Open ananth07reddy opened 3 years ago
What does your resource definition looks like? The example pipeline will not work as is since it doesn't set the content_trust
field which is required to sign the image
Hi @chenbh,
Thanks for your reply. As far as I understood, repository_key and repository_key_id can be fetched after the notary sign has done. But how can I get this key and key_id beforehand to pass to the build? The remaining parameters can set without a problem. Please kindly, explain to me how can I get those values beforehand to pass to the pipeline
content_trust: repository_key_id: ((registry_key_id)) --> How can I get this id before pass it to the build? repository_key: ((registry_key)) --> How can I get this key? repository_passphrase: ((registry_passphrase)) server: ((notary_server_address)) tls_key: ((notary_tls_key)) tls_cert:: ((notary_tls_cert))
You should be able to generate new private keys by running docker trust key generate
according to https://docs.docker.com/engine/security/trust/#signing-images-with-docker-content-trust
@ananth07reddy @chenbh I have the same problem.
One thing I am noticing, there is no way to pass the signers passphrase, which in my case, the signer I have generated has a passphrase.
You can add a REPO passphrase, but the signer itself, I don't see an option for it.
Also, just to be clear, key_id and key are obtained after generating the new signer from ~/.docker/trust/private
for the key and listing the keys from notary using notary key list
@chenbh Nevermind, it is not the signer passphrase missing. I'm still getting a 401 even after I adjust the image to hardcode the password.
I'm still experimenting.
@chenbh I came back to this. I still CANNOT figure this out. It just seems broken to me.... The commands you should be using in the library are working locally.
I am able to push in the command line as shown in the screenshot
But when I try this in the concourse, I am having an error as shown in the below screenshot
I have used the eample pipleline from here
Please kindly provide me a solution to fix this issue