Description of problem: The official operator catalog images that are referenced in the documentation [1] are not build / published with signatures. This breaks the "opm index prune" command if the policy.json is configured according to article https://access.redhat.com/articles/3116561. [1] https://docs.openshift.com/container-platform/4.6/operators/admin/olm-restricted-networks.html#olm-understanding-operator-catalog-images_olm-restricted-networks Version-Release number of selected component (if applicable): [stack@osp16amd ocp-test4]$ opm version Version: version.Version{OpmVersion:"v1.15.3", GitCommit:"9e92474", BuildDate:"2020-12-03T18:34:29Z", GoOs:"linux", GoArch:"amd64"} [stack@osp16amd ocp-test4]$ oc version --client Client Version: 4.7.0-rc.2 opm index prune: ~~~ [stack@osp16amd ocp-test4]$ opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.6 -p elasticsearch-operator,cluster-logging -t 192.168.100.98:443/olm/redhat-operator-index-logging:v4.6 INFO[0000] pruning the index packages="[elasticsearch-operator cluster-logging]" INFO[0000] Pulling previous image registry.redhat.io/redhat/redhat-operator-index:v4.6 to get metadata packages="[elasticsearch-operator cluster-logging]" INFO[0000] running /usr/bin/podman pull registry.redhat.io/redhat/redhat-operator-index:v4.6 packages="[elasticsearch-operator cluster-logging]" ERRO[0003] Trying to pull registry.redhat.io/redhat/redhat-operator-index:v4.6... A signature was required, but no signature exists Error: error pulling image "registry.redhat.io/redhat/redhat-operator-index:v4.6": unable to pull registry.redhat.io/redhat/redhat-operator-index:v4.6: unable to pull image: Source image rejected: A signature was required, but no signature exists packages="[elasticsearch-operator cluster-logging]" Error: error pulling image: Trying to pull registry.redhat.io/redhat/redhat-operator-index:v4.6... A signature was required, but no signature exists Error: error pulling image "registry.redhat.io/redhat/redhat-operator-index:v4.6": unable to pull registry.redhat.io/redhat/redhat-operator-index:v4.6: unable to pull image: Source image rejected: A signature was required, but no signature exists . exit status 125 ~~~ How reproducible: Always Steps to Reproduce: 1. Configure policy according to https://access.redhat.com/articles/3116561 2. Try to pull images ~~~ [stack@osp16amd ocp-test4]$ cat /etc/containers/registries.d/registry.redhat.io.yaml docker: registry.redhat.io: sigstore: https://registry.redhat.io/containers/sigstore [stack@osp16amd ocp-test4]$ cat /etc/containers/policy.json { "default": [ { "type": "insecureAcceptAnything" } ], "transports": { "docker": { "registry.redhat.io": [ { "type": "signedBy", "keyType": "GPGKeys", "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" } ] }, "docker-daemon": { "": [ { "type": "insecureAcceptAnything" } ] } } } ~~~ Pull fails with "unable to pull image: Source image rejected: A signature was required, but no signature exists" ~~~ [stack@osp16amd ocp-test4]$ for i in registry.redhat.io/redhat/redhat-operator-index:v4.6 registry.redhat.io/redhat/certified-operator-index:v4.6 registry.redhat.io/redhat/redhat-marketplace-index:v4.6 registry.redhat.io/redhat/community-operator-index:latest; do podman pull --authfile pull-secret.json $i; done Trying to pull registry.redhat.io/redhat/redhat-operator-index:v4.6... A signature was required, but no signature exists Error: error pulling image "registry.redhat.io/redhat/redhat-operator-index:v4.6": unable to pull registry.redhat.io/redhat/redhat-operator-index:v4.6: unable to pull image: Source image rejected: A signature was required, but no signature exists Trying to pull registry.redhat.io/redhat/certified-operator-index:v4.6... A signature was required, but no signature exists Error: error pulling image "registry.redhat.io/redhat/certified-operator-index:v4.6": unable to pull registry.redhat.io/redhat/certified-operator-index:v4.6: unable to pull image: Source image rejected: A signature was required, but no signature exists Trying to pull registry.redhat.io/redhat/redhat-marketplace-index:v4.6... A signature was required, but no signature exists Error: error pulling image "registry.redhat.io/redhat/redhat-marketplace-index:v4.6": unable to pull registry.redhat.io/redhat/redhat-marketplace-index:v4.6: unable to pull image: Source image rejected: A signature was required, but no signature exists Trying to pull registry.redhat.io/redhat/community-operator-index:latest... A signature was required, but no signature exists Error: error pulling image "registry.redhat.io/redhat/community-operator-index:latest": unable to pull registry.redhat.io/redhat/community-operator-index:latest: unable to pull image: Source image rejected: A signature was required, but no signature exists ~~~ Actual results: Image can not be pulled due to signature missing Expected results: Images should be published with signature Additional info:
*** This bug has been marked as a duplicate of bug 1903632 ***