piyush94
commented
3 years ago In the case of Ubuntu OS, you need to,
git clone https://github.com/theupdateframework/notary.git -b <release_tag>
cd notary
mkdir -p ~/.notary && cp cmd/notary/config.json cmd/notary/root-ca.crt ~/.notary
cp fixtures/notary-server.crt /usr/local/share/ca-certificates/notary-server.crt
sudo update-ca-certificatesThis worked for me.
Hello,
I have been trying to sign docker image from machine xxx.xx.xx.122 with notary server hosted at xxx.xx.xx.155. Docker image signing and pulling works fine in xxx.xx.xx.155 by running the below commands:
The above steps replicated at xxx.xx.xx.122(where jenkins is running) as per below specs:
Post that, when i try to pull a signed image, the below error is thrown:
Error: error contacting notary server: x509: certificate is valid for 127.0.0.1, not xxx.xx.xx.155.
Below is my notary configuration(~/.notary/config.json) hosted at xxx.xx.xx.155. { "remote_server": { "url": "https://notary-server:4443", "root_ca": "root-ca.crt" } }
In /etc/hosts. the definitions provided are:
xxx.xx.xx.155 notary-server 127.0.0.1 notary-server
notary -D init example.com/scripts
DEBU[0000] Using the following trust directory: /root/.notary DEBU[0000] No yubikey found, using alternative key storage: no library found DEBU[0000] Making dir path: /root/.notary/tuf/example.com/scripts/changelist DEBU[0000] No yubikey found, using alternative key storage: no library found Root key found, using: 273639536ffdf2faf87ff298278f1c678a33829251e502f13c738b34a725c976 DEBU[0000] No yubikey found, using alternative key storage: no library found Enter passphrase for root key with ID 2736395: DEBU[0017] generated ECDSA key with keyID: 3b88ffe9d5285d05d816d98c3694e04bf3e7f55e9829078a678c3844b0d4a873 DEBU[0017] generated new ecdsa key for role: targets and keyID: 3b88ffe9d5285d05d816d98c3694e04bf3e7f55e9829078a678c3844b0d4a873 Enter passphrase for new targets key with ID 3b88ffe: Repeat passphrase for new targets key with ID 3b88ffe: DEBU[0025] generated ECDSA key with keyID: 1ee77adb7e6745e34945cfa8edcec0ec543f0407f673bc5c6eb0ef71af36ff27 DEBU[0025] generated new ecdsa key for role: snapshot and keyID: 1ee77adb7e6745e34945cfa8edcec0ec543f0407f673bc5c6eb0ef71af36ff27 Enter passphrase for new snapshot key with ID 1ee77ad: Repeat passphrase for new snapshot key with ID 1ee77ad: DEBU[0033] got remote timestamp ecdsa key with keyID: ea09bb733171c7925616794ed8ae95068f36e96bd1302718ca24e18000b70150 DEBU[0033] generating new snapshot... DEBU[0033] Saving changes to Trusted Collection. DEBU[0033] signing root... DEBU[0033] sign called with 1/1 required keys DEBU[0033] No yubikey found, using alternative key storage: no library found DEBU[0033] sign called with 0/0 required keys DEBU[0033] sign targets called for role targets DEBU[0033] sign called with 1/1 required keys DEBU[0033] No yubikey found, using alternative key storage: no library found DEBU[0033] sign called with 0/0 required keys DEBU[0033] signing snapshot... DEBU[0033] sign called with 1/1 required keys DEBU[0033] No yubikey found, using alternative key storage: no library found DEBU[0033] sign called with 0/0 required keys Could you please guide, where is the issue. Appreciate your assistance.