在 docker trust 通过 GitLab CI 为我工作了一个月后,我突然收到了这条消息。
我有一个 Gitlab Runner,它挂载 ~/.docker/trust (因此它保持不变)并将其推送到我们的 QA 注册表。
tag_image_test:
stage: tag_image
script:
- docker login -u "gitlab-ci-token" -p "$CI_BUILD_TOKEN" $CI_REGISTRY
- docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"
- export DOCKER_CONTENT_TRUST=1
- export DOCKER_CONTENT_TRUST_SERVER=$QA_REGISTRY_SIGNER
- export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$QA_REGISTRY_SIGNER_ROOT_PASSPHRASE
- export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$QA_REGISTRY_SIGNER_REPO_PASSPHRASE
- docker login -u "$QA_REGISTRY_USERNAME" -p "$QA_REGISTRY_PASSWORD" $QA_REGISTRY_URL
- export PROJ_PATH=$(echo -en $CI_PROJECT_PATH | tr '[:upper:]' '[:lower:]')
- docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}" "${QA_REGISTRY_IMAGE}/${PROJ_PATH}:${CI_COMMIT_REF_SLUG}"
- docker push "${QA_REGISTRY_IMAGE}/${PROJ_PATH}:${CI_COMMIT_REF_SLUG}"
但是推送命令以:
time="2019-03-18T11:51:14Z" level=debug msg="failed to verify TUF data for: qa.registry.local/mygroup/myimage, valid signatures did not meet threshold for "
time="2019-03-18T11:51:14Z" level=debug msg="downloaded 1.root is invalid: could not rotate trust to a new trusted root: failed to validate data with current trusted certificates"
time="2019-03-18T11:51:14Z" level=debug msg="Client Update (Root): could not rotate trust to a new trusted root: failed to validate data with current trusted certificates"
could not rotate trust to a new trusted root: failed to validate data with current trusted certificates
当我查看root.json
文件时,到期时间不是很长:
"expires":"2029-02-08T15:07:05.172338131Z"
同样适用于targets.json
:
"expires":"2022-02-10T15:07:05.173954376Z"
所以我对正在发生的事情感到茫然,可能不明白它想要做什么。有没有人有任何见解?