Can't update - skopeo error
When trying to run
rpm-ostree upgrade, I get the following error:
Solution:Jump to solution
I'll copy my answer:
For anyone who encounters this, those are the steps to solve the issue:
Copy new cosign.pub from your repo to
/etc/pki/containers/$your_image_name.pub...5 Replies
Did you replace your private/public key pair recently?
If so, you might have to rebase to your image using
rpm-ostree rebase ostree-unverified-image:docker://image.path/to/your/image and then back again with rpm-ostree rebase ostree-image-signed:docker://....that won't work, he needs to do this if it's private/public key issue (copying again lol):
Solution
I'll copy my answer:
For anyone who encounters this, those are the steps to solve the issue:
Copy new cosign.pub from your repo to
/etc/pki/containers/$your_image_name.pub
sudo cp your-cosign.pub /etc/pki/containers/$your_image_name.pub
Modify /etc/containers/policy.json, locate your image registry link, in keyPath edit location to be from /usr/etc to /etc
"keyPath": "/etc/pki/containers/$your_image_name.pub"
Run rpm-ostree upgrade & reboot
Copy new policy.json
sudo cp /usr/etc/containers/policy.json /etc/containers/policy.json
Profit
You can verify if new cosign & policy.json is used here. If they're not listed, then you're good. This command tracks changed files in /etc compared to /usr/etc
sudo ostree admin config-diffI didn't change the key pair, it just broke randomly for some reason. But I'll try this, thanks
Just remembered that this is not needed, because we merged this change in signing module:
keyPath should point to /etc/ by default now