经过一个月的 docker trust 通过 GitLab CI 为我工作正常后,我突然收到了这条消息。
我有一个 Gitlab Runner 挂载 ~/.docker/trust (所以它被持久化)并将它推送到我们的 QA 注册表。
tag_image_test:
stage: tag_image
script:
- docker login -u "gitlab-ci-token" -p "$CI_BUILD_TOKEN" $CI_REGISTRY
- docker pull "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}"
- export DOCKER_CONTENT_TRUST=1
- export DOCKER_CONTENT_TRUST_SERVER=$QA_REGISTRY_SIGNER
- export DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=$QA_REGISTRY_SIGNER_ROOT_PASSPHRASE
- export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=$QA_REGISTRY_SIGNER_REPO_PASSPHRASE
- docker login -u "$QA_REGISTRY_USERNAME" -p "$QA_REGISTRY_PASSWORD" $QA_REGISTRY_URL
- export PROJ_PATH=$(echo -en $CI_PROJECT_PATH | tr '[:upper:]' '[:lower:]')
- docker tag "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}" "${QA_REGISTRY_IMAGE}/${PROJ_PATH}:${CI_COMMIT_REF_SLUG}"
- docker push "${QA_REGISTRY_IMAGE}/${PROJ_PATH}:${CI_COMMIT_REF_SLUG}"
但是推送命令以:
time="2019-03-18T11:51:14Z" level=debug msg="failed to verify TUF data for: qa.registry.local/mygroup/myimage, valid …