Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confusing error message "invalid signature" when rebasing on a signed container with a missing tag #5142

Open
tapple opened this issue Nov 1, 2024 · 0 comments
Open

Confusing error message "invalid signature" when rebasing on a signed container with a missing tag #5142

tapple opened this issue Nov 1, 2024 · 0 comments

Comments

@tapple
Copy link

tapple commented Nov 1, 2024
edited
Loading

Describe the bug

I tried to rebase on an image with a tag (gts) that doesn't exist. However, the error message did not indicate that the tag does not exist

Reproduction steps

❯ sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:gts
Pulling manifest: ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:gts
error: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: cryptographic signature verification failed: invalid signature when validating ASN.1 encoded signature

Expected behavior

There should be a clearer error, like "invalid tag" or "manifest error". For reference, here's the better error if I choose a totally bogus tag:

❯ sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:lol
Pulling manifest: ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:lol
error: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: reading manifest lol in ghcr.io/ublue-os/aurora-dx: manifest unknown

Actual behavior

It gave the above worse-than-expected error message

System details

❯ rpm-ostree --version
rpm-ostree:
 Version: '2024.8'
 Git: 75cae82c698274677cae2bd7247fee2e5387e7a5
 Features:
  - rust
  - compose
  - container
  - fedora-integration

~ 
❯ rpm-ostree status -b
State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: no runs since boot
BootedDeployment:
● ostree-image-signed:docker://ghcr.io/ublue-os/aurora-dx:stable
                   Digest: sha256:bd84817a008ddf531d1758f84e5f908820dc5076c59a2a67fd115646595351eb
                  Version: 40.20241026.0 (2024-10-27T05:47:44Z)

Additional information

Original discussion: https://universal-blue.discourse.group/t/how-do-i-switch-from-bluefin-to-aurora/4845

This is almost certainly a low-priority issue. I am unsure if it is an error in rpm-ostree, or a packaging error with aurora-dx

gts is a tag that exists with the bluefin-dx package, present in the same repository. I assumed it would exist on aurora-dx as well, without checking
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tapple