Open
Description
Question
Hi everyone,
Currently, https://tuf.my-company.xyz/root.json is set to expire on 23/03/2025. Although there is an automated renewal mechanism in place, I experienced an issue during the last renewal cycle where the periodic verification of images failed because the root.json had already expired.
Please guide me on the steps required to manually renew the root.json. I would greatly appreciate any support or suggestions from the community.
Thank you very much!
My root.json:
{
"signed":
{
"_type": "root",
"spec_version": "1.0",
"version": 1,
"expires": "2025-03-23T11:48:27Z",
"keys":
{
"0e5cdfa10bcc4b96fd628abac0xxx":
{
"keytype": "ed25519",
"scheme": "ed25519",
"keyid_hash_algorithms":
[
"sha256",
"sha512"
]
}
}
}
}
An error occurred during automatic renewal:
Error creating: admission webhook "mutate.kyverno.svc-ignore" denied the request:
resource Pod/retailiq/ was blocked due to the following policies
slsa-verify-all-images:
slsa-verify-images: "failed to verify image docker.io/my-company/test:master-1114:
.attestors[0].entries[0].keys: failed to load Rekor public keys: updating local
metadata and targets: error updating to TUF remote mirror: tuf: failed to decode
root.json: expired at 2024-12-20 04:42:11 +0000 UTC\nremote status:{\n\t\"mirror\":
\"https://tuf.my-company.xyz\",\n\t\"metadata\": {\n\t\t\"root.json\": ...