Red Hat Quay Image mirroring fails with error "signature does not exist"

Solution Verified - Updated

Environment

  • Red Hat Quay
    • 3.6.2

Issue

  • Mirroring of the images is failing with the error "signature does not exist"

Resolution

  • This issue can be tracked in This content is not included.PROJQUAY-3106 and is fixed in Quay version 3.6.4
  • The fix added is a new checkbox named "Accept Unsigned Images" under the mirror configuration tab which surpasses the issue
Accept Unsigned Images Check-Box
Accept Unsigned Images Check-Box

Root Cause

  • Old Images on registry.redhat.io were unsigned, due to which they were not getting mirrored.

Diagnostic Steps

  • Check the debug logs of the repo-mirror pods for the following error:
$ oc logs <mirror_worker_pod_name> -n <quay_namespace>

repomirrorworker stdout | 2022-01-25 11:11:21,139 [60] [DEBUG] [peewee] ('INSERT INTO "logentry3" ("kind_id", "account_id", "performer_id", "repository_id", "datetime", "ip", "metadata_json") VALUES (%s, %s, %s, %s, %s, %s, %s) RETURNING "logentry3"."id"', [71, 9, None, 8, datetime.datetime(2022, 1, 25, 11, 11, 21, 137044), None, '{"verb": "finish", "namespace": "ga2azid", "repo": "ubi8", "message": "Source \'docker://registry.redhat.io/ubi8:8.3-289-source\' failed to sync", "tag": "8.3-289-source", "tags": null, "stdout": "", "stderr": "time=\\"2022-01-25T11:11:18Z\\" " level=debug msg=\\"Error creating parent directories for blob-info-cache-v1.boltdb, using a memory-only cache: mkdir /.local: permission denied\\"\\ntime=\\"2022-01-25T11:11:20Z\\" level=debug msg=\\"IsRunningImageAllowed for image docker:registry.redhat.io/ubi8:8.3-289-source\\"\\ntime=\\"2022-01-25T11:11:20Z\\" level=debug msg=\\" Using transport \\\\\\"docker\\\\\\" specific policy section registry.redhat.io/"\\ntime=\\"2022-01-25T11:11:20Z\\" level=debug msg=\\"GET https://registry.redhat.io/containers/sigstore/ubi8@sha256=52c419cc6e0bd56add0545d1579012609f1bd77dd58ffd297a8914678737398a/signature-1\\"\\ntime=\\"2022-01-25T11:11:21Z\\" level=debug msg=\\"Requirement 0: denied, done\\"\\ntime=\\"2022-01-25T11:11:21Z\\**" level=fatal msg=\\"Source image rejected: A signature was required, but no signature exists\\"\\n"}'])**
SBR
Product(s)
Components
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.