Docker Community Forums

Share and learn in the Docker community.

Unable to have my image signed

#1

I have been trying to push an image with DOCKER_CONTENT_TRUST=1 without much success, while this used to work until recently. Has anything changed recently? Such as the size of image to get signed, any behavior of the default notary server,…?

$ DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=xxxxxxxx DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=xxxxxxxx DOCKER_CONTENT_TRUST=1 docker push xxxxxx/xxxxxx:xxxxxxx
The push refers to repository [docker.io/xxxxxx/xxxxxx]



xxxxxx: digest: sha256:… size: 3693
Signing and pushing trust metadata
failed to sign docker.io/xxxxxx:xxxxxxx: trust server rejected operation.

or

unable to reach trust server at this time: 504.

#2

Same issue here.

I started pushing images with content trust a few weeks ago, and during that time I noticed a few transient failures that were eventually fixed just by retrying. However, it has consistently stopped working over the weekend, with no changes in my side, and it affects several image repositories.

$ docker version
Client:
 Version:           18.09.3
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        774a1f4
 Built:             Thu Feb 28 06:40:58 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.3
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       774a1f4
  Built:            Thu Feb 28 05:59:55 2019
  OS/Arch:          linux/amd64
  Experimental:     false