This bug was initially created as a copy of Bug #1829061 c/image/docker.newImageSource, when using mirrors, creates an ImageReference with a types.ImageReference pointing at the mirror, with no record of the primary location. This breaks signature verification, which ultimately uses ImageSource.Reference() to decide what to verify the signature against.
Assigning to Lokesh as I think he has everything he needs for packaging purposes.
pr for 4.5 attached
infra issues have caused CI to not cooperating, causing the merging of this PR to delay. I will address in the next sprint
attached PR is merged
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409