Skip to content

podman from Kubic repos (Ubuntu) can not sign using sigstore: Error: initializing private key: decrypt: encrypted: unexpected kdf parameters #20771

Closed
@travier

Description

@travier

Issue Description

Using the latest podman from the Kubic project on Ubuntu (https://podman.io/docs/installation#ubuntu), I am unable to sign container images using sigstore keys.

I need to run Ubuntu as I'm working on sigstore signing support for the podman GitHub Actions. See:

Steps to reproduce the issue

Push and sign a container image on Ubuntu using podman from Kubic repos:

$ podman push --sign-by-sigstore-private-key key --sign-passphrase-file empty foo/bar:test quay.io/foo/bar:test --authfile foo.json

Describe the results you received

Error: initializing private key: decrypt: encrypted: unexpected kdf parameters

Describe the results you expected

The container image is pushed and signed.

podman info output

Client:       Podman Engine
Version:      4.6.2
API Version:  4.6.2
Go Version:   go1.18.1
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64

Podman in a container

No

Privileged Or Rootless

Rootless

Upstream Latest Release

No

Additional environment details

This works with podman on Fedora 39 so this looks like an issue specific to the podman build in the Kubic repos or the Ubuntu 22.04 environment available in GitHub Actions.

Additional information

Full reproducer in https://github.com/travier/cosign-test

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugCategorizes issue or PR as related to a bug.locked - please file new issue/PRAssist humans wanting to comment on an old issue or PR with locked comments.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions