You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi 👋
I want to sign a local image that hasn't yet been uploaded to a registry (or the registry is not reachable right now) with --upload=false --output-signature=signature.sig --output-certificate=certificate.crt. Right now this fails with:
$ cosign sign -y --upload=false --output-signature=disconnected-fulcio.sig --output-certificate=disconnected-fulcio.crt foobarasd.com/myimage@sha256:2bbea7758536b170efcb168dc7cea3379908c2649af3e75ebac10161ddd513c2
Generating ephemeral keys...
Retrieving signed certificate...
<snip>
Successfully verified SCT...
Error: signing [foobarasd.com/myimage@sha256:2bbea7758536b170efcb168dc7cea3379908c2649af3e75ebac10161ddd513c2]: accessing image: Get "https://foobarasd.com/v2/": dial tcp: lookup foobarasd.com on 192.168.1.20:53: no such host
main.go:74: error during command execution: signing [foobarasd.com/myimage@sha256:2bbea7758536b170efcb168dc7cea3379908c2649af3e75ebac10161ddd513c2]: accessing image: Get "https://foobarasd.com/v2/": dial tcp: lookup foobarasd.com on 192.168.1.20:53: no such host
I think this should work, because to generate these artifacts locally we don't need to access the registry.
I have a simple change that I tested locally that I could submit as a PR if you folks think that this makes sense - please let me know. Thank you!
The text was updated successfully, but these errors were encountered:
@slimm609 I didn't have time to work on this properly in the past 2 months, but I have some free time on my hands right now, so I'm going to revamp the PR that I submitted and try to make sure that your scenario is accounted for.
Description
Hi 👋
I want to sign a local image that hasn't yet been uploaded to a registry (or the registry is not reachable right now) with
--upload=false --output-signature=signature.sig --output-certificate=certificate.crt
. Right now this fails with:I think this should work, because to generate these artifacts locally we don't need to access the registry.
I have a simple change that I tested locally that I could submit as a PR if you folks think that this makes sense - please let me know. Thank you!
The text was updated successfully, but these errors were encountered: