for it"
time="2025-02-05T10:55:51-05:00" level=debug msg="skipping targets/releases because there is no checksum for it"
Signing and pushing trust data for local image username/content-trust-demo:alpine-signed, may overwrite remote trust data
The push refers to repository [docker.io/username/content-trust-demo]
0eeab5c20069: Layer already exists
alpine-signed: digest: sha256:afc845fd4ceb5a904087066567df0c2232929290e642c47c920227e65dc9937c size: 528
Signing and pushing trust metadata
time="2025-02-05T10:55:52-05:00" level=debug msg="reading certificate directory: /Users/brentchang/.docker/tls/notary.docker.io"
time="2025-02-05T10:55:52-05:00" level=debug msg="Making dir path: /Users/brentchang/.docker/trust/tuf/docker.io/username/content-trust-demo/changelist"
time="2025-02-05T10:55:52-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="updating TUF client"
time="2025-02-05T10:55:52-05:00" level=debug msg="Loading timestamp..."
time="2025-02-05T10:55:52-05:00" level=debug msg="200 when retrieving metadata for timestamp"
time="2025-02-05T10:55:52-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="successfully verified downloaded timestamp"
time="2025-02-05T10:55:52-05:00" level=debug msg="Loading snapshot..."
time="2025-02-05T10:55:52-05:00" level=debug msg="snapshot role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="successfully verified cached snapshot"
time="2025-02-05T10:55:52-05:00" level=debug msg="Loading targets..."
time="2025-02-05T10:55:52-05:00" level=debug msg="targets role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="successfully verified cached targets"
time="2025-02-05T10:55:52-05:00" level=debug msg="skipping targets/demo-key because there is no checksum for it"
time="2025-02-05T10:55:52-05:00" level=debug msg="skipping targets/releases because there is no checksum for it"
time="2025-02-05T10:55:52-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="entered ValidateRoot with dns: docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="found the following root keys: [--redacted--]"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 valid leaf certificates for docker.io/username/content-trust-demo: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="found 1 leaf certs, of which 1 are valid leaf certs for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking root against trust_pinning config for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="checking trust-pinning for cert: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg=" role has key IDs: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="root validation succeeded for docker.io/username/content-trust-demo"
time="2025-02-05T10:55:52-05:00" level=debug msg="updating TUF client"
time="2025-02-05T10:55:52-05:00" level=debug msg="Loading timestamp..."
time="2025-02-05T10:55:52-05:00" level=debug msg="200 when retrieving metadata for timestamp"
time="2025-02-05T10:55:52-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="timestamp role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="successfully verified downloaded timestamp"
time="2025-02-05T10:55:52-05:00" level=debug msg="Loading snapshot..."
time="2025-02-05T10:55:52-05:00" level=debug msg="snapshot role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="successfully verified cached snapshot"
time="2025-02-05T10:55:52-05:00" level=debug msg="Loading targets..."
time="2025-02-05T10:55:52-05:00" level=debug msg="targets role has key IDs: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="verifying signature for key ID: --again,redacted--"
time="2025-02-05T10:55:52-05:00" level=debug msg="successfully verified cached targets"
time="2025-02-05T10:55:52-05:00" level=debug msg="skipping targets/demo-key because there is no checksum for it"
time="2025-02-05T10:55:52-05:00" level=debug msg="skipping targets/releases because there is no checksum for it"
time="2025-02-05T10:55:52-05:00" level=debug msg="otel error" error="failed to upload metrics: context deadline exceeded: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial unix /Users/brentchang/.docker/run/user-analytics.otlp.grpc.sock: connect: no such file or directory\""
time="2025-02-05T10:55:52-05:00" level=debug msg="otel error" error="failed to upload metrics: context deadline exceeded: rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing: dial unix /Users/brentchang/.docker/run/user-analytics.otlp.grpc.sock: connect: no such file or directory\""
failed to sign docker.io/username/content-trust-demo:alpine-signed: no hashes specified for target ""
