个人中心
gpt4 book ai didi

Docker 信任 : could not rotate trust to a new trusted root: failed to validate data with current trusted certificates

转载 作者:行者123 更新时间:2023-12-02 17:54:23 25 4
gpt4 key购买 nike

经过一个月的 docker trust 通过 GitLab CI 为我工作正常后,我突然收到了这条消息。

我有一个 Gitlab Runner 挂载 ~/.docker/trust (所以它被持久化)并将它推送到我们的 QA 注册表。

tag_image_test:
  stage: tag_image
  script:
    - docker login -u "gitlab-ci-token" -p "$CI_BUILD_TOKEN" $CI_REGISTRY
    - docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"
    - export DOCKER_CONTENT_TRUST=1
    - export DOCKER_CONTENT_TRUST_SERVER=$QA_REGISTRY_SIGNER
    - export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$QA_REGISTRY_SIGNER_ROOT_PASSPHRASE
    - export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$QA_REGISTRY_SIGNER_REPO_PASSPHRASE
    - docker login -u "$QA_REGISTRY_USERNAME" -p "$QA_REGISTRY_PASSWORD" $QA_REGISTRY_URL
    - export PROJ_PATH=$(echo -en $CI_PROJECT_PATH | tr '[:upper:]' '[:lower:]')
    - docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}" "${QA_REGISTRY_IMAGE}/${PROJ_PATH}:${CI_COMMIT_REF_SLUG}"
    - docker push "${QA_REGISTRY_IMAGE}/${PROJ_PATH}:${CI_COMMIT_REF_SLUG}"

但是推送命令以: 
time="2019-03-18T11:51:14Z" level=debug msg="failed to verify TUF data for: qa.registry.local/mygroup/myimage, valid signatures did not meet threshold for "
time="2019-03-18T11:51:14Z" level=debug msg="downloaded 1.root is invalid: could not rotate trust to a new trusted root: failed to validate data with current trusted certificates"
time="2019-03-18T11:51:14Z" level=debug msg="Client Update (Root): could not rotate trust to a new trusted root: failed to validate data with current trusted certificates"
could not rotate trust to a new trusted root: failed to validate data with current trusted certificates

当我看着 root.json文件,过期时间不长: 
"expires":"2029-02-08T15:07:05.172338131Z"

targets.json 相同: 
"expires":"2022-02-10T15:07:05.173954376Z"

所以我对正在发生的事情感到茫然,可能不明白它在做什么。有没有人有任何见解?

最佳答案

我还在学习docker,但你确定它是 root.json 它正在查看而不是查看 root.json .

根据这里的配置,应该在中查找root.json 对于受信任的证书。

也许您正在推送错误的文件来识别您的根,或者您的帖子中可能只是有一个错字。

无论如何,这很有帮助:
https://github.com/cirocosta/docker-cli/blob/master/vendor/github.com/theupdateframework/notary/trustpinning/certs.go

在那里可以看到这些错误是如何生成的,并附有关于这些错误发生原因的注释。

例如,关于您的 key 轮换错误:

// ErrRootRotationFail is returned when we fail to do a full root key rotation // by either failing to add the new root certificate, or delete the old ones

关于Docker 信任 : could not rotate trust to a new trusted root: failed to validate data with current trusted certificates,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55220884/

25 4 0
文章推荐: wxpython - 如何在 wxpython 中将小部件添加到文件对话框?
文章推荐: jenkins - 同一工作空间可处理多个作业
文章推荐: asp.net-core - 为 EF、AddDbContext 或 AddEntityFramework 添加服务
文章推荐: drupal - 如何在Drupal中突出显示代码?
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com