Signature issue when rebasing to signed image.
I'm trying to set up a laptop with the image I've been using on my desktop for a few months. I was able to successfully rebase to the unsigned image, but when trying to rebase to the signed image, I'm getting the following error
I haven't changed the cosign key I'm using, and it seems like it's stored in both
/etc/pki/containers and /usr/etc/pki/containers.
How can I resolve this?Solution:Jump to solution
Thanks for the responses! It seemed like maybe it was just because my github action build failed, but I didn't think of looking at that. Once a new pipeline successfully finished and I upgraded to the newly built unsigned image I was able to rebase to the signed image. Before upgrading, I did do a diff of both
policy.json and they were the same. So, I'm pretty confident something went wrong with the failed pipeline.3 Replies
Try copying
/usr/etc/containers/policy.json to /etc/containers/policy.json
It's possible those got out of sync at some poiintif you have intentionally made policy.json changes you can just port those over manually
Solution
Thanks for the responses! It seemed like maybe it was just because my github action build failed, but I didn't think of looking at that. Once a new pipeline successfully finished and I upgraded to the newly built unsigned image I was able to rebase to the signed image. Before upgrading, I did do a diff of both
policy.json and they were the same. So, I'm pretty confident something went wrong with the failed pipeline.