Pushing a CNAB bundle to localhost TLS Registry fails #89
Open
Description
Steps to reproduce:
$ signy --tlscacert=/Users/trishank.kuppusamy/go/src/github.com/theupdateframework/notary/cmd/notary/root-ca.crt --server=https://localhost:4443 --log=debug sign testdata/cnab/bundle.json localhost:5000/cnab/helloworld:0.1.1
DEBU[0000] Fixing up bundle localhost:5000/cnab/helloworld:0.1.1
DEBU[0000] Updating entry in relocation map for "cnab/helloworld:0.1.1"
INFO[0000] Starting to copy image cnab/helloworld:0.1.1
INFO[0000] Failed to copy image cnab/helloworld:0.1.1: failed to do request: Head http://localhost:5000/v2/cnab/helloworld/blobs/sha256:58e6f39290459b6563b348052b2a1a8cf2a44fac19a80ae0da36c82a32f151f8: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
Error: failed to do request: Head http://localhost:5000/v2/cnab/helloworld/blobs/sha256:58e6f39290459b6563b348052b2a1a8cf2a44fac19a80ae0da36c82a32f151f8: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
Usage:
signy sign [file] [target reference] [flags]
Flags:
-h, --help help for sign
--in-toto Adds in-toto metadata to TUF. If passed, the root layout, links directory, and root kyes must be supplied
--layout string Path to the in-toto root layout file
--layout-key string Path to the in-toto root layout public keys
--links string Path to the in-toto links directory
--root-key string Root key to initialize the repository with
--thick Signs a thick bundle. If passed, only the signature is pushed to the trust server, not the bundle file
Global Flags:
-d, --dir string Directory where the trust data is persisted to (default "/Users/trishank.kuppusamy/.signy")
--log string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
--server string The trust server used (default "https://notary.docker.io")
-t, --timeout string Timeout for the trust server (default "5s")
--tlscacert string Trust certs signed only by this CA
failed to do request: Head http://localhost:5000/v2/cnab/helloworld/blobs/sha256:58e6f39290459b6563b348052b2a1a8cf2a44fac19a80ae0da36c82a32f151f8: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
-
Run scripts/stop.sh.
signy --tlscacert=/Users/trishank.kuppusamy/go/src/github.com/theupdateframework/notary/cmd/notary/root-ca.crt --server=https://localhost:4443 --log=debug sign testdata/cnab/bundle.json localhost:5000/cnab/helloworld:0.1.1
DEBU[0000] Fixing up bundle localhost:5000/cnab/helloworld:0.1.1
DEBU[0000] Updating entry in relocation map for "cnab/helloworld:0.1.1"
INFO[0000] Starting to copy image cnab/helloworld:0.1.1
INFO[0001] Completed image cnab/helloworld:0.1.1 copy
DEBU[0001] Bundle fixed
INFO[0001] Generated relocation map: relocation.ImageRelocationMap{"cnab/helloworld:0.1.1":"localhost:5000/cnab/helloworld@sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6"}
DEBU[0001] Pushing CNAB Bundle localhost:5000/cnab/helloworld:0.1.1
DEBU[0001] Pushing CNAB Bundle Config
DEBU[0001] Trying to push CNAB Bundle Config
DEBU[0001] CNAB Bundle Config Descriptor
DEBU[0001] {
"mediaType": "application/vnd.cnab.config.v1+json",
"digest": "sha256:c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5",
"size": 501
}
DEBU[0001] Trying to push CNAB Bundle Config Manifest
DEBU[0001] CNAB Bundle Config Manifest Descriptor
DEBU[0001] {
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"digest": "sha256:c88087935c91817e3421c41794ace533f597428d4a9617bf7a6de5bc4200d8da",
"size": 188
}
DEBU[0001] CNAB Bundle Config pushed
DEBU[0001] Pushing CNAB Index
DEBU[0001] Trying to push OCI Index
DEBU[0001] {"schemaVersion":2,"manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","digest":"sha256:c88087935c91817e3421c41794ace533f597428d4a9617bf7a6de5bc4200d8da","size":188,"annotations":{"io.cnab.manifest.type":"config"}},{"mediaType":"application/vnd.docker.distribution.manifest.v2+json","digest":"sha256:a59a4e74d9cc89e4e75dfb2cc7ea5c108e4236ba6231b53081a9e2506d1197b6","size":942,"annotations":{"io.cnab.manifest.type":"invocation"}}],"annotations":{"io.cnab.keywords":"[\"helloworld\",\"cnab\",\"tutorial\"]","io.cnab.runtime_version":"v1.0.0-WD","org.opencontainers.artifactType":"application/vnd.cnab.manifest.v1","org.opencontainers.image.authors":"[{\"name\":\"Jane Doe\",\"email\":\"[email protected]\",\"url\":\"https://example.com\"}]","org.opencontainers.image.description":"A short description of your bundle","org.opencontainers.image.title":"helloworld","org.opencontainers.image.version":"0.1.1"}}
DEBU[0001] OCI Index Descriptor
DEBU[0001] {
"mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:b4936e42304c184bafc9b06dde9ea1f979129e09a021a8f40abc07f736de9268",
"size": 929
}
DEBU[0001] CNAB Index pushed
DEBU[0001] CNAB Bundle pushed
INFO[0001] Pushed successfully, with digest "sha256:b4936e42304c184bafc9b06dde9ea1f979129e09a021a8f40abc07f736de9268"
DEBU[0001] cannot get default credentials: authentication not found for trust server https://localhost:4443
DEBU[0001] Making dir path: /Users/trishank.kuppusamy/.signy/tuf/localhost/changelist
DEBU[0001] entered ValidateRoot with dns: localhost
DEBU[0001] found the following root keys: [f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9]
DEBU[0001] found 1 valid leaf certificates for localhost: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] found 1 leaf certs, of which 1 are valid leaf certs for localhost
DEBU[0001] checking root against trust_pinning config for localhost
DEBU[0001] checking trust-pinning for cert: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] role has key IDs: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] verifying signature for key ID: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] root validation succeeded for localhost
DEBU[0001] entered ValidateRoot with dns: localhost
DEBU[0001] found the following root keys: [f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9]
DEBU[0001] found 1 valid leaf certificates for localhost: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] found 1 leaf certs, of which 1 are valid leaf certs for localhost
DEBU[0001] checking root against trust_pinning config for localhost
DEBU[0001] checking trust-pinning for cert: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] role has key IDs: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] verifying signature for key ID: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] root validation succeeded for localhost
DEBU[0001] updating TUF client
DEBU[0001] Loading timestamp...
DEBU[0001] 200 when retrieving metadata for timestamp
DEBU[0001] timestamp role has key IDs: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] verifying signature for key ID: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] timestamp role has key IDs: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] verifying signature for key ID: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] successfully verified downloaded timestamp
DEBU[0001] Loading snapshot...
DEBU[0001] cached snapshot is invalid (must download): sha256 checksum for snapshot did not match: expected bf3b30295e102d65d567c2644980d748ebe8b1c8b1981c46edbabd547ac75512
DEBU[0001] 200 when retrieving metadata for snapshot.bf3b30295e102d65d567c2644980d748ebe8b1c8b1981c46edbabd547ac75512
DEBU[0001] snapshot role has key IDs: 83abf5bc3119245b26d6af7542f87a8c30e625d3cc62078123d517f2ad48fc80
DEBU[0001] verifying signature for key ID: 83abf5bc3119245b26d6af7542f87a8c30e625d3cc62078123d517f2ad48fc80
DEBU[0001] snapshot role has key IDs: 83abf5bc3119245b26d6af7542f87a8c30e625d3cc62078123d517f2ad48fc80
DEBU[0001] verifying signature for key ID: 83abf5bc3119245b26d6af7542f87a8c30e625d3cc62078123d517f2ad48fc80
DEBU[0001] successfully verified downloaded snapshot.bf3b30295e102d65d567c2644980d748ebe8b1c8b1981c46edbabd547ac75512
DEBU[0001] Loading targets...
DEBU[0001] targets role has key IDs: c3bfdf9b15f43aebe73ae2011c3b101176c448a69057e48867a2cfab0ec30c97
DEBU[0001] verifying signature for key ID: c3bfdf9b15f43aebe73ae2011c3b101176c448a69057e48867a2cfab0ec30c97
DEBU[0001] successfully verified cached targets
DEBU[0001] Adding target "5000/cnab/helloworld" with sha256 "c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5" and size 501 bytes.
DEBU[0001] entered ValidateRoot with dns: localhost
DEBU[0001] found the following root keys: [f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9]
DEBU[0001] found 1 valid leaf certificates for localhost: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] found 1 leaf certs, of which 1 are valid leaf certs for localhost
DEBU[0001] checking root against trust_pinning config for localhost
DEBU[0001] checking trust-pinning for cert: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] role has key IDs: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] verifying signature for key ID: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] root validation succeeded for localhost
DEBU[0001] entered ValidateRoot with dns: localhost
DEBU[0001] found the following root keys: [f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9]
DEBU[0001] found 1 valid leaf certificates for localhost: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] found 1 leaf certs, of which 1 are valid leaf certs for localhost
DEBU[0001] checking root against trust_pinning config for localhost
DEBU[0001] checking trust-pinning for cert: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] role has key IDs: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] verifying signature for key ID: f01c4109378763e9908eeed725c691586aa7c1b735c312989f64270f7925a9b9
DEBU[0001] root validation succeeded for localhost
DEBU[0001] 200 when retrieving metadata for root
DEBU[0001] updating TUF client
DEBU[0001] Loading timestamp...
DEBU[0001] 200 when retrieving metadata for timestamp
DEBU[0001] timestamp role has key IDs: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] verifying signature for key ID: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] timestamp role has key IDs: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] verifying signature for key ID: 919e5d9116881bfdfb2cc8d02f4836b2da7894c6c4bb65a0078333228aff945d
DEBU[0001] successfully verified downloaded timestamp
DEBU[0001] Loading snapshot...
DEBU[0001] snapshot role has key IDs: 83abf5bc3119245b26d6af7542f87a8c30e625d3cc62078123d517f2ad48fc80
DEBU[0001] verifying signature for key ID: 83abf5bc3119245b26d6af7542f87a8c30e625d3cc62078123d517f2ad48fc80
DEBU[0001] successfully verified cached snapshot
DEBU[0001] Loading targets...
DEBU[0001] targets role has key IDs: c3bfdf9b15f43aebe73ae2011c3b101176c448a69057e48867a2cfab0ec30c97
DEBU[0001] verifying signature for key ID: c3bfdf9b15f43aebe73ae2011c3b101176c448a69057e48867a2cfab0ec30c97
DEBU[0001] successfully verified cached targets
DEBU[0001] changelist add: 5000/cnab/helloworld
Enter passphrase for targets key with ID c3bfdf9:
DEBU[0005] applied 1 change(s)
DEBU[0005] signing snapshot...
DEBU[0005] sign called with 1/1 required keys
Enter passphrase for snapshot key with ID 83abf5b:
DEBU[0006] sign called with 0/0 required keys
INFO[0006] Pushed trust data for localhost:5000/cnab/helloworld:0.1.1: c7e92bd51f059d60b15ad456edf194648997d739f60799b37e08edafd88a81b5
Most likely has to do with using self-signed TLS cert.
Metadata
Assignees
Labels
No labels