notation icon indicating copy to clipboard operation
notation copied to clipboard

Published 20 hours ago verified publisher icon notaryproject

Print manifests as part of the `--debug` option

Open toddysm opened this issue 1 year ago • 2 comments

What is the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

Pushing Notary signatures to Docker Hub is failing at the moment with a non-descriptive error:

ERRO[2023-03-24T07:34:17-07:00] Failed to push the signature                 
Error: failed to push signature to registry with error: failed to push manifest: PUT "https://registry-1.docker.io/v2/toddysm/kubeconeu23-python/manifests/sha256:ec62b6eafefe1514bd5c67889ede1fdb6094aa2e0759f110dd575a7c2701fedd": response status code 404: notfound: not found

This is the command I am using:

notation sign --signature-format cose --key $KEY_NAME --debug docker.io/toddysm/kubeconeu23-python:3.11.2-slim

What solution do you propose?

With the changes in OCI spec it will be good to be able to troubleshoot the manifests that are sent to the registries. having the ability to print the manifests and their digests as part of the --debug output would be helpful with troubleshooting if pushing the signature fails to a particular registry.

It will be good if after each HTTP request, we print the payload and the payload digest for troubleshooting purposes.

DEBU[2023-03-23T16:37:04-07:00] > Request: "PUT" "https://registry-1.docker.io/v2/toddysm/kubeconeu23-python/blobs/uploads/218dcc86-d3b2-4cde-aed3-c4507c78345a?_state=Xzu3aK7hNWFEeFLiBpYyE4XKJENIzfDWFmIz99iYZN97Ik5hbWUiOiJ0b2RkeXNtL2t1YmVjb25ldTIzLXB5dGhvbiIsIlVVSUQiOiIyMThkY2M4Ni1kM2IyLTRjZGUtYWVkMy1jNDUwN2M3ODM0NWEiLCJPZmZzZXQiOjAsIlN0YXJ0ZWRBdCI6IjIwMjMtMDMtMjNUMjM6Mzc6MDQuNzY1MjI4OTFaIn0%3D&digest=sha256%3A44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a" 

Digest: <digest goes here>
Payload: <payload goes here>

What alternatives have you considered?

With the changes in OCI spec it will be good to be able to troubleshoot the manifests that are sent to the registries. having the ability to print the manifests and their digests as part of the --debug output would be helpful with troubleshooting if pushing the signature fails to a particular registry.

It will be good if after each HTTP request, we print the payload and the paylod digest

Any additional context?

Right now I need to install and configure MITM proxy to track those requests.

toddysm avatar Mar 24 '23 14:03 toddysm