Bug 2053175 - oc adm catalog mirror throws 'missing signature key' error when using file://local/index
Summary: oc adm catalog mirror throws 'missing signature key' error when using file://...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.9
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: 4.10.0
Assignee: Ross Peoples
QA Contact: zhou ying
URL:
Whiteboard:
Depends On: 2049133
Blocks: 2053149 2053170
TreeView+ depends on / blocked
 
Reported: 2022-02-10 16:20 UTC by OpenShift BugZilla Robot
Modified: 2022-03-11 18:15 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-11 18:15:11 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 1065 0 None open [release-4.10] Bug 2053175: Fix catalog mirror from files 2022-02-10 16:22:43 UTC

Comment 1 Xiaoli Tian 2022-02-14 05:29:38 UTC
*** Bug 2053149 has been marked as a duplicate of this bug. ***

Comment 2 Jian Zhang 2022-02-14 08:39:07 UTC
1, Build a release build with the unmerged PR via cluster-bot: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-origin-installer-launch-gcp-modern/1493097535269507072

2, Extract the `oc` client from this generated release image.
[cloud-user@preserve-olm-env bug-2049133]$ podman pull registry.build01.ci.openshift.org/ci-ln-6jr5qnt/release:latest
Trying to pull registry.build01.ci.openshift.org/ci-ln-6jr5qnt/release:latest...
Getting image source signatures
...
Storing signatures
7a6f8d19899c8de0b7ae85991050391dc3773c4e13c4c337af2b4ae06769eb61

[cloud-user@preserve-olm-env bug-2049133]$ oc adm release extract --tools registry.build01.ci.openshift.org/ci-ln-6jr5qnt/release:latest
W0214 03:21:02.877392 2163142 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.
...

[cloud-user@preserve-olm-env bug-2049133]$ tar -zxvf openshift-client-linux-4.10.0-0.ci.test-2022-02-14-055414-ci-ln-6jr5qnt-latest.tar.gz
README.md
oc
kubectl

[cloud-user@preserve-olm-env bug-2049133]$ ./oc version -o yaml
clientVersion:
  buildDate: "2022-02-14T05:45:33Z"
  compiler: gc
  gitCommit: 7646c75
  gitTreeState: dirty
  gitVersion: v4.2.0-alpha.0-1359-g7646c75
  goVersion: go1.17.5
  major: ""
  minor: ""
  platform: linux/amd64
releaseClientVersion: 4.10.0-0.ci.test-2022-02-14-055414-ci-ln-6jr5qnt-latest
serverVersion:
  buildDate: "2022-02-03T09:39:18Z"
  compiler: gc
  gitCommit: 3a0f2c90b43e6cffd07f57b5b78dd9f083e47ee2
  gitTreeState: clean
  gitVersion: v1.22.3+fdba464
  goVersion: go1.16.6
  major: "1"
  minor: "22"
  platform: linux/amd64

3, mirror this pruned index image to local.
[cloud-user@preserve-olm-env bug-2049133]$ ./oc adm catalog mirror quay.io/olmqe/sriov-fec:v4.9 file:///local/index 
W0214 03:26:45.773619 2163195 helpers.go:151] Defaulting of registry auth file to "${HOME}/.docker/config.json" is deprecated. The default will be switched to podman config locations in the future version.
...
wrote mirroring manifests to manifests-sriov-fec-1644827205

To upload local images to a registry, run:

	oc adm catalog mirror file://local/index/olmqe/sriov-fec:v4.9 REGISTRY/REPOSITORY
deleted dir /tmp/3931716362

4, Mirror local images to docker registry.
[cloud-user@preserve-olm-env bug-2049133]$ ./oc adm catalog mirror file://local/index/olmqe/sriov-fec:v4.9 localhost:5000/jiazha -a /run/user/1000/containers/auth.json --insecure
...
3b
info: Mirroring completed in 50ms (0B/s)
no digest mapping available for file://local/index/olmqe/sriov-fec:v4.9, skip writing to ImageContentSourcePolicy
wrote mirroring manifests to manifests-index/olmqe/sriov-fec-1644827331
deleted dir /tmp/1147675286

It works as expected. FYI, the current Quay.io doesn't support the `application/vnd.oci.image.config.v1+json` media type, but Quay 3.6 supports it. That means if CU uses Quay 3.6 to create the registry, it will work well. Related doc: https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/configure_red_hat_quay/index#other-oci-artifacts-with-quay

Comment 3 Jian Zhang 2022-02-16 02:55:20 UTC
Change the status to VERIFIED based on comment 2.


Note You need to log in before you can comment on or make changes to this bug.