Closed Dentrax closed 1 year ago
No idea why pipeline throws the following error:
verifying github.com/docker/distribution@v2.8.0+incompatible: checksum mismatch
downloaded: h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY=
go.sum: h1:u9vuu6qqG7nN9a735Noed0ahoUm30iipVRlhgh72N0M=
Getting this error indeed:
k apply -f policy/examples/error.yaml
:
Error from server (Forbidden): error when creating "policy/examples/error.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [cosign-gatekeeper-provider] invalid response: {"errors": null, "responses": null, "status_code": 500, "system_error": "failed to send external data request: Post \"http://cosign-gatekeeper-provider.cosign-gatekeeper-provider:8090/validate\": EOF"}
k logs pod/cosign-gatekeeper-provider-585fdcbb74-64w22 -n cosign-gatekeeper-provider
:
starting server...
verify signature for: devopps/alpine:notsigned
2023/02/05 21:22:50 http: panic serving 10.84.1.8:49576: creating root cert pool: retrieving trusted root; local cache may be corrupt: initializing root client: tuf: failed to decode root.json: encoding/hex: invalid byte: U+002D '-'
goroutine 19 [running]:
net/http.(*conn).serve.func1()
/usr/local/go/src/net/http/server.go:1801 +0xb9
panic({0x1b9fa40, 0xc000cd6120})
/usr/local/go/src/runtime/panic.go:1047 +0x266
github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots.initRoots()
/go/pkg/mod/github.com/sigstore/cosign@v1.3.1/cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go:67 +0x235
github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots.Get.func1()
/go/pkg/mod/github.com/sigstore/cosign@v1.3.1/cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go:45 +0x17
sync.(*Once).doSlow(0xc0005e0420, 0x18)
/usr/local/go/src/sync/once.go:68 +0xd2
sync.(*Once).Do(...)
/usr/local/go/src/sync/once.go:59
github.com/sigstore/cosign/cmd/cosign/cli/fulcio/fulcioroots.Get()
/go/pkg/mod/github.com/sigstore/cosign@v1.3.1/cmd/cosign/cli/fulcio/fulcioroots/fulcioroots.go:44 +0x31
github.com/sigstore/cosign/cmd/cosign/cli/fulcio.GetRoots(...)
/go/pkg/mod/github.com/sigstore/cosign@v1.3.1/cmd/cosign/cli/fulcio/fulcio.go:197
main.validate({0x218ee50, 0xc00063a2a0}, 0xc0000d2700)
/go/src/github.com/developer-guy/cosign-gatekeeper-provider/provider.go:72 +0x408
net/http.HandlerFunc.ServeHTTP(0x7f06a1473d18, {0x218ee50, 0xc00063a2a0}, 0xc00063a2a0)
/usr/local/go/src/net/http/server.go:2046 +0x2f
net/http.(*ServeMux).ServeHTTP(0x0, {0x218ee50, 0xc00063a2a0}, 0xc0000d2700)
/usr/local/go/src/net/http/server.go:2424 +0x149
net/http.serverHandler.ServeHTTP({0x2182d08}, {0x218ee50, 0xc00063a2a0}, 0xc0000d2700)
/usr/local/go/src/net/http/server.go:2878 +0x43b
net/http.(*conn).serve(0xc0002a2140, {0x2199b40, 0xc00068b8f0})
/usr/local/go/src/net/http/server.go:1929 +0xb08
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:3033 +0x4e8
Out of curiosity @Dentrax @developer-guy, any update on this PR?
any update on this PR?
I almost forgot this one. 🙈 So no updates. Do you want to take it over? Let's merge yours #26. Have dropped some reviews.
Signed-off-by: Furkan furkan.turkal@trendyol.com
Related issue: https://github.com/sigstore/cosign-gatekeeper-provider/issues/16 (This is not a fix PR)
Bump cosign to use panic free fulcio during getting root certs: https://github.com/sigstore/cosign/pull/1965
PTAL @developer-guy
Summary
Ticket Link
Fixes
Release Note