I have been trying to push an image with DOCKER_CONTENT_TRUST=1 without much success, while this used to work until recently. Has anything changed recently? Such as the size of image to get signed, any behavior of the default notary server,…?
$ DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=xxxxxxxx DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=xxxxxxxx DOCKER_CONTENT_TRUST=1 docker push xxxxxx/xxxxxx:xxxxxxx
The push refers to repository [docker.io/xxxxxx/xxxxxx]
…
…
…
xxxxxx: digest: sha256:… size: 3693
Signing and pushing trust metadata
failed to sign docker.io/xxxxxx:xxxxxxx: trust server rejected operation.
or
unable to reach trust server at this time: 504.
Same issue here.
I started pushing images with content trust a few weeks ago, and during that time I noticed a few transient failures that were eventually fixed just by retrying. However, it has consistently stopped working over the weekend, with no changes in my side, and it affects several image repositories.
$ docker version
Client:
Version: 18.09.3
API version: 1.39
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb 28 06:40:58 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.3
API version: 1.39 (minimum version 1.12)
Go version: go1.10.8
Git commit: 774a1f4
Built: Thu Feb 28 05:59:55 2019
OS/Arch: linux/amd64
Experimental: false