search

concourse / registry-image-resource

a resource for images in a Docker registry
Apache License 2.0
89 stars 107 forks source link

Notary server returned 401 #259

Open ananth07reddy opened 3 years ago

ananth07reddy commented 3 years ago

I am able to push in the command line as shown in the screenshot

registry-image

But when I try this in the concourse, I am having an error as shown in the below screenshot

I have used the eample pipleline from here concourse_error

Please kindly provide me a solution to fix this issue

chenbh commented 3 years ago

What does your resource definition looks like? The example pipeline will not work as is since it doesn't set the content_trust field which is required to sign the image

ananth07reddy commented 3 years ago

Hi @chenbh,

Thanks for your reply. As far as I understood, repository_key and repository_key_id can be fetched after the notary sign has done. But how can I get this key and key_id beforehand to pass to the build? The remaining parameters can set without a problem. Please kindly, explain to me how can I get those values beforehand to pass to the pipeline

content_trust: repository_key_id: ((registry_key_id)) --> How can I get this id before pass it to the build? repository_key: ((registry_key)) --> How can I get this key? repository_passphrase: ((registry_passphrase)) server: ((notary_server_address)) tls_key: ((notary_tls_key)) tls_cert:: ((notary_tls_cert))

chenbh commented 3 years ago

You should be able to generate new private keys by running docker trust key generate according to https://docs.docker.com/engine/security/trust/#signing-images-with-docker-content-trust

DandyDeveloper commented 3 years ago

@ananth07reddy @chenbh I have the same problem.

One thing I am noticing, there is no way to pass the signers passphrase, which in my case, the signer I have generated has a passphrase.

You can add a REPO passphrase, but the signer itself, I don't see an option for it.

Also, just to be clear, key_id and key are obtained after generating the new signer from ~/.docker/trust/private for the key and listing the keys from notary using notary key list

DandyDeveloper commented 3 years ago

@chenbh Nevermind, it is not the signer passphrase missing. I'm still getting a 401 even after I adjust the image to hardcode the password.

I'm still experimenting.

DandyDeveloper commented 2 years ago

@chenbh I came back to this. I still CANNOT figure this out. It just seems broken to me.... The commands you should be using in the library are working locally.