Support v2s2 manifests in sigstore attachments (for cosign compatibility) - Githubissues

containers / image

Work with containers' images

Apache License 2.0

848 stars 367 forks source link

Support v2s2 manifests in sigstore attachments (for cosign compatibility) #2058

Open itroyano opened 12 months ago

itroyano commented 12 months ago

Issue Description

A signed image that got successfully pushed to Artifactory, using https://github.com/sigstore/cosign#registry-support, cannot be pulled due to an error:

Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"

Issue seems to be https://github.com/containers/image/blob/main/docker/docker_client.go#L1043 expects only OCI.

Steps to reproduce the issue (using Podman or Docker client)

Sign and push an image using COSIGN_DOCKER_MEDIA_TYPES=1 cosign sign .... to Artifactory, as described in https://github.com/sigstore/cosign#registry-support
Try to pull the image

Actual result

Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"

Expected result

Image pulled successfully.

Additional environment details

Cosign v1.13.1

Also tried with v2.1.1.

mtrmac commented 12 months ago

Thanks for your report. Yes, that’s not currently implemented.