cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Does COSIGN_DOCKER_MEDIA_TYPES=1 and cosign upload blob work?

Open Brend-Smits opened this issue 2 years ago • 5 comments

Question Does COSIGN_DOCKER_MEDIA_TYPES work with the command cosign upload blob? When trying to upload a blob to our Artifactory instance, this does not work. When using cosign sign it does work. See below the verbose output

Cosign upload blob command verbose output: https://gist.github.com/Brend-Smits/0728853ba905897d1e74efc819eff7c6#file-cosign-upload-blob-verbose Cosign sign command verbose output: https://gist.github.com/Brend-Smits/0728853ba905897d1e74efc819eff7c6#file-cosign-sign-verbose

Appreciate the help.

Brend-Smits avatar Mar 17 '22 11:03 Brend-Smits

Hello @Brend-Smits, it will automatically detect the media type from the file type, see. Once you set README.md as your file, it will be using text/html as mediaType 🙋🏻‍♂️

developer-guy avatar Mar 17 '22 20:03 developer-guy

Thank you @developer-guy for your answer. Any idea why the upload blob command is not working? I might be overlooking something... but I just can't get it to work for this Artifactory instance.

It keeps on returning invalid manifest https://gist.github.com/Brend-Smits/0728853ba905897d1e74efc819eff7c6#file-cosign-upload-blob-verbose-L100, this usually happens when COSIGN_DOCKER_MEDIA_TYPES=1 is not set, hence this issue.

Brend-Smits avatar Mar 17 '22 20:03 Brend-Smits

Does Artifactory repository support OCI Artifacts? It seems not right, this is the issue, DockerHub is also not supporting OCI Artifacts at the time of writing this, can you confirm that it should also not work with DockerHub?

developer-guy avatar Mar 17 '22 20:03 developer-guy

On Docker Hub it does even work without the COSIGN_DOCKER_MEDIA_TYPES=1.

For artifactory the COSIGN_DOCKER_MEDIA_TYPES=1 makes it possible to store the signatures, but it doesn't allow to upload the blobs. Might also be a missing implementation for the upload command, or indeed incompatibility in the registry.

marcofranssen avatar Mar 21 '22 09:03 marcofranssen

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Aug 20 '22 02:08 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Aug 25 '22 02:08 github-actions[bot]