Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support v2s2 manifests in sigstore attachments (for cosign compatibility) #2058

Open
itroyano opened this issue Jul 25, 2023 · 1 comment
Open
Labels
kind/feature A request for, or a PR adding, new functionality

Comments

@itroyano
Copy link

itroyano commented Jul 25, 2023

Issue Description

A signed image that got successfully pushed to Artifactory, using https://github.com/sigstore/cosign#registry-support, cannot be pulled due to an error:

Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"

Issue seems to be https://github.com/containers/image/blob/main/docker/docker_client.go#L1043 expects only OCI.

Steps to reproduce the issue (using Podman or Docker client)

  1. Sign and push an image using COSIGN_DOCKER_MEDIA_TYPES=1 cosign sign .... to Artifactory, as described in https://github.com/sigstore/cosign#registry-support

  2. Try to pull the image

Actual result

Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"

Expected result

Image pulled successfully.

Additional environment details

Cosign v1.13.1

Also tried with v2.1.1.

@mtrmac
Copy link
Collaborator

mtrmac commented Jul 25, 2023

Thanks for your report. Yes, that’s not currently implemented.

@mtrmac mtrmac changed the title "unexpected MIME type for sigstore attachment manifest" when pulling a Cosign-ed image from Artifactory Support v2s2 manifests in sigstore attachments (for cosign compatibility) Jun 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature A request for, or a PR adding, new functionality
Projects
None yet
Development

No branches or pull requests

2 participants