Open itroyano opened 12 months ago
A signed image that got successfully pushed to Artifactory, using https://github.com/sigstore/cosign#registry-support, cannot be pulled due to an error:
Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"
Issue seems to be https://github.com/containers/image/blob/main/docker/docker_client.go#L1043 expects only OCI.
Sign and push an image using COSIGN_DOCKER_MEDIA_TYPES=1 cosign sign .... to Artifactory, as described in https://github.com/sigstore/cosign#registry-support
COSIGN_DOCKER_MEDIA_TYPES=1 cosign sign ....
Try to pull the image
Image pulled successfully.
Cosign v1.13.1
Also tried with v2.1.1.
Thanks for your report. Yes, that’s not currently implemented.
Issue Description
A signed image that got successfully pushed to Artifactory, using https://github.com/sigstore/cosign#registry-support, cannot be pulled due to an error:
Issue seems to be https://github.com/containers/image/blob/main/docker/docker_client.go#L1043 expects only OCI.
Steps to reproduce the issue (using Podman or Docker client)
Sign and push an image using
COSIGN_DOCKER_MEDIA_TYPES=1 cosign sign ....
to Artifactory, as described in https://github.com/sigstore/cosign#registry-supportTry to pull the image
Actual result
Expected result
Image pulled successfully.
Additional environment details
Cosign v1.13.1
Also tried with v2.1.1.