B
BlueBuild2w ago
matt_savvy

Error: creating build container ... no signature exists

Getting this error trying to build my recipie
Error: creating build container: unable to copy from source docker://ghcr.io/ublue-os/silverblue-main@sha256:6faa4fbddb138b907bbd2623de45f27a554249b09eb765a2c0eac42927c626bd: Source image rejected: A signature was required, but no signature exists
Error: creating build container: unable to copy from source docker://ghcr.io/ublue-os/silverblue-main@sha256:6faa4fbddb138b907bbd2623de45f27a554249b09eb765a2c0eac42927c626bd: Source image rejected: A signature was required, but no signature exists
I see the image in question here: https://github.com/ublue-os/main/pkgs/container/silverblue-main/541324457?tag=sha256-6faa4fbddb138b907bbd2623de45f27a554249b09eb765a2c0eac42927c626bd Does this look like an upstream issue or something on my end? 
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/ublue-os/silverblue-main
image-version: 42 # latest is also supported if you want new updates ASAP
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/ublue-os/silverblue-main
image-version: 42 # latest is also supported if you want new updates ASAP
GitHub
Build software better, together
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
From An unknown user
From An unknown user
From An unknown user
Solution:
Hmm, all that is still set to the defaults. That didn't seem to be the culprit though, my problem is more that podman couldn't determine if the image was signed. Not sure if this means that podman couldn't find the public keys listed in the policy or what, but after a podman system reset, this does seem to be working
Jump to solution
3 Replies
matt_savvy
matt_savvyOP2w ago
Is it likely that this image just actually isn't signed? Not sure how to check, the snippets I've found indicate that it's not but I find that hard to believe
Luke Skywunker
Luke Skywunker2w ago
You can take a look at /etc/containers/policy.json. This is what determines which repos require to be signed. If you want the default one form the image, you can look in /usr/etc/containers/policy.json. Everything in /etc is writeable and bootc/rpm-ostree will update any files in /etc that haven't been modified by you with what is in /usr/etc after every upgrade/switch
Solution
matt_savvy
matt_savvy2w ago
Hmm, all that is still set to the defaults. That didn't seem to be the culprit though, my problem is more that podman couldn't determine if the image was signed. Not sure if this means that podman couldn't find the public keys listed in the policy or what, but after a podman system reset, this does seem to be working

Did you find this page helpful?