[2017530229] Upstream Reporter: PLAT0NIC S0LID
Upstream issue status: Closed
Upstream description:

Skopeo is planned to be used to copy already signed images between two or more private registries. In my situation, the images are already signed in a private source registry. This signature is also shown as existing within the source registry. If this signed image is copied directly between the two registries - there is a graphical front end in the registry product for this - the image includes the signature appearing on the target registry. However, this solution cannot be used due to other disadvantages. Thats the reason trying skopeo for a potential solution. A skopeocopydocker : //192.168.x.y/images/test : 0.1dir : test_0.1copiestheimageincludingthesignatureintothetest_0.1directory − intosignature − 1.However, acopydirectlybetweentworegistriesdoesnotwork:skopeo copy docker://192.168.x.y/images/test:0.1 docker://192.168.y.z/images/test:0.1 Getting image source signatures Checking if image destination supports signatures Copying blob 96526aa774ef skipped: already exists Copying blob 5b088f1e648c skipped: already exists Copying config 33b8df73a9 done Writing manifest to image destination Storing signatures FATA[0000] writing signatures: reading manifest sha256-blablabla.sig in 192.168.y.z/images/test: unknown: artifact images/test:sha256-blablabla.sig not found

Also, there is no positiv result trying to copy the content from inside the local directory. The same message is the result.

My question is: might it be that Skopeo cannot be used to copy images between two or more registries that are already signed in the source registry? There are no plans to re-sign the image with the private key in between again. This signature should be adopted 1:1 into the target registry - just as the registry product itself can do, although there are other reasons against using this solution.

May I ask for assistance or is this some kind of issue or enhancement?