Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4588

Quay 3.8.0 push image hit 500 error when using podman 4 with sigstore



    • Bug
    • Resolution: Done
    • Critical
    • None
    • quay-v3.8.0
    • documentation
    • 0



      This is an issue of Quay 3.8.0, when using podman 4 to push image with sigstore(Cosign Private Key), hit 500 error code, checked quay app pod logs, get error "Failed validating 'enum' in schema['properties']['rootfs']['properties']['type']:", see the detailed logs quay380_app_pod1.logs 

      Quay Image: quay-operator-bundle-container-v3.8.0-96

      oc get pod
      NAME                                               READY   STATUS      RESTARTS        AGE
      quay-operator.v3.8.0-7ff6d58f56-xrtsw              1/1     Running     0               3h31m
      quayregistry-clair-app-57f78b4f5b-5xnbq            1/1     Running     0               3h27m
      quayregistry-clair-app-57f78b4f5b-nxqsz            1/1     Running     0               3h27m
      quayregistry-clair-app-57f78b4f5b-w78dc            1/1     Running     0               3h21m
      quayregistry-clair-postgres-56f4957db-gnk28        1/1     Running     1 (3h27m ago)   3h27m
      quayregistry-quay-app-88bd486f4-9wslr              1/1     Running     0               3h20m
      quayregistry-quay-app-88bd486f4-g8qdf              1/1     Running     0               3h20m
      quayregistry-quay-app-upgrade-74hdt                0/1     Completed   1               3h27m
      quayregistry-quay-config-editor-85c6f69f67-h8798   1/1     Running     0               3h27m
      quayregistry-quay-database-7b664fdddc-6bbb6        1/1     Running     0               3h27m
      quayregistry-quay-mirror-bd5b8957b-jjdb6           1/1     Running     1 (3h19m ago)   3h27m
      quayregistry-quay-mirror-bd5b8957b-s25kc           1/1     Running     1 (3h19m ago)   3h27m
      quayregistry-quay-redis-65cd9c96d8-66w95           1/1     Running     0               3h27m
      [root@ip-10-0-1-76 fedora]# podman -v
      podman version 4.2.1
      [root@ip-10-0-1-76 fedora]# podman push quayregistry-quay-quay-enterprise-13240.apps.quaytest-13240.qe.azure.devcluster.openshift.com/quay/demo --tls-verify=false --sign-by-sigstore-private-key=./cosign.key
      Key Passphrase: 
      Getting image source signatures
      Copying blob 288cf3a46e32 done  
      Copying blob 75ba02937496 done  
      Copying blob 0c7daf9a72c8 done  
      Copying blob 955c9335e041 done  
      Copying blob 8e079fee2186 done  
      Copying blob 186da837555d done  
      Copying blob d172a9e6f9e6 done  
      Copying blob cf399be408ea done  
      Copying blob 793b971ccb99 done  
      Copying config da84e66c3a done  
      Writing manifest to image destination
      Signing manifest using a sigstore signature
      Storing signatures
      Error: writing signatures: uploading manifest sha256-2353c13421e07e3d3dd1bb181cf0b7ad5e6dce3e1bb363c33f48d12e0a0ada49.sig to quayregistry-quay-quay-enterprise-13240.apps.quaytest-13240.qe.azure.devcluster.openshift.com/quay/demo: received unexpected HTTP status: 500 Internal Server Error 

      Quay App Pogs logs:

      gunicorn-registry stdout | 2022-10-11 03:58:52,461 [214] [ERROR] [gunicorn.error] Error handling request /v2/quay/demo/manifests/sha256-2353c13421e07e3d3dd1bb181cf0b7ad5e6dce3e1bb363c33f48d12e0a0ada49.sig
      gunicorn-registry stdout | Traceback (most recent call last):
      gunicorn-registry stdout |   File "/quay-registry/image/oci/config.py", line 209, in __init__
      gunicorn-registry stdout |     validate_schema(self._parsed, OCIConfig.METASCHEMA)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/jsonschema/validators.py", line 934, in validate
      gunicorn-registry stdout |     raise error
      gunicorn-registry stdout | jsonschema.exceptions.ValidationError: '' is not one of ['layers']
      gunicorn-registry stdout | Failed validating 'enum' in schema['properties']['rootfs']['properties']['type']:
      gunicorn-registry stdout |     {'description': 'MUST be set to layers.',
      gunicorn-registry stdout |      'enum': ['layers'],
      gunicorn-registry stdout |      'type': 'string'}
      gunicorn-registry stdout | On instance['rootfs']['type']:
      gunicorn-registry stdout |     ''
      gunicorn-registry stdout | During handling of the above exception, another exception occurred:
      gunicorn-registry stdout | Traceback (most recent call last):
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/gunicorn/workers/base_async.py", line 55, in handle
      gunicorn-registry stdout |     self.handle_request(listener_name, req, client, addr)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/gunicorn/workers/ggevent.py", line 127, in handle_request
      gunicorn-registry stdout |     super().handle_request(listener_name, req, sock, addr)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/gunicorn/workers/base_async.py", line 108, in handle_request
      gunicorn-registry stdout |     respiter = self.wsgi(environ, resp.start_response)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2463, in __call__
      gunicorn-registry stdout |     return self.wsgi_app(environ, start_response)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/werkzeug/middleware/proxy_fix.py", line 169, in __call__
      gunicorn-registry stdout |     return self.app(environ, start_response)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2449, in wsgi_app
      gunicorn-registry stdout |     response = self.handle_exception(e)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1866, in handle_exception
      gunicorn-registry stdout |     reraise(exc_type, exc_value, tb)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/_compat.py", line 39, in reraise
      gunicorn-registry stdout |     raise value
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 2446, in wsgi_app
      gunicorn-registry stdout |     response = self.full_dispatch_request()
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1951, in full_dispatch_request
      gunicorn-registry stdout |     rv = self.handle_user_exception(e)
      gunicorn-registry stdout |   File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1820, in handle_user_exceptiongunicorn-registry stdout |     'x-ms-copy-source': 'REDACTED' 



          Public project attachment banner

            context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
            current Project key: PROJQUAY


              rhn-support-stevsmit Steven Smith
              lzha1981 luffy zhang
              0 Vote for this issue
              4 Start watching this issue