We started to have issues with our builds because docker trust functionality stopped working correctly. We can’t run docker trust sign or even docker trust verify. We get the following error:
docker --log-level=debug trust inspect alpine:latest
DEBU[0000] reading certificate directory: /Users/paulharris/.docker/tls/notary.docker.io
DEBU[0000] No yubikey found, using alternative key storage: no library found
DEBU[0000] Making dir path: /Users/paulharris/.docker/trust/tuf/docker.io/library/alpine/changelist
DEBU[0002] received HTTP status 401 when requesting root.
DEBU[0002] you are not authorized to perform this operation: server returned 401.
[]
No signatures or cannot access alpine:latest
This looks fishy. We are authenticated but don’t seem to be able to perform a simple verification on an image.
It is failing on Mac using Docker Desktop 4.18.0 (docker engine 20.10.24).
I also tested it in a Ubuntu server running docker engine 23.0.4 and it failed as well.
I have the same issue too. Trying to pull any images with content trust enabled fails. This was working 3 days ago.
docker --log-level=debug pull --disable-content-trust=false alpine:latest
DEBU[0000] reading certificate directory: /home/dan/.docker/tls/notary.docker.io
DEBU[0000] No yubikey found, using alternative key storage: no library found
DEBU[0000] Making dir path: /home/dan/.docker/trust/tuf/docker.io/library/alpine/changelist
DEBU[0001] received HTTP status 401 when requesting root.
you are not authorized to perform this operation: server returned 401.
Disabling content trust (or omitting the --disable-content-trust flag) will allow images to be pulled.
Unfortunately for me, serverless-offline plugin will always enable content trust.