node:14-alpine has no signature for trusting content

[rafaelbattesti]

Environment

• Platform: amd64
• Docker Version: 20.10.7
• Nodejs version: 14.17.6
• Image tag: 14-alpine

Expected Behavior

Such so when I use docker trust inspect alpine:3.11, which is the base image for node:14-alpine I get this result

Signatures for alpine:3.11

SIGNED TAG   DIGEST                                                             SIGNERS
3.11         9a839e63dad54c3a6d1834e29692c8492d93f90c59c978c1ed79109ea4fb9a54   (Repo Admin)

Administrative keys for alpine:3.11

  Repository Key:	5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
  Root Key:	a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce

When I use docker trust inspect node:14-alpine, I expect to see a similar result, with a key signature for the 14-alpine tag.

Current Behavior

WARN[0004] targets metadata is nearing expiry, you should re-sign the role metadata 
WARN[0004] snapshot is nearing expiry, you should re-sign the role metadata 
WARN[0004] targets metadata is nearing expiry, you should re-sign the role metadata 
WARN[0004] snapshot is nearing expiry, you should re-sign the role metadata 
WARN[0004] targets metadata is nearing expiry, you should re-sign the role metadata 
WARN[0004] snapshot is nearing expiry, you should re-sign the role metadata 

No signatures for node:14-alpine


Administrative keys for node:14-alpine

  Repository Key:	d3a0845e6d36c6c058ae6d2bc718b32ead4b51f2a6fa81b341ba2df72f1823c9
  Root Key:	be46625d7c6a0afe24bbbce6a92114d691e32ae921cf14f3feb2f970e7a77337

Possible Solution

I don't have a possible solution, but any help validating the contents of the official node:14-alpine image upon pull is very much welcome and appreciated.

Steps to Reproduce

Run docker trust inspect node:14-alpine and verify the lack of signature for the tag.

[nschonni]

Duplicate of pinned issue #1065