Comments (3)
xynydev
commented on July 17, 2024
1
Glad that you fixed it, you did exactly what I would have told you to do.
from template.
miabbott
commented on July 17, 2024
Good signature:
$ cosign verify --key /usr/etc/pki/containers/rh-meatwad.pub ghcr.io/miabbott/rh-meatwad:20240505
$ cosign verify --key /usr/etc/pki/containers/rh-meatwad.pub ghcr.io/miabbott/rh-meatwad:20240505
Verification for ghcr.io/miabbott/rh-meatwad:20240505 --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- The signatures were verified against the specified public key
[{"critical":{"identity":{"docker-reference":"ghcr.io/miabbott/rh-meatwad"},"image":{"docker-manifest-digest":"sha256:1f38b912675d6b1ac1ae21d685e81e684184612845069613a5cd13a4fc7aa0d5"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEUCIQDjeYrBSnhAeFrjocVMqVV9mSDpE8JwjDyyDb684fS5hgIgJzr04EF9rYr37HlhdnAYPy5Mcs25SwxLXwG0MTIkaPY=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1NDhiMmNkNTYyMTMyODZiZmNjNmJmMDg0OWRhN2E1ZjMyZjAzYzQ0NTc3NDAzYzE5Mzk1MzFhMTJkMWJjOTRjIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUUNlUWhmOG1rdHozVGozSEJ6ZEtLNFYyazNqQlEyS1haR1BzZm8rVDNXRlhnSWhBTXZrUUROb3hJSys1cVNic3FHRlU2dS9PT3prTlI5UkdCamRid0tzVHdrciIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGV0RWdVNrNXVNWGM0TlVsWE9GUkJVMk53WldORE0yNVBRWFZoU3dwWU9XUnJiV1UzTlZvNUsyMXRObUo2UkU1VlMzRkpWakJQTlRkdlFVUklUVThyY21WV1pEZzFRMWxaWlZweFNqZEZSRFpyV1hoQlYxUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=","integratedTime":1714928997,"logIndex":91246777,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}}}}]
Bad signature:
$ cosign verify --key /usr/etc/pki/containers/rh-meatwad.pub ghcr.io/miabbott/rh-meatwad:20240506
$ cosign verify --key /usr/etc/pki/containers/rh-meatwad.pub ghcr.io/miabbott/rh-meatwad:20240506
Error: no matching signatures: error verifying bundle: comparing public key PEMs, expected -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX5nJNn1w85IW8TAScpecC3nOAuaK
X9dkme75Z9+mm6bzDNUKqIV0O57oADHMO+reVd85CYYeZqJ7ED6kYxAWTA==
-----END PUBLIC KEY-----
, got -----BEGIN CERTIFICATE-----
MIIGrDCCBjGgAwIBAgIUY/cJMvI43Vut5kpJ7DnFgd4wv/UwCgYIKoZIzj0EAwMw
NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl
cm1lZGlhdGUwHhcNMjQwNTA2MjAzOTE0WhcNMjQwNTA2MjA0OTE0WjAAMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEcHChXefYdySOt8bjpI4HsT4riLLVgFfqCym9
8eOSRwUpcq/3+GZ9NWe3C9mgBJFzv+9eHlr5xMGNcoqENAS51aOCBVAwggVMMA4G
A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUxFZH
q7E2pPcvzFNcBvKqc1q3cTUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y
ZD8wYAYDVR0RAQH/BFYwVIZSaHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0L3Jo
LW1lYXR3YWQvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGQueW1sQHJlZnMvaGVhZHMv
bWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVi
dXNlcmNvbnRlbnQuY29tMBIGCisGAQQBg78wAQIEBHB1c2gwNgYKKwYBBAGDvzAB
AwQoMTUwMjg5YzI5ZWY5ZWJkOGVkNTY0OTQ5NjgxYzg5YWU0YzhlNzkxNzAXBgor
BgEEAYO/MAEEBAlibHVlYnVpbGQwIQYKKwYBBAGDvzABBQQTbWlhYmJvdHQvcmgt
bWVhdHdhZDAdBgorBgEEAYO/MAEGBA9yZWZzL2hlYWRzL21haW4wOwYKKwYBBAGD
vzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQu
Y29tMGIGCisGAQQBg78wAQkEVAxSaHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0
L3JoLW1lYXR3YWQvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGQueW1sQHJlZnMvaGVh
ZHMvbWFpbjA4BgorBgEEAYO/MAEKBCoMKDE1MDI4OWMyOWVmOWViZDhlZDU2NDk0
OTY4MWM4OWFlNGM4ZTc5MTcwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVk
MDYGCisGAQQBg78wAQwEKAwmaHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0L3Jo
LW1lYXR3YWQwOAYKKwYBBAGDvzABDQQqDCgxNTAyODljMjllZjllYmQ4ZWQ1NjQ5
NDk2ODFjODlhZTRjOGU3OTE3MB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9t
YWluMBkGCisGAQQBg78wAQ8ECwwJNzE4MzE5OTU0MCsGCisGAQQBg78wARAEHQwb
aHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0MBgGCisGAQQBg78wAREECgwIMTAy
MzYyNTcwYgYKKwYBBAGDvzABEgRUDFJodHRwczovL2dpdGh1Yi5jb20vbWlhYmJv
dHQvcmgtbWVhdHdhZC8uZ2l0aHViL3dvcmtmbG93cy9idWlsZC55bWxAcmVmcy9o
ZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoMTUwMjg5YzI5ZWY5ZWJkOGVkNTY0
OTQ5NjgxYzg5YWU0YzhlNzkxNzAUBgorBgEEAYO/MAEUBAYMBHB1c2gwWQYKKwYB
BAGDvzABFQRLDElodHRwczovL2dpdGh1Yi5jb20vbWlhYmJvdHQvcmgtbWVhdHdh
ZC9hY3Rpb25zL3J1bnMvODk3NTQxMTc5MS9hdHRlbXB0cy8xMBYGCisGAQQBg78w
ARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4c
mWc3AqJKXrjePK3/h4pygC8p7o4AAAGPT6HKBwAABAMARzBFAiEAvyfLVXoDyogS
08AyOF37YH9ehwOE1DWKTaooSKRM7CoCIF03YLwzEdVl1lzH/uMjFBhfj1leDQ5Z
Laejt3xGZ3+8MAoGCCqGSM49BAMDA2kAMGYCMQDT9VT3THHiRimifjXPmqcQ7Am8
p/WiTb1x/RmvGzJsugTVpFE+ZffYHdERvG1E1kMCMQDTTqADjdyqBVrmN/FLkosb
Lii0YvNWKUPS+EfX65jGBDuBjWFqhGHFuiY/FIs6Gz4=
-----END CERTIFICATE-----
main.go:69: error during command execution: no matching signatures: error verifying bundle: comparing public key PEMs, expected -----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX5nJNn1w85IW8TAScpecC3nOAuaK
X9dkme75Z9+mm6bzDNUKqIV0O57oADHMO+reVd85CYYeZqJ7ED6kYxAWTA==
-----END PUBLIC KEY-----
, got -----BEGIN CERTIFICATE-----
MIIGrDCCBjGgAwIBAgIUY/cJMvI43Vut5kpJ7DnFgd4wv/UwCgYIKoZIzj0EAwMw
NzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl
cm1lZGlhdGUwHhcNMjQwNTA2MjAzOTE0WhcNMjQwNTA2MjA0OTE0WjAAMFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAEcHChXefYdySOt8bjpI4HsT4riLLVgFfqCym9
8eOSRwUpcq/3+GZ9NWe3C9mgBJFzv+9eHlr5xMGNcoqENAS51aOCBVAwggVMMA4G
A1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUxFZH
q7E2pPcvzFNcBvKqc1q3cTUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y
ZD8wYAYDVR0RAQH/BFYwVIZSaHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0L3Jo
LW1lYXR3YWQvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGQueW1sQHJlZnMvaGVhZHMv
bWFpbjA5BgorBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVi
dXNlcmNvbnRlbnQuY29tMBIGCisGAQQBg78wAQIEBHB1c2gwNgYKKwYBBAGDvzAB
AwQoMTUwMjg5YzI5ZWY5ZWJkOGVkNTY0OTQ5NjgxYzg5YWU0YzhlNzkxNzAXBgor
BgEEAYO/MAEEBAlibHVlYnVpbGQwIQYKKwYBBAGDvzABBQQTbWlhYmJvdHQvcmgt
bWVhdHdhZDAdBgorBgEEAYO/MAEGBA9yZWZzL2hlYWRzL21haW4wOwYKKwYBBAGD
vzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQu
Y29tMGIGCisGAQQBg78wAQkEVAxSaHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0
L3JoLW1lYXR3YWQvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGQueW1sQHJlZnMvaGVh
ZHMvbWFpbjA4BgorBgEEAYO/MAEKBCoMKDE1MDI4OWMyOWVmOWViZDhlZDU2NDk0
OTY4MWM4OWFlNGM4ZTc5MTcwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVk
MDYGCisGAQQBg78wAQwEKAwmaHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0L3Jo
LW1lYXR3YWQwOAYKKwYBBAGDvzABDQQqDCgxNTAyODljMjllZjllYmQ4ZWQ1NjQ5
NDk2ODFjODlhZTRjOGU3OTE3MB8GCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9t
YWluMBkGCisGAQQBg78wAQ8ECwwJNzE4MzE5OTU0MCsGCisGAQQBg78wARAEHQwb
aHR0cHM6Ly9naXRodWIuY29tL21pYWJib3R0MBgGCisGAQQBg78wAREECgwIMTAy
MzYyNTcwYgYKKwYBBAGDvzABEgRUDFJodHRwczovL2dpdGh1Yi5jb20vbWlhYmJv
dHQvcmgtbWVhdHdhZC8uZ2l0aHViL3dvcmtmbG93cy9idWlsZC55bWxAcmVmcy9o
ZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoMTUwMjg5YzI5ZWY5ZWJkOGVkNTY0
OTQ5NjgxYzg5YWU0YzhlNzkxNzAUBgorBgEEAYO/MAEUBAYMBHB1c2gwWQYKKwYB
BAGDvzABFQRLDElodHRwczovL2dpdGh1Yi5jb20vbWlhYmJvdHQvcmgtbWVhdHdh
ZC9hY3Rpb25zL3J1bnMvODk3NTQxMTc5MS9hdHRlbXB0cy8xMBYGCisGAQQBg78w
ARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4c
mWc3AqJKXrjePK3/h4pygC8p7o4AAAGPT6HKBwAABAMARzBFAiEAvyfLVXoDyogS
08AyOF37YH9ehwOE1DWKTaooSKRM7CoCIF03YLwzEdVl1lzH/uMjFBhfj1leDQ5Z
Laejt3xGZ3+8MAoGCCqGSM49BAMDA2kAMGYCMQDT9VT3THHiRimifjXPmqcQ7Am8
p/WiTb1x/RmvGzJsugTVpFE+ZffYHdERvG1E1kMCMQDTTqADjdyqBVrmN/FLkosb
Lii0YvNWKUPS+EfX65jGBDuBjWFqhGHFuiY/FIs6Gz4=
-----END CERTIFICATE-----
from template.
miabbott
commented on July 17, 2024
I ended up finding https://blue-build.org/how-to/cosign/ and regenerated my signing keys.
Then I had to update /etc/containers/policy.json to point to the new pubkey; afterwards it all worked again.
Not sure how I got into the problem state originally 🤷
from template.
Related Issues (20)
- chore: clean out repo
- fix: builds in template
- Should we remove 60-custom.just from the template? HOT 1
- feat: github action success card in readme
- is semantic.yml still relevant? HOT 2
- blue-build/github-actions version v1.0.1 is broken in the template HOT 1
- feat: start using actions-template-sync HOT 2
- feat: add some custom image topics to the repo, check if they propagate to users HOT 1
- chore: switch to pinning a major or minor version instead of a patch version HOT 3
- rpm-ostree and podman fali to load the generated image with ASN.1 signature errors HOT 3
- Cosign signing is failing HOT 2
- [ recipe.yml ] Firefox removal: Build failure warning for missing RPMs in upstream image HOT 6
- Build Custom Image failed due to "no space left on device" HOT 2
- Installation via custom ISO fails during deployment step HOT 2
- chore: finally remove the old ISO action HOT 2
- Error on rebasing to unsigned image HOT 1
- Gh OIDC keyless HOT 2
- PR GitHub action build: two builds intended? HOT 5
- docs: add commented out `maximize_build_space: true` to build.yml HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from template.