Skip to content

Support v2s2 manifests in sigstore attachments (for cosign compatibility) #2058

New issue
New issue
Open
#2734
Open
Support v2s2 manifests in sigstore attachments (for cosign compatibility)#2058
#2734
Labels
kind/featureA request for, or a PR adding, new functionality
@itroyano

Description

@itroyano
itroyano
opened on Jul 25, 2023

Issue Description

A signed image that got successfully pushed to Artifactory, using https://github.com/sigstore/cosign#registry-support, cannot be pulled due to an error:

Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"

Issue seems to be https://github.com/containers/image/blob/main/docker/docker_client.go#L1043 expects only OCI.

Steps to reproduce the issue (using Podman or Docker client)

  1. Sign and push an image using COSIGN_DOCKER_MEDIA_TYPES=1 cosign sign .... to Artifactory, as described in https://github.com/sigstore/cosign#registry-support

  2. Try to pull the image

Actual result

Error: Source image rejected: unexpected MIME type for sigstore attachment manifests .... "application/vnd.docker.distribution.manifest.v2+json"

Expected result

Image pulled successfully.

Additional environment details

Cosign v1.13.1

Also tried with v2.1.1.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureA request for, or a PR adding, new functionality

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions