Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-10590

Can't verify image signature using 'oc adm verify-image-signature'

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • 4.13, 4.12, 4.11, 4.10, 4.9, 4.8
    • oc
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • No
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      When verify a image signature using 'oc adm verify-image-signature', the cmd prompt
The Image "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" is invalid: 
* signatures[0].metadata.name: Required value: name or generateName is required
* signatures[0].metadata.name: Invalid value: "": name must be of format <imageName>@<signatureName>
* signatures[0].type: Required value
* signatures[0].content: Required value

      Version-Release number of selected component (if applicable):

      oc version 
Client Version: 4.13.0-0.nightly-2023-03-19-052243
Kustomize Version: v4.5.7
Kubernetes Version: v1.26.2+06e8c46

      How reproducible:

      always

      Steps to Reproduce:

      1.Get a GPG key using 'gpg2 --gen-key'
$gpg2 -k
/home/xiuwang/.gnupg/pubring.gpg
--------------------------------
pub   rsa2048 2018-12-03 [SC]
      E391E2E84374B59D656CF3C13170B974F22A5D37
uid           [ultimate] Xiujuan Wang (Devexp Qe) <xiuwang@redhat.com>
sub   rsa2048 2018-12-03 [E]


pub   rsa2048 2023-03-21 [SC] [expires: 2025-03-20]
      F3EC44A87D55839B9C1CC7131487CB03D896135F
uid           [ultimate] xiuwang <xiuwang@redhat.com>
sub   rsa2048 2023-03-21 [E] [expires: 2025-03-20]

2.Grant the common user image-auditor and system:image-signer rights
$oc adm policy add-cluster-role-to-user system:image-auditor -u testuser-44 -n xiuwang
$oc adm policy add-cluster-role-to-user system:image-signer -u testuser-44 -n xiuwang

3. $export token=$(oc whoami -t)
 $export route=default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com

4.Sign a image in the image registry using the GPG key
$skopeo --insecure-policy copy --sign-by F3EC44A87D55839B9C1CC7131487CB03D896135F  --dest-creds testuser-44:$token docker://quay.io/openshifttest/skopeo@sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e  docker://$route/xiuwang/test:latest --all  --dest-tls-verify=false
Getting image source signatures
Copying blob af51708ecc94 skipped: already exists  
Copying blob 4f4fb700ef54 skipped: already exists  
Copying blob ac34708d38ec skipped: already exists  
Copying blob bcb630a3fb42 skipped: already exists  
Copying blob a0d0a0d46f8b skipped: already exists  
Copying blob 912c10c908b3 [--------------------------------------] 0.0b / 0.0b
Copying config f723dedc7f [--------------------------------------] 0.0b / 2.1KiB
Writing manifest to image destination
Signing manifest
Storing signatures

4. Verify the signature using 'oc adm verify-image-signature'
$oc adm verify-image-signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e  --public-key=/home/xiuwang/.gnupg/pubring.gpg  --expected-identity=image-registry.openshift-image-registry.svc:5000/xiuwang/test  --registry-url=$route  --insecure=true --save

      Actual results:

      $oc adm verify-image-signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e  --public-key=/home/xiuwang/.gnupg/pubring.gpg  --expected-identity=image-registry.openshift-image-registry.svc:5000/xiuwang/test  --registry-url=$route  --insecure=true --save
error verifying signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c for image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e (verification status will be removed): signature rejected: Signature for identity default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/xiuwang/test:latest is not accepted
The Image "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" is invalid: 
* signatures[0].metadata.name: Required value: name or generateName is required
* signatures[0].metadata.name: Invalid value: "": name must be of format <imageName>@<signatureName>
* signatures[0].type: Required value
* signatures[0].content: Required value

      Expected results:

      Could verify the image signature

      Additional info:

      oc adm verify-image-signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e  --public-key=/home/xiuwang/.gnupg/pubring.gpg  --expected-identity=image-registry.openshift-image-registry.svc:5000/xiuwang/test  --registry-url=$route  --insecure=true --save --loglevel=8
I0321 15:02:26.600440   13864 loader.go:373] Config loaded from file:  /home/xiuwang/.kube/config
I0321 15:02:26.601249   13864 round_trippers.go:463] GET https://api.sunilc-cgroup.qe.devcluster.openshift.com:6443/apis/user.openshift.io/v1/users/~
I0321 15:02:26.601264   13864 round_trippers.go:469] Request Headers:
I0321 15:02:26.601276   13864 round_trippers.go:473]     Accept: application/json, */*
I0321 15:02:26.601287   13864 round_trippers.go:473]     User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430
I0321 15:02:26.601298   13864 round_trippers.go:473]     Authorization: Bearer <masked>
I0321 15:02:27.570580   13864 round_trippers.go:574] Response Status: 200 OK in 969 milliseconds
I0321 15:02:27.570643   13864 round_trippers.go:577] Response Headers:
I0321 15:02:27.570709   13864 round_trippers.go:580]     Audit-Id: b003b231-7a9d-4929-a1a2-3e4f5a7419f6
I0321 15:02:27.570740   13864 round_trippers.go:580]     Audit-Id: b003b231-7a9d-4929-a1a2-3e4f5a7419f6
I0321 15:02:27.570767   13864 round_trippers.go:580]     Content-Type: application/json
I0321 15:02:27.570813   13864 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b
I0321 15:02:27.570862   13864 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b
I0321 15:02:27.570905   13864 round_trippers.go:580]     Content-Length: 506
I0321 15:02:27.570945   13864 round_trippers.go:580]     Cache-Control: no-cache, private
I0321 15:02:27.570992   13864 round_trippers.go:580]     Cache-Control: no-cache, private
I0321 15:02:27.571036   13864 round_trippers.go:580]     Date: Tue, 21 Mar 2023 06:49:34 GMT
I0321 15:02:27.571081   13864 round_trippers.go:580]     Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
I0321 15:02:27.571125   13864 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3
I0321 15:02:27.571170   13864 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3
I0321 15:02:27.571229   13864 request.go:1171] Response Body: {"kind":"User","apiVersion":"user.openshift.io/v1","metadata":{"name":"testuser-44","uid":"58484210-4517-433e-8684-c20298a5faf8","resourceVersion":"602317","creationTimestamp":"2023-03-21T02:07:40Z","managedFields":[{"manager":"Go-http-client","operation":"Update","apiVersion":"user.openshift.io/v1","time":"2023-03-21T02:07:40Z","fieldsType":"FieldsV1","fieldsV1":{"f:identities":{}}}]},"identities":["flexy-htpasswd-provider:testuser-44"],"groups":["system:authenticated","system:authenticated:oauth"]}
I0321 15:02:27.572559   13864 round_trippers.go:463] GET https://api.sunilc-cgroup.qe.devcluster.openshift.com:6443/apis/image.openshift.io/v1/images/sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e
I0321 15:02:27.572604   13864 round_trippers.go:469] Request Headers:
I0321 15:02:27.572646   13864 round_trippers.go:473]     Accept: application/json, */*
I0321 15:02:27.572710   13864 round_trippers.go:473]     User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430
I0321 15:02:27.572755   13864 round_trippers.go:473]     Authorization: Bearer <masked>
I0321 15:02:27.786768   13864 round_trippers.go:574] Response Status: 200 OK in 213 milliseconds
I0321 15:02:27.786842   13864 round_trippers.go:577] Response Headers:
I0321 15:02:27.786898   13864 round_trippers.go:580]     Cache-Control: no-cache, private
I0321 15:02:27.786928   13864 round_trippers.go:580]     Cache-Control: no-store
I0321 15:02:27.786954   13864 round_trippers.go:580]     Content-Type: application/json
I0321 15:02:27.786998   13864 round_trippers.go:580]     Date: Tue, 21 Mar 2023 06:49:34 GMT
I0321 15:02:27.787061   13864 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3
I0321 15:02:27.787113   13864 round_trippers.go:580]     Content-Length: 3371
I0321 15:02:27.787161   13864 round_trippers.go:580]     Audit-Id: 91248792-61ce-4537-9e93-ec3ac3e9df9c
I0321 15:02:27.787213   13864 round_trippers.go:580]     Audit-Id: 91248792-61ce-4537-9e93-ec3ac3e9df9c
I0321 15:02:27.787262   13864 round_trippers.go:580]     Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
I0321 15:02:27.787310   13864 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b
I0321 15:02:27.787474   13864 request.go:1171] Response Body: {"kind":"Image","apiVersion":"image.openshift.io/v1","metadata":{"name":"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","uid":"e1d65b2d-9066-4afb-966a-e69180982628","resourceVersion":"725012","creationTimestamp":"2023-03-21T06:26:59Z","annotations":{"image.openshift.io/dockerLayersOrder":"ascending","image.openshift.io/manifestBlobStored":"true","openshift.io/image.managed":"true"}},"dockerImageReference":"image-registry.openshift-image-registry.svc:5000/xiuwang/test@sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","dockerImageMetadata":{"kind":"DockerImage","apiVersion":"image.openshift.io/1.0","Id":"sha256:f723dedc7f27ef5581d4f020625e0378b210e6a684cd74ebd318d11775c1db1c","Created":"2022-05-24T12:17:18Z","ContainerConfig":{},"Config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"]},"Architecture":"amd64","Size":36033074},"dockerImageMetadataVersion":"1.0","dockerImageLayers":[{"name":"sha256:a0d0a0d46f8b52473982a [truncated 2347 chars]
I0321 15:02:27.788592   13864 client_mirrored.go:174] Attempting to connect to default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/xiuwang/test
I0321 15:02:27.788737   13864 round_trippers.go:463] GET https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/v2/
I0321 15:02:27.788771   13864 round_trippers.go:469] Request Headers:
I0321 15:02:27.788823   13864 round_trippers.go:473]     User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430
I0321 15:02:28.674420   13864 round_trippers.go:574] Response Status: 401 Unauthorized in 885 milliseconds
I0321 15:02:28.674486   13864 round_trippers.go:577] Response Headers:
I0321 15:02:28.674548   13864 round_trippers.go:580]     Content-Type: application/json; charset=utf-8
I0321 15:02:28.674603   13864 round_trippers.go:580]     Docker-Distribution-Api-Version: registry/2.0
I0321 15:02:28.674641   13864 round_trippers.go:580]     Www-Authenticate: Bearer realm="https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/openshift/token"
I0321 15:02:28.674712   13864 round_trippers.go:580]     X-Registry-Supports-Signatures: 1
I0321 15:02:28.674769   13864 round_trippers.go:580]     Date: Tue, 21 Mar 2023 06:49:35 GMT
I0321 15:02:28.674819   13864 round_trippers.go:580]     Content-Length: 87
I0321 15:02:28.674870   13864 round_trippers.go:580]     Set-Cookie: 34727b82525eb26a530629c5bf0ec2f2=078ee8bd37ca6339cf39ae82f98240da; path=/; HttpOnly; Secure; SameSite=None
I0321 15:02:28.678074   13864 round_trippers.go:463] GET https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/openshift/token?account=user&scope=repository%3Axiuwang%2Ftest%3Apull
I0321 15:02:28.678123   13864 round_trippers.go:469] Request Headers:
I0321 15:02:28.678180   13864 round_trippers.go:473]     Authorization: Basic <masked>
I0321 15:02:28.678221   13864 round_trippers.go:473]     User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430
I0321 15:02:29.799803   13864 round_trippers.go:574] Response Status: 200 OK in 1121 milliseconds
I0321 15:02:29.799855   13864 round_trippers.go:577] Response Headers:
I0321 15:02:29.799886   13864 round_trippers.go:580]     Content-Length: 131
I0321 15:02:29.799914   13864 round_trippers.go:580]     Set-Cookie: 34727b82525eb26a530629c5bf0ec2f2=bd16993c7dbc90c87cce36a2ea8b8131; path=/; HttpOnly; Secure; SameSite=None
I0321 15:02:29.799937   13864 round_trippers.go:580]     Cache-Control: private
I0321 15:02:29.799958   13864 round_trippers.go:580]     Content-Type: application/json
I0321 15:02:29.799989   13864 round_trippers.go:580]     Docker-Distribution-Api-Version: registry/2.0
I0321 15:02:29.800019   13864 round_trippers.go:580]     Date: Tue, 21 Mar 2023 06:49:36 GMT
I0321 15:02:29.800283   13864 round_trippers.go:463] GET https://default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/v2/xiuwang/test/manifests/sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e
I0321 15:02:29.800313   13864 round_trippers.go:469] Request Headers:
I0321 15:02:29.800363   13864 round_trippers.go:473]     Accept: application/vnd.docker.distribution.manifest.v1+prettyjws
I0321 15:02:29.800405   13864 round_trippers.go:473]     Accept: application/json
I0321 15:02:29.800436   13864 round_trippers.go:473]     Accept: application/vnd.oci.image.manifest.v1+json
I0321 15:02:29.800466   13864 round_trippers.go:473]     Accept: application/vnd.docker.distribution.manifest.v2+json
I0321 15:02:29.800496   13864 round_trippers.go:473]     Accept: application/vnd.docker.distribution.manifest.list.v2+json
I0321 15:02:29.800527   13864 round_trippers.go:473]     Accept: application/vnd.oci.image.index.v1+json
I0321 15:02:29.800561   13864 round_trippers.go:473]     Authorization: Bearer <masked>
I0321 15:02:29.800591   13864 round_trippers.go:473]     User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430
I0321 15:02:30.519981   13864 round_trippers.go:574] Response Status: 200 OK in 719 milliseconds
I0321 15:02:30.520059   13864 round_trippers.go:577] Response Headers:
I0321 15:02:30.520119   13864 round_trippers.go:580]     Content-Length: 1579
I0321 15:02:30.520170   13864 round_trippers.go:580]     Docker-Distribution-Api-Version: registry/2.0
I0321 15:02:30.520220   13864 round_trippers.go:580]     Etag: "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e"
I0321 15:02:30.520265   13864 round_trippers.go:580]     Content-Type: application/vnd.docker.distribution.manifest.v2+json
I0321 15:02:30.520314   13864 round_trippers.go:580]     Docker-Content-Digest: sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e
I0321 15:02:30.520361   13864 round_trippers.go:580]     Cache-Control: private
I0321 15:02:30.520408   13864 round_trippers.go:580]     X-Registry-Supports-Signatures: 1
I0321 15:02:30.520455   13864 round_trippers.go:580]     Date: Tue, 21 Mar 2023 06:49:37 GMT
I0321 15:02:30.520503   13864 round_trippers.go:580]     Set-Cookie: 34727b82525eb26a530629c5bf0ec2f2=bd16993c7dbc90c87cce36a2ea8b8131; path=/; HttpOnly; Secure; SameSite=None
I0321 15:02:30.521078   13864 client_mirrored.go:412] get manifest for sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e served from registryclient.retryManifest{ManifestService:registryclient.manifestServiceVerifier{ManifestService:(*client.manifests)(0xc000e1c2a0)}, repo:(*registryclient.retryRepository)(0xc00012b680)}: <nil>
error verifying signature sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c for image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e (verification status will be removed): signature rejected: Signature for identity default-route-openshift-image-registry.apps.sunilc-cgroup.qe.devcluster.openshift.com/xiuwang/test:latest is not accepted
I0321 15:02:30.524315   13864 request.go:1171] Request Body: {"kind":"Image","apiVersion":"image.openshift.io/v1","metadata":{"name":"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","uid":"e1d65b2d-9066-4afb-966a-e69180982628","resourceVersion":"725012","creationTimestamp":"2023-03-21T06:26:59Z","annotations":{"image.openshift.io/dockerLayersOrder":"ascending","image.openshift.io/manifestBlobStored":"true","openshift.io/image.managed":"true"}},"dockerImageReference":"image-registry.openshift-image-registry.svc:5000/xiuwang/test@sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","dockerImageMetadata":{"kind":"DockerImage","apiVersion":"image.openshift.io/1.0","Id":"sha256:f723dedc7f27ef5581d4f020625e0378b210e6a684cd74ebd318d11775c1db1c","Created":"2022-05-24T12:17:18Z","ContainerConfig":{},"Config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh"]},"Architecture":"amd64","Size":36033074},"dockerImageMetadataVersion":"1.0","dockerImageLayers":[{"name":"sha256:a0d0a0d46f8b52473982a [truncated 1099 chars]
I0321 15:02:30.524510   13864 round_trippers.go:463] PUT https://api.sunilc-cgroup.qe.devcluster.openshift.com:6443/apis/image.openshift.io/v1/images/sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e
I0321 15:02:30.524544   13864 round_trippers.go:469] Request Headers:
I0321 15:02:30.524596   13864 round_trippers.go:473]     User-Agent: oc/4.13.0 (linux/amd64) kubernetes/eed1430
I0321 15:02:30.524645   13864 round_trippers.go:473]     Accept: application/json, */*
I0321 15:02:30.524713   13864 round_trippers.go:473]     Content-Type: application/json
I0321 15:02:30.524767   13864 round_trippers.go:473]     Authorization: Bearer <masked>
I0321 15:02:31.081962   13864 round_trippers.go:574] Response Status: 422 Unprocessable Entity in 557 milliseconds
I0321 15:02:31.082036   13864 round_trippers.go:577] Response Headers:
I0321 15:02:31.082086   13864 round_trippers.go:580]     Content-Length: 1132
I0321 15:02:31.082117   13864 round_trippers.go:580]     Audit-Id: 8537aeb0-e7ec-4368-9e42-153a21f9b175
I0321 15:02:31.082160   13864 round_trippers.go:580]     Audit-Id: 8537aeb0-e7ec-4368-9e42-153a21f9b175
I0321 15:02:31.082215   13864 round_trippers.go:580]     Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
I0321 15:02:31.082273   13864 round_trippers.go:580]     Date: Tue, 21 Mar 2023 06:49:37 GMT
I0321 15:02:31.082317   13864 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: 4c4a06ce-5368-4267-8598-64027563143b
I0321 15:02:31.082363   13864 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: 1c88aa5f-4f6d-4f8e-8c7e-9f7639b6d4a3
I0321 15:02:31.082411   13864 round_trippers.go:580]     Cache-Control: no-cache, private
I0321 15:02:31.082461   13864 round_trippers.go:580]     Cache-Control: no-store
I0321 15:02:31.082509   13864 round_trippers.go:580]     Content-Type: application/json
I0321 15:02:31.082703   13864 request.go:1171] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Image.image.openshift.io \"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e\" is invalid: [signatures[0].metadata.name: Required value: name or generateName is required, signatures[0].metadata.name: Invalid value: \"\": name must be of format \u003cimageName\u003e@\u003csignatureName\u003e, signatures[0].type: Required value, signatures[0].content: Required value]","reason":"Invalid","details":{"name":"sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e","group":"image.openshift.io","kind":"Image","causes":[{"reason":"FieldValueRequired","message":"Required value: name or generateName is required","field":"signatures[0].metadata.name"},{"reason":"FieldValueInvalid","message":"Invalid value: \"\": name must be of format \u003cimageName\u003e@\u003csignatureName\u003e","field":"signatures[0].metadata.name"},{"reason":"FieldValueRequired","message":"Required value","field":"signatures[0].type [truncated 108 chars]
The Image "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e" is invalid: 
* signatures[0].metadata.name: Required value: name or generateName is required
* signatures[0].metadata.name: Invalid value: "": name must be of format <imageName>@<signatureName>
* signatures[0].type: Required value
* signatures[0].content: Required value 
      Could get the image signature in the image object

$oc get images sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures}'  |jq -r
[
  {
    "content": "owGbwMvMwMEo0n6a+cY04XjG0wfWJzGkSAYnVSslF2WWZCYn5ihZVStlpqTmlWSWVILYKfnJ2alFukWpaalFqXnJqUpWSimpaYmlOSW6RfmlJam6+QWpecUZmWklupm5iempQJXpmcUlRZV6iQUFxXrFpXmZOcm6yelAxQV6hal6KallyTmlxSWpRXpwnXrJ+bn6FZml5Yl56folqcUlVjmJIEqpVkcJbCiSQ3IT8zLTgHK6KZnpICVWSsUZiUamZlYp5mYp5pamxklp5hbmqUYpqSlphmZplqnmRonJKeZJFiZGlmZpBikmJoaGpklAlGhobmScnJaSZJRsZJxmlAqyrKSyAOTBxJL83MxkheT8vJLEzLzUIoXizPS8xJLSIrCi/IKSzPw8SEglF6UCFRch9JjqGRroGSkBjcrMBTovMbdAycrQzNzS2MLQ2MSstraT0ZiFgZGDQVZMkeXzG5cVtaHNs+fIHBeGRQkrEyg6GLg4BWAi7MwcDLs0zkSlmutMMG9f43vDN2bZ/0PL15yW055csjtfz8ftuvVPLul3LHtYb79bmXp4ybQoj5SapX95m5jmm03OqzNxjfs1I3VV15mAz/02W18pFslOaF0uu6Pj39W29psZ3ImX6vne3uu4LJ4lbDsnSHeBN2tSzmehmYtZW6YWrNDcbP/E4XT/a2/1KbLb72pOefjhqrCrxgKP/1vWBprzpG//K35N1v3vFw/l09cXWvM637BldY8Se7ijtj7h9/2Ms+tELwi1yq9eXFPrN8tlivaMLKt3Mie83E8Kn2Q/zndP5EtI/w3ebItDzhrcKj3LHj2vsUv1WnzUd+sMpsqw+7qzWRUltx14PHlaRcWdBwA=",
    "metadata": {
      "creationTimestamp": "2023-03-21T06:36:15Z",
      "managedFields": [
        {
          "apiVersion": "image.openshift.io/v1",
          "fieldsType": "FieldsV1",
          "fieldsV1": {
            "f:content": {},
            "f:type": {}
          },
          "manager": "dockerregistry",
          "operation": "Update",
          "time": "2023-03-21T06:36:15Z"
        }
      ],
      "name": "sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c",
      "uid": "147309cd-76e1-4584-ba20-92ff4cbf94dc"
    },
    "type": "atomic"
  }
]
$ oc get image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures[0].metadata.name}'
sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e@ee9141d7665550c37b8cc569b7024b2c
$ oc get image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures[0].type}'
atomic
$oc get image sha256:d76d7953bf787e2dedf16f9e72acd7b84296f0d44115b15ba1723cfdb2c23f2e -o jsonpath='{.signatures[0].content}'
owGbwMvMwMEo0n6a+cY04XjG0wfWJzGkSAYnVSslF2WWZCYn5ihZVStlpqTmlWSWVILYKfnJ2alFukWpaalFqXnJqUpWSimpaYmlOSW6RfmlJam6+QWpecUZmWklupm5iempQJXpmcUlRZV6iQUFxXrFpXmZOcm6yelAxQV6hal6KallyTmlxSWpRXpwnXrJ+bn6FZml5Yl56folqcUlVjmJIEqpVkcJbCiSQ3IT8zLTgHK6KZnpICVWSsUZiUamZlYp5mYp5pamxklp5hbmqUYpqSlphmZplqnmRonJKeZJFiZGlmZpBikmJoaGpklAlGhobmScnJaSZJRsZJxmlAqyrKSyAOTBxJL83MxkheT8vJLEzLzUIoXizPS8xJLSIrCi/IKSzPw8SEglF6UCFRch9JjqGRroGSkBjcrMBTovMbdAycrQzNzS2MLQ2MSstraT0ZiFgZGDQVZMkeXzG5cVtaHNs+fIHBeGRQkrEyg6GLg4BWAi7MwcDLs0zkSlmutMMG9f43vDN2bZ/0PL15yW055csjtfz8ftuvVPLul3LHtYb79bmXp4ybQoj5SapX95m5jmm03OqzNxjfs1I3VV15mAz/02W18pFslOaF0uu6Pj39W29psZ3ImX6vne3uu4LJ4lbDsnSHeBN2tSzmehmYtZW6YWrNDcbP/E4XT/a2/1KbLb72pOefjhqrCrxgKP/1vWBprzpG//K35N1v3vFw/l09cXWvM637BldY8Se7ijtj7h9/2Ms+tELwi1yq9eXFPrN8tlivaMLKt3Mie83E8Kn2Q/zndP5EtI/w3ebItDzhrcKj3LHj2vsUv1WnzUd+sMpsqw+7qzWRUltx14PHlaRcWdBwA=

              aguclu@redhat.com Arda Guclu
              rh-ee-xiuwang XiuJuan Wang
              None
              None
              XiuJuan Wang XiuJuan Wang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: