You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm experiencing issues using Docker Content Trust to sign images using Docker Desktop on an M1 Mac (v4.30.0). I've tested the exact same process using Docker in a Multipass VM and it works fine there.
Reproduce
Generate a new keypair.
$ docker trust key generate nigel
Generating key for nigel...
Enter passphrase for new nigel key with ID 1f78609:
Repeat passphrase for new nigel key with ID 1f78609:
Successfully generated and loaded private key.... public key available: /root/nigel.pub
Associate keypair with new Docker Hub repo. Obviously create a new repo of your own.
$ docker trust signer add --key nigel.pub nigel nigelpoulton/ddd-trust2024
Adding signer "nigel" to nigelpoulton/dct...
Initializing signed repository for nigelpoulton/dct...
Enter passphrase for root key with ID aee3314:
Enter passphrase for new repository key with ID 1a18dd1:
Repeat passphrase for new repository key with ID 1a18dd1:
Successfully initialized "nigelpoulton/dct"
Successfully added signer: nigel to nigelpoulton/dct
Sign an image and push to the new repo.
$ docker trust sign nigelpoulton/ddd-trust2024:signed
Signing and pushing trust data for local image nigelpoulton/ddd-trust2024:signed, may overwrite remote trust data
The push refers to repository [docker.io/nigelpoulton/ddd-trust2024]
4f4fb700ef54: Layer already exists
6495b414566f: Already exists
798676f7ef8b: Layer already exists
bca4290a9639: Layer already exists
5e1fc7f5df34: Layer already exists
28ad2149d870: Layer already exists
signed: digest: sha256:b65f9a1aa4e670bbafd0fbb91281ea95f9cdc5728aa546579e248dfbc0ea4bde size: 856
Signing and pushing trust metadata
failed to sign docker.io/nigelpoulton/ddd-trust2024:signed: no hashes specified for target ""
The image is pushed tot he repo but isn't signed. The last line of the output form step 3 seems to indicate the image name isn't being parsed properly. But that's a guess.
Expected behavior
The last command should ask me to enter passphrase, sign the image and push the signed image to the repo.
The push refers to repository [docker.io/deindorfer/signtest:0.2]
0.2: digest: sha256:f93075552d3e4a5e944556131f230f3e1ff80f39aa96634bae03bcc7d7374968 size: 424
Signing and pushing trust metadata
failed to sign docker.io/deindorfer/signtest:0.2: no hashes specified for target ""
Description
I'm experiencing issues using Docker Content Trust to sign images using Docker Desktop on an M1 Mac (v4.30.0). I've tested the exact same process using Docker in a Multipass VM and it works fine there.
Reproduce
The image is pushed tot he repo but isn't signed. The last line of the output form step 3 seems to indicate the image name isn't being parsed properly. But that's a guess.
Expected behavior
The last command should ask me to enter passphrase, sign the image and push the signed image to the repo.
It's failing to sign the image.
docker version
Client: Cloud integration: v1.0.35+desktop.13 Version: 26.1.1 API version: 1.45 Go version: go1.21.9 Git commit: 4cf5afa Built: Tue Apr 30 11:44:56 2024 OS/Arch: darwin/arm64 Context: desktop-linux Server: Docker Desktop 4.30.0 (149282) Engine: Version: 26.1.1 API version: 1.45 (minimum version 1.24) Go version: go1.21.9 Git commit: ac2de55 Built: Tue Apr 30 11:48:04 2024 OS/Arch: linux/arm64 Experimental: false containerd: Version: 1.6.31 GitCommit: e377cd56a71523140ca6ae87e30244719194a521 runc: Version: 1.1.12 GitCommit: v1.1.12-0-g51d5e94 docker-init: Version: 0.19.0 GitCommit: de40ad0
docker info
Diagnostics ID
1B03B269-2302-40C7-8949-C2B1DE453584/20240507131954
Additional Info
It works as expected on a Multipass VM (Multipass on Mac M1/arm) running the following Docker version.
Docker version from Multipass VM
Docker info from Multipass VM
The text was updated successfully, but these errors were encountered: