Bug 2053175
| Summary: | oc adm catalog mirror throws 'missing signature key' error when using file://local/index | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
| Component: | oc | Assignee: | Ross Peoples <rpeoples> |
| oc sub component: | oc | QA Contact: | zhou ying <yinzhou> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | aos-bugs, augol, cgaynor, ealcaniz, mfojtik, rpeoples, scuppett, vgrinber, xtian |
| Version: | 4.9 | Keywords: | FastFix |
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-11 18:15:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2049133 | ||
| Bug Blocks: | 2053149, 2053170 | ||
|
Comment 1
Xiaoli Tian
2022-02-14 05:29:38 UTC
1, Build a release build with the unmerged PR via cluster-bot: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-origin-installer-launch-gcp-modern/1493097535269507072 2, Extract the `oc` client from this generated release image. [cloud-user@preserve-olm-env bug-2049133]$ podman pull registry.build01.ci.openshift.org/ci-ln-6jr5qnt/release:latest Trying to pull registry.build01.ci.openshift.org/ci-ln-6jr5qnt/release:latest... Getting image source signatures ... Storing signatures 7a6f8d19899c8de0b7ae85991050391dc3773c4e13c4c337af2b4ae06769eb61 [cloud-user@preserve-olm-env bug-2049133]$ oc adm release extract --tools registry.build01.ci.openshift.org/ci-ln-6jr5qnt/release:latest W0214 03:21:02.877392 2163142 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version. ... [cloud-user@preserve-olm-env bug-2049133]$ tar -zxvf openshift-client-linux-4.10.0-0.ci.test-2022-02-14-055414-ci-ln-6jr5qnt-latest.tar.gz README.md oc kubectl [cloud-user@preserve-olm-env bug-2049133]$ ./oc version -o yaml clientVersion: buildDate: "2022-02-14T05:45:33Z" compiler: gc gitCommit: 7646c75 gitTreeState: dirty gitVersion: v4.2.0-alpha.0-1359-g7646c75 goVersion: go1.17.5 major: "" minor: "" platform: linux/amd64 releaseClientVersion: 4.10.0-0.ci.test-2022-02-14-055414-ci-ln-6jr5qnt-latest serverVersion: buildDate: "2022-02-03T09:39:18Z" compiler: gc gitCommit: 3a0f2c90b43e6cffd07f57b5b78dd9f083e47ee2 gitTreeState: clean gitVersion: v1.22.3+fdba464 goVersion: go1.16.6 major: "1" minor: "22" platform: linux/amd64 3, mirror this pruned index image to local. [cloud-user@preserve-olm-env bug-2049133]$ ./oc adm catalog mirror quay.io/olmqe/sriov-fec:v4.9 file:///local/index W0214 03:26:45.773619 2163195 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version. ... wrote mirroring manifests to manifests-sriov-fec-1644827205 To upload local images to a registry, run: oc adm catalog mirror file://local/index/olmqe/sriov-fec:v4.9 REGISTRY/REPOSITORY deleted dir /tmp/3931716362 4, Mirror local images to docker registry. [cloud-user@preserve-olm-env bug-2049133]$ ./oc adm catalog mirror file://local/index/olmqe/sriov-fec:v4.9 localhost:5000/jiazha -a /run/user/1000/containers/auth.json --insecure ... 3b info: Mirroring completed in 50ms (0B/s) no digest mapping available for file://local/index/olmqe/sriov-fec:v4.9, skip writing to ImageContentSourcePolicy wrote mirroring manifests to manifests-index/olmqe/sriov-fec-1644827331 deleted dir /tmp/1147675286 It works as expected. FYI, the current Quay.io doesn't support the `application/vnd.oci.image.config.v1+json` media type, but Quay 3.6 supports it. That means if CU uses Quay 3.6 to create the registry, it will work well. Related doc: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/configure_red_hat_quay/index#other-oci-artifacts-with-quay |