Description
I've been trying to sign & verify offline with key. I'm using sign / save / verify.
The verify step fails with:
Error: no signatures associated with the image saved in img
error during command execution: no signatures associated with the image saved in img
This is the content of the index:
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.index.v1+json",
"size": 856,
"digest": "sha256:8f76951b91383d78e515159899508a92ffdd4d56c814a7c380ac13a919d089e0",
"annotations": {
"kind": "dev.cosignproject.cosign/imageIndex"
}
}
]
}
I'm wondering if the issue doesn't come from #4626 which only look for dev.cosignproject.cosign/image or am I doing something wrong?
What I tried that work:
verify directly from registry
sign with --recursive, recover the hash of the platform leaf, save with that platform leaf and then verify
Version: 3.1.0
Description
I've been trying to sign & verify offline with key. I'm using
sign/save/verify.The verify step fails with:
This is the content of the index:
I'm wondering if the issue doesn't come from #4626 which only look for
dev.cosignproject.cosign/imageor am I doing something wrong?What I tried that work:
verifydirectly from registrysignwith--recursive, recover the hash of the platform leaf,savewith that platform leaf and thenverifyVersion: 3.1.0