Details
Description
Description of problem:
When verify a image signature using 'oc adm verify-image-signature', the cmd prompt The Image "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" is invalid: * signatures[0].metadata.name: Required value: name or generateName is required * signatures[0].metadata.name: Invalid value: "": name must be of format <imageName>@<signatureName> * signatures[0].type: Required value * signatures[0].content: Required value
Version-Release number of selected component (if applicable):
oc version Client Version: 4.13.0-0.nightly-2023-03-19-052243 Kustomize Version: v4.5.7 Kubernetes Version: v1.26.2+06e8c46
How reproducible:
always
Steps to Reproduce:
1.Get a GPG key using 'gpg2 --gen-key' $gpg2 -k /home/xiuwang/.gnupg/pubring.gpg -------------------------------- pub rsa2048 2018-12-03 [SC] E391E2E84374B59D656CF3C13170B974F22A5D37 uid [ultimate] Xiujuan Wang (Devexp Qe) <xiuwang@redhat.com> sub rsa2048 2018-12-03 [E] pub rsa2048 2023-03-21 [SC] [expires: 2025-03-20] F3EC44A87D55839B9C1CC7131487CB03D896135F uid [ultimate] xiuwang <xiuwang@redhat.com> sub rsa2048 2023-03-21 [E] [expires: 2025-03-20] 2.Grant the common user image-auditor and system:image-signer rights $oc adm policy add-cluster-role-to-user system:image-auditor -u testuser-44 -n xiuwang $oc adm policy add-cluster-role-to-user system:image-signer -u testuser-44 -n xiuwang 3. $export token=$(oc whoami -t) $export route=default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com 4.Sign a image in the image registry using the GPG key $skopeo --insecure-policy copy --sign-by F3EC44A87D55839B9C1CC7131487CB03D896135F --dest-creds testuser-44:$token docker://quay.io/openshifttest/skopeo@sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e docker://$route/xiuwang/test:latest --all --dest-tls-verify=false Getting image source signatures Copying blob af51708ecc94 skipped: already exists Copying blob 4f4fb700ef54 skipped: already exists Copying blob ac34708d38ec skipped: already exists Copying blob bcb630a3fb42 skipped: already exists Copying blob a0d0a0d46f8b skipped: already exists Copying blob 912c10c908b3 [--------------------------------------] 0.0b / 0.0b Copying config f723dedc7f [--------------------------------------] 0.0b / 2.1KiB Writing manifest to image destination Signing manifest Storing signatures 4. Verify the signature using 'oc adm verify-image-signature' $oc adm verify-image-signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e --public-key=/home/xiuwang/.gnupg/pubring.gpg --expected-identity=image-registry.openshift-image-registry.svc:5000/xiuwang/test --registry-url=$route --insecure=true --save
Actual results:
$oc adm verify-image-signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e --public-key=/home/xiuwang/.gnupg/pubring.gpg --expected-identity=image-registry.openshift-image-registry.svc:5000/xiuwang/test --registry-url=$route --insecure=true --save error verifying signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c for image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e (verification status will be removed): signature rejected: Signature for identity default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/xiuwang/test:latest is not accepted The Image "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" is invalid: * signatures[0].metadata.name: Required value: name or generateName is required * signatures[0].metadata.name: Invalid value: "": name must be of format <imageName>@<signatureName> * signatures[0].type: Required value * signatures[0].content: Required value
Expected results:
Could verify the image signature
Additional info:
oc adm verify-image-signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e --public-key=/home/xiuwang/.gnupg/pubring.gpg --expected-identity=image-registry.openshift-image-registry.svc:5000/xiuwang/test --registry-url=$route --insecure=true --save --loglevel=8 I0321 15:02:26.600440 13864 loader.go:373] Config loaded from file: /home/xiuwang/.kube/config I0321 15:02:26.601249 13864 round_trippers.go:463] GET https://api.sunilc-cgroup.qe.devcluster.openshift.com:6443/apis/user.openshift.io/v1/users/~ I0321 15:02:26.601264 13864 round_trippers.go:469] Request Headers: I0321 15:02:26.601276 13864 round_trippers.go:473] Accept: application/json, */* I0321 15:02:26.601287 13864 round_trippers.go:473] User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430 I0321 15:02:26.601298 13864 round_trippers.go:473] Authorization: Bearer <masked> I0321 15:02:27.570580 13864 round_trippers.go:574] Response Status: 200 OK in 969 milliseconds I0321 15:02:27.570643 13864 round_trippers.go:577] Response Headers: I0321 15:02:27.570709 13864 round_trippers.go:580] Audit-Id: b003b231-7a9d-4929-a1a2-3e4f5a7419f6 I0321 15:02:27.570740 13864 round_trippers.go:580] Audit-Id: b003b231-7a9d-4929-a1a2-3e4f5a7419f6 I0321 15:02:27.570767 13864 round_trippers.go:580] Content-Type: application/json I0321 15:02:27.570813 13864 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b I0321 15:02:27.570862 13864 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b I0321 15:02:27.570905 13864 round_trippers.go:580] Content-Length: 506 I0321 15:02:27.570945 13864 round_trippers.go:580] Cache-Control: no-cache, private I0321 15:02:27.570992 13864 round_trippers.go:580] Cache-Control: no-cache, private I0321 15:02:27.571036 13864 round_trippers.go:580] Date: Tue, 21 Mar 2023 06:49:34 GMT I0321 15:02:27.571081 13864 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload I0321 15:02:27.571125 13864 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3 I0321 15:02:27.571170 13864 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3 I0321 15:02:27.571229 13864 request.go:1171] Response Body: {"kind":"User","apiVersion":"user.openshift.io/v1","metadata":{"name":"testuser-44","uid":"58484210-4517-433e-8684-c20298a5faf8","resourceVersion":"602317","creationTimestamp":"2023-03-21T02:07:40Z","managedFields":[{"manager":"Go-http-client","operation":"Update","apiVersion":"user.openshift.io/v1","time":"2023-03-21T02:07:40Z","fieldsType":"FieldsV1","fieldsV1":{"f:identities":{}}}]},"identities":["flexy-htpasswd-provider:testuser-44"],"groups":["system:authenticated","system:authenticated:oauth"]} I0321 15:02:27.572559 13864 round_trippers.go:463] GET https://api.sunilc-cgroup.qe.devcluster.openshift.com:6443/apis/image.openshift.io/v1/images/sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e I0321 15:02:27.572604 13864 round_trippers.go:469] Request Headers: I0321 15:02:27.572646 13864 round_trippers.go:473] Accept: application/json, */* I0321 15:02:27.572710 13864 round_trippers.go:473] User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430 I0321 15:02:27.572755 13864 round_trippers.go:473] Authorization: Bearer <masked> I0321 15:02:27.786768 13864 round_trippers.go:574] Response Status: 200 OK in 213 milliseconds I0321 15:02:27.786842 13864 round_trippers.go:577] Response Headers: I0321 15:02:27.786898 13864 round_trippers.go:580] Cache-Control: no-cache, private I0321 15:02:27.786928 13864 round_trippers.go:580] Cache-Control: no-store I0321 15:02:27.786954 13864 round_trippers.go:580] Content-Type: application/json I0321 15:02:27.786998 13864 round_trippers.go:580] Date: Tue, 21 Mar 2023 06:49:34 GMT I0321 15:02:27.787061 13864 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3 I0321 15:02:27.787113 13864 round_trippers.go:580] Content-Length: 3371 I0321 15:02:27.787161 13864 round_trippers.go:580] Audit-Id: 91248792-61ce-4537-9e93-ec3ac3e9df9c I0321 15:02:27.787213 13864 round_trippers.go:580] Audit-Id: 91248792-61ce-4537-9e93-ec3ac3e9df9c I0321 15:02:27.787262 13864 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload I0321 15:02:27.787310 13864 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b I0321 15:02:27.787474 13864 request.go:1171] Response Body: {"kind":"Image","apiVersion":"image.openshift.io/v1","metadata":{"name":"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","uid":"e1d65b2d-9066-4afb-966a-e69180982628","resourceVersion":"725012","creationTimestamp":"2023-03-21T06:26:59Z","annotations":{"image.openshift.io/dockerLayersOrder":"ascending","image.openshift.io/manifestBlobStored":"true","openshift.io/image.managed":"true"}},"dockerImageReference":"image-registry.openshift-image-registry.svc:5000/xiuwang/test@sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","dockerImageMetadata":{"kind":"DockerImage","apiVersion":"image.openshift.io/1.0","Id":"sha256:f723dedc7f27ef5581d4f020625e0378b210e6a684cd74ebd318d11775c1db1c","Created":"2022-05-24T12:17:18Z","ContainerConfig":{},"Config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"]},"Architecture":"amd64","Size":36033074},"dockerImageMetadataVersion":"1.0","dockerImageLayers":[{"name":"sha256:a0d0a0d46f8b52473982a [truncated 2347 chars] I0321 15:02:27.788592 13864 client_mirrored.go:174] Attempting to connect to default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/xiuwang/test I0321 15:02:27.788737 13864 round_trippers.go:463] GET https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/v2/ I0321 15:02:27.788771 13864 round_trippers.go:469] Request Headers: I0321 15:02:27.788823 13864 round_trippers.go:473] User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430 I0321 15:02:28.674420 13864 round_trippers.go:574] Response Status: 401 Unauthorized in 885 milliseconds I0321 15:02:28.674486 13864 round_trippers.go:577] Response Headers: I0321 15:02:28.674548 13864 round_trippers.go:580] Content-Type: application/json; charset=utf-8 I0321 15:02:28.674603 13864 round_trippers.go:580] Docker-Distribution-Api-Version: registry/2.0 I0321 15:02:28.674641 13864 round_trippers.go:580] Www-Authenticate: Bearer realm="https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/openshift/token" I0321 15:02:28.674712 13864 round_trippers.go:580] X-Registry-Supports-Signatures: 1 I0321 15:02:28.674769 13864 round_trippers.go:580] Date: Tue, 21 Mar 2023 06:49:35 GMT I0321 15:02:28.674819 13864 round_trippers.go:580] Content-Length: 87 I0321 15:02:28.674870 13864 round_trippers.go:580] Set-Cookie: 34727b82525eb26a530629c5bf0ec2f2=078ee8bd37ca6339cf39ae82f98240da; path=/; HttpOnly; Secure; SameSite=None I0321 15:02:28.678074 13864 round_trippers.go:463] GET https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/openshift/token?account=user&scope=repository%3Axiuwang%2Ftest%3Apull I0321 15:02:28.678123 13864 round_trippers.go:469] Request Headers: I0321 15:02:28.678180 13864 round_trippers.go:473] Authorization: Basic <masked> I0321 15:02:28.678221 13864 round_trippers.go:473] User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430 I0321 15:02:29.799803 13864 round_trippers.go:574] Response Status: 200 OK in 1121 milliseconds I0321 15:02:29.799855 13864 round_trippers.go:577] Response Headers: I0321 15:02:29.799886 13864 round_trippers.go:580] Content-Length: 131 I0321 15:02:29.799914 13864 round_trippers.go:580] Set-Cookie: 34727b82525eb26a530629c5bf0ec2f2=bd16993c7dbc90c87cce36a2ea8b8131; path=/; HttpOnly; Secure; SameSite=None I0321 15:02:29.799937 13864 round_trippers.go:580] Cache-Control: private I0321 15:02:29.799958 13864 round_trippers.go:580] Content-Type: application/json I0321 15:02:29.799989 13864 round_trippers.go:580] Docker-Distribution-Api-Version: registry/2.0 I0321 15:02:29.800019 13864 round_trippers.go:580] Date: Tue, 21 Mar 2023 06:49:36 GMT I0321 15:02:29.800283 13864 round_trippers.go:463] GET https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/v2/xiuwang/test/manifests/sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e I0321 15:02:29.800313 13864 round_trippers.go:469] Request Headers: I0321 15:02:29.800363 13864 round_trippers.go:473] Accept: application/vnd.docker.distribution.manifest.v1+prettyjws I0321 15:02:29.800405 13864 round_trippers.go:473] Accept: application/json I0321 15:02:29.800436 13864 round_trippers.go:473] Accept: application/vnd.oci.image.manifest.v1+json I0321 15:02:29.800466 13864 round_trippers.go:473] Accept: application/vnd.docker.distribution.manifest.v2+json I0321 15:02:29.800496 13864 round_trippers.go:473] Accept: application/vnd.docker.distribution.manifest.list.v2+json I0321 15:02:29.800527 13864 round_trippers.go:473] Accept: application/vnd.oci.image.index.v1+json I0321 15:02:29.800561 13864 round_trippers.go:473] Authorization: Bearer <masked> I0321 15:02:29.800591 13864 round_trippers.go:473] User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430 I0321 15:02:30.519981 13864 round_trippers.go:574] Response Status: 200 OK in 719 milliseconds I0321 15:02:30.520059 13864 round_trippers.go:577] Response Headers: I0321 15:02:30.520119 13864 round_trippers.go:580] Content-Length: 1579 I0321 15:02:30.520170 13864 round_trippers.go:580] Docker-Distribution-Api-Version: registry/2.0 I0321 15:02:30.520220 13864 round_trippers.go:580] Etag: "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" I0321 15:02:30.520265 13864 round_trippers.go:580] Content-Type: application/vnd.docker.distribution.manifest.v2+json I0321 15:02:30.520314 13864 round_trippers.go:580] Docker-Content-Digest: sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e I0321 15:02:30.520361 13864 round_trippers.go:580] Cache-Control: private I0321 15:02:30.520408 13864 round_trippers.go:580] X-Registry-Supports-Signatures: 1 I0321 15:02:30.520455 13864 round_trippers.go:580] Date: Tue, 21 Mar 2023 06:49:37 GMT I0321 15:02:30.520503 13864 round_trippers.go:580] Set-Cookie: 34727b82525eb26a530629c5bf0ec2f2=bd16993c7dbc90c87cce36a2ea8b8131; path=/; HttpOnly; Secure; SameSite=None I0321 15:02:30.521078 13864 client_mirrored.go:412] get manifest for sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e served from registryclient.retryManifest{ManifestService:registryclient.manifestServiceVerifier{ManifestService:(*client.manifests)(0xc000e1c2a0)}, repo:(*registryclient.retryRepository)(0xc00012b680)}: <nil> error verifying signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c for image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e (verification status will be removed): signature rejected: Signature for identity default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/xiuwang/test:latest is not accepted I0321 15:02:30.524315 13864 request.go:1171] Request Body: {"kind":"Image","apiVersion":"image.openshift.io/v1","metadata":{"name":"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","uid":"e1d65b2d-9066-4afb-966a-e69180982628","resourceVersion":"725012","creationTimestamp":"2023-03-21T06:26:59Z","annotations":{"image.openshift.io/dockerLayersOrder":"ascending","image.openshift.io/manifestBlobStored":"true","openshift.io/image.managed":"true"}},"dockerImageReference":"image-registry.openshift-image-registry.svc:5000/xiuwang/test@sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","dockerImageMetadata":{"kind":"DockerImage","apiVersion":"image.openshift.io/1.0","Id":"sha256:f723dedc7f27ef5581d4f020625e0378b210e6a684cd74ebd318d11775c1db1c","Created":"2022-05-24T12:17:18Z","ContainerConfig":{},"Config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"]},"Architecture":"amd64","Size":36033074},"dockerImageMetadataVersion":"1.0","dockerImageLayers":[{"name":"sha256:a0d0a0d46f8b52473982a [truncated 1099 chars] I0321 15:02:30.524510 13864 round_trippers.go:463] PUT https://api.sunilc-cgroup.qe.devcluster.openshift.com:6443/apis/image.openshift.io/v1/images/sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e I0321 15:02:30.524544 13864 round_trippers.go:469] Request Headers: I0321 15:02:30.524596 13864 round_trippers.go:473] User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430 I0321 15:02:30.524645 13864 round_trippers.go:473] Accept: application/json, */* I0321 15:02:30.524713 13864 round_trippers.go:473] Content-Type: application/json I0321 15:02:30.524767 13864 round_trippers.go:473] Authorization: Bearer <masked> I0321 15:02:31.081962 13864 round_trippers.go:574] Response Status: 422 Unprocessable Entity in 557 milliseconds I0321 15:02:31.082036 13864 round_trippers.go:577] Response Headers: I0321 15:02:31.082086 13864 round_trippers.go:580] Content-Length: 1132 I0321 15:02:31.082117 13864 round_trippers.go:580] Audit-Id: 8537aeb0-e7ec-4368-9e42-153a21f9b175 I0321 15:02:31.082160 13864 round_trippers.go:580] Audit-Id: 8537aeb0-e7ec-4368-9e42-153a21f9b175 I0321 15:02:31.082215 13864 round_trippers.go:580] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload I0321 15:02:31.082273 13864 round_trippers.go:580] Date: Tue, 21 Mar 2023 06:49:37 GMT I0321 15:02:31.082317 13864 round_trippers.go:580] X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b I0321 15:02:31.082363 13864 round_trippers.go:580] X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3 I0321 15:02:31.082411 13864 round_trippers.go:580] Cache-Control: no-cache, private I0321 15:02:31.082461 13864 round_trippers.go:580] Cache-Control: no-store I0321 15:02:31.082509 13864 round_trippers.go:580] Content-Type: application/json I0321 15:02:31.082703 13864 request.go:1171] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Image.image.openshift.io \"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e\" is invalid: [signatures[0].metadata.name: Required value: name or generateName is required, signatures[0].metadata.name: Invalid value: \"\": name must be of format \u003cimageName\u003e@\u003csignatureName\u003e, signatures[0].type: Required value, signatures[0].content: Required value]","reason":"Invalid","details":{"name":"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","group":"image.openshift.io","kind":"Image","causes":[{"reason":"FieldValueRequired","message":"Required value: name or generateName is required","field":"signatures[0].metadata.name"},{"reason":"FieldValueInvalid","message":"Invalid value: \"\": name must be of format \u003cimageName\u003e@\u003csignatureName\u003e","field":"signatures[0].metadata.name"},{"reason":"FieldValueRequired","message":"Required value","field":"signatures[0].type [truncated 108 chars] The Image "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" is invalid: * signatures[0].metadata.name: Required value: name or generateName is required * signatures[0].metadata.name: Invalid value: "": name must be of format <imageName>@<signatureName> * signatures[0].type: Required value * signatures[0].content: Required value
Could get the image signature in the image object $oc get images sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures}' |jq -r [ { "content": "owGbwMvMwMEo0n6a+cY04XjG0wfWJzGkSAYnVSslF2WWZCYn5ihZVStlpqTmlWSWVILYKfnJ2alFukWpaalFqXnJqUpWSimpaYmlOSW6RfmlJam6+QWpecUZmWklupm5iempQJXpmcUlRZV6iQUFxXrFpXmZOcm6yelAxQV6hal6KallyTmlxSWpRXpwnXrJ+bn6FZml5Yl56folqcUlVjmJIEqpVkcJbCiSQ3IT8zLTgHK6KZnpICVWSsUZiUamZlYp5mYp5pamxklp5hbmqUYpqSlphmZplqnmRonJKeZJFiZGlmZpBikmJoaGpklAlGhobmScnJaSZJRsZJxmlAqyrKSyAOTBxJL83MxkheT8vJLEzLzUIoXizPS8xJLSIrCi/IKSzPw8SEglF6UCFRch9JjqGRroGSkBjcrMBTovMbdAycrQzNzS2MLQ2MSstraT0ZiFgZGDQVZMkeXzG5cVtaHNs+fIHBeGRQkrEyg6GLg4BWAi7MwcDLs0zkSlmutMMG9f43vDN2bZ/0PL15yW055csjtfz8ftuvVPLul3LHtYb79bmXp4ybQoj5SapX95m5jmm03OqzNxjfs1I3VV15mAz/02W18pFslOaF0uu6Pj39W29psZ3ImX6vne3uu4LJ4lbDsnSHeBN2tSzmehmYtZW6YWrNDcbP/E4XT/a2/1KbLb72pOefjhqrCrxgKP/1vWBprzpG//K35N1v3vFw/l09cXWvM637BldY8Se7ijtj7h9/2Ms+tELwi1yq9eXFPrN8tlivaMLKt3Mie83E8Kn2Q/zndP5EtI/w3ebItDzhrcKj3LHj2vsUv1WnzUd+sMpsqw+7qzWRUltx14PHlaRcWdBwA=", "metadata": { "creationTimestamp": "2023-03-21T06:36:15Z", "managedFields": [ { "apiVersion": "image.openshift.io/v1", "fieldsType": "FieldsV1", "fieldsV1": { "f:content": {}, "f:type": {} }, "manager": "dockerregistry", "operation": "Update", "time": "2023-03-21T06:36:15Z" } ], "name": "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c", "uid": "147309cd-76e1-4584-ba20-92ff4cbf94dc" }, "type": "atomic" } ] $ oc get image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures[0].metadata.name}' sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c $ oc get image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures[0].type}' atomic $oc get image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures[0].content}' owGbwMvMwMEo0n6a+cY04XjG0wfWJzGkSAYnVSslF2WWZCYn5ihZVStlpqTmlWSWVILYKfnJ2alFukWpaalFqXnJqUpWSimpaYmlOSW6RfmlJam6+QWpecUZmWklupm5iempQJXpmcUlRZV6iQUFxXrFpXmZOcm6yelAxQV6hal6KallyTmlxSWpRXpwnXrJ+bn6FZml5Yl56folqcUlVjmJIEqpVkcJbCiSQ3IT8zLTgHK6KZnpICVWSsUZiUamZlYp5mYp5pamxklp5hbmqUYpqSlphmZplqnmRonJKeZJFiZGlmZpBikmJoaGpklAlGhobmScnJaSZJRsZJxmlAqyrKSyAOTBxJL83MxkheT8vJLEzLzUIoXizPS8xJLSIrCi/IKSzPw8SEglF6UCFRch9JjqGRroGSkBjcrMBTovMbdAycrQzNzS2MLQ2MSstraT0ZiFgZGDQVZMkeXzG5cVtaHNs+fIHBeGRQkrEyg6GLg4BWAi7MwcDLs0zkSlmutMMG9f43vDN2bZ/0PL15yW055csjtfz8ftuvVPLul3LHtYb79bmXp4ybQoj5SapX95m5jmm03OqzNxjfs1I3VV15mAz/02W18pFslOaF0uu6Pj39W29psZ3ImX6vne3uu4LJ4lbDsnSHeBN2tSzmehmYtZW6YWrNDcbP/E4XT/a2/1KbLb72pOefjhqrCrxgKP/1vWBprzpG//K35N1v3vFw/l09cXWvM637BldY8Se7ijtj7h9/2Ms+tELwi1yq9eXFPrN8tlivaMLKt3Mie83E8Kn2Q/zndP5EtI/w3ebItDzhrcKj3LHj2vsUv1WnzUd+sMpsqw+7qzWRUltx14PHlaRcWdBwA=