Fails to verify signatures for Cosign v3 bundle format

[p5]

Describe the bug

I'm not quite sure where the responsibility for verifying signatures lives.
Could be here, bootc-dev/bootc or containers/container-libs. Please could you advise if this is better somewhere else.

Cosign recently released v3 of their CLI, which switches to a new signing bundle format by default. rpm-ostree fails to update to images with this new signature format.

Builds can switch back to the old format using the --new-bundle-format=false flag or by rolling back to Cosign v2.

Reproduction steps

1. Configure your system to require signature verification
2. Build an image
3. Sign the image with Cosign v3 (or Cosign v2 with the --new-bundle-format=true flag)
4. Switch to that image and notice the failure

Expected behavior

It would be great if rpm-ostree is able to verify images signed with this new format.

Actual behavior

Signature verification fails.

❯ rpm-ostree update
note: automatic updates (stage) are enabled
Pulling manifest: ostree-image-signed:docker://ghcr.io/ublue-os/kinoite-nvidia:latest
error: Preparing import: Fetching manifest: failed to invoke method OpenImage: A signature was required, but no signature exists

However verification through cosign continues to work:

❯ cosign verify ghcr.io/ublue-os/silverblue-main:42-20251010 --key https://raw.githubusercontent.com/ublue-os/main/refs/heads/main/cosign.pub                          

Verification for ghcr.io/ublue-os/silverblue-main:42-20251010 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - The signatures were verified against the specified public key

[{"critical":{"identity":{"docker-reference":"ghcr.io/ublue-os/silverblue-main:42-20251010"},"image":{"docker-manifest-digest":"sha256:99511cd843bfa7df71f56537df747f9e27a9e08165a99267051839c58c88318f"},"type":"https://sigstore.dev/cosign/sign/v1"},"optional":null}]

System details

• v2025.10

Additional information

xref ublue-os/main#1477

The new format appears to use the referrers API where possible, falling back to referrers tags.

# Working (old Cosign)
❯ oras discover --distribution-spec v1.1-referrers-tag ghcr.io/ublue-os/silverblue-main:42-20251005
ghcr.io/ublue-os/silverblue-main@sha256:3fc6efb379ddd947cc10471e67cd8dd52926e9b6aba809fb4c156321c3562c85

# Not working (new Cosign)
❯ oras discover --distribution-spec v1.1-referrers-tag ghcr.io/ublue-os/silverblue-main:42-20251012  
ghcr.io/ublue-os/silverblue-main@sha256:6ed3d557c348ff68967c5d446863912bd100e8df3ad53a53b8c5e826aa0dfcf2
└── application/vnd.oci.empty.v1+json
    └── sha256:2f9c8b63fea7d6ea45ed81b08c22f99da56c219003787290719d16cab45eda95

Will look to update this issue with more information as I try to find more.

[travier]

Ah, I had bumped everything to v3 without reading the release notes. Moving things back now. Thanks!

[hrismarin]

I can confirm this issue using the command sudo bootc switch --enforce-container-sigpolicy quay.io/<REPO>/<IMAGE>:43. The bootc version I'm currently using is bootc-1.9.0-1.fc43.x86_64.

[cgwalters]

The signature verification is in https://github.com/containers/container-libs/ - rpm-ostree and bootc just use it indirectly via skopeo.

[p5]

I accidentally posted this issue in that repo to begin with, and a maintainer replied with:

For the record, there is support for the new bundle format in this codebase, and no work has been done on it yet.
containers/container-libs#388 (comment)

Not quite sure if that's meant to say there is not support?

Happy to re-open and update that existing issue if that's the best place for it