Closed
Description
Issue Description
Using the latest podman from the Kubic project on Ubuntu (https://podman.io/docs/installation#ubuntu), I am unable to sign container images using sigstore keys.
I need to run Ubuntu as I'm working on sigstore signing support for the podman GitHub Actions. See:
- Issue: [FEATURE] Add support for signing and pushing signatures with sigstore redhat-actions/push-to-registry#89
- In progress pull-request: Add support for signing with Sigstore redhat-actions/push-to-registry#90
- Example repo: https://github.com/travier/cosign-test
Steps to reproduce the issue
Push and sign a container image on Ubuntu using podman from Kubic repos:
$ podman push --sign-by-sigstore-private-key key --sign-passphrase-file empty foo/bar:test quay.io/foo/bar:test --authfile foo.json
Describe the results you received
Error: initializing private key: decrypt: encrypted: unexpected kdf parameters
Describe the results you expected
The container image is pushed and signed.
podman info output
Client: Podman Engine
Version: 4.6.2
API Version: 4.6.2
Go Version: go1.18.1
Built: Thu Jan 1 00:00:00 1970
OS/Arch: linux/amd64
Podman in a container
No
Privileged Or Rootless
Rootless
Upstream Latest Release
No
Additional environment details
This works with podman on Fedora 39 so this looks like an issue specific to the podman build in the Kubic repos or the Ubuntu 22.04 environment available in GitHub Actions.
Additional information
Full reproducer in https://github.com/travier/cosign-test