🤖 [RHTAS-build-bot] [main] Update Component images

[JasonPowr]

This PR contains the following changes

Image	Old SHA	New SHA
registry.redhat.io/rhtas/rekor-search-ui-rhel9	05e1a6f	28f089f
registry.redhat.io/rhtas/fulcio-rhel9	85f602f	4c2d2c7
registry.redhat.io/rhtas/certificate-transparency-rhel9	651a5a4	ad9e4ff
registry.redhat.io/rhtas/createtree-rhel9	bcfc0d0	caebefd
registry.redhat.io/rhtas/rekor-monitor-rhel9	b7f9f8b	5457a1c
registry.redhat.io/rhtas/client-server-rhel9	c81aaa8	713ec6d
registry.redhat.io/rhtas/timestamp-authority-rhel9	be62342	7b3eb91
registry.redhat.io/rhtas/rekor-server-rhel9	af2a790	c5682d8
registry.redhat.io/rhtas/trillian-logserver-rhel9	9ecb8cb	a61a94e
registry.redhat.io/rhtas/trillian-database-rhel9	1295d96	50a3d30
registry.redhat.io/rhtas/rekor-backfill-redis-rhel9	1e98cb1	fbf91d2
registry.redhat.io/rhtas/trillian-logsigner-rhel9	358d52e	53a55f5
registry.redhat.io/rhtas/tuffer-rhel9	0c30481	775909d
registry.redhat.io/rhtas/trillian-redis-rhel9	e191b4c	f1cd3b7

---

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates pinned SHAs for multiple RHTAS component container images in config/default/images.env to newer builds.

File-Level Changes

Change	Details	Files
Bump pinned SHAs for all RHTAS component container images to newer versions.	Update rekor-search-ui-rhel9 image SHA Update fulcio-rhel9, certificate-transparency-rhel9, createtree-rhel9, and rekor-monitor-rhel9 image SHAs Update client-server-rhel9, timestamp-authority-rhel9, and rekor-server-rhel9 image SHAs Update trillian-logserver-rhel9, trillian-database-rhel9, rekor-backfill-redis-rhel9, trillian-logsigner-rhel9, tuffer-rhel9, and trillian-redis-rhel9 image SHAs	config/default/images.env

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Out of scope: The PR only updates image digests in an environment file and introduces no executable logic where audit logging could be added or evaluated. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:39287545824681b1d979e5e9d57535f103577bff8038c77eccc661bed21e0faf RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bca903c564f56a2c385f459ddec906a9293f9496db0750ba2787dda387325e07 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50a3d30f382ce38fb8d3d74bfb85e1dd141645bc6915b2bcae85b59f5183cc99 RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:47eec19e875c3db11a31ccf4c199ef52cf0d2df3b7c424868f55f9e0d0dd43df RELATED_IMAGE_CREATETREE=registry.redhat.io/rhtas/createtree-rhel9@sha256:caebefdc6670bdf70cf1a1a6a52f163c0dafbc47d5788aace6e3b7f6f52c00bf RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:4c2d2c718f03ad66e20292ae65d1172bcdd958ba218078015a53792a004208fc RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f1cd3b78495883aeba610437888525bba124028716d659512fa9b47f4fe206bd RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:c5682d81d9060411a146cc2d33c2e1dc8c3b188ff3261cd332973f9e6ddda549 RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:28f089f0d228b72031ae0fcf5183d83c39e2dc595428a9979606061de4ea083c RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:fbf91d2746ddfe1489a562bee7d7d5d02ba7487858baac0d3c5c5437c98ce714 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:3a83f55e9510ce20137659794fb5ed9573c609b2359e2a9481263cbc441a39d6 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:ad9e4ff138fef9d8fb3b6ae135309b7d0dc9aa82828661f2218f1acdf47e5beb RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:8536169e5537fe6c330eba814248abdcf39cdd8f7e7336034d74e6fda9544050 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:7b3eb9108c50321278ccad2032b3fb365911df83084cca953dd068cdd51f7874 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:713ec6d4ac386613674a85c7e387a0e60be56e9a327470ee3ca5715764519a9d RELATED_IMAGE_REKOR_MONITOR=registry.redhat.io/rhtas/rekor-monitor-rhel9@sha256:5457a1c41ab88b0684324aff2a0081aff0b3c5a5a7d145bcab6183f30697db39 Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: No error paths: Only environment variable assignments were changed, adding no code paths where errors or edge cases could be handled. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:39287545824681b1d979e5e9d57535f103577bff8038c77eccc661bed21e0faf RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bca903c564f56a2c385f459ddec906a9293f9496db0750ba2787dda387325e07 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50a3d30f382ce38fb8d3d74bfb85e1dd141645bc6915b2bcae85b59f5183cc99 RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:47eec19e875c3db11a31ccf4c199ef52cf0d2df3b7c424868f55f9e0d0dd43df RELATED_IMAGE_CREATETREE=registry.redhat.io/rhtas/createtree-rhel9@sha256:caebefdc6670bdf70cf1a1a6a52f163c0dafbc47d5788aace6e3b7f6f52c00bf RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:4c2d2c718f03ad66e20292ae65d1172bcdd958ba218078015a53792a004208fc RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f1cd3b78495883aeba610437888525bba124028716d659512fa9b47f4fe206bd RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:c5682d81d9060411a146cc2d33c2e1dc8c3b188ff3261cd332973f9e6ddda549 RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:28f089f0d228b72031ae0fcf5183d83c39e2dc595428a9979606061de4ea083c RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:fbf91d2746ddfe1489a562bee7d7d5d02ba7487858baac0d3c5c5437c98ce714 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:3a83f55e9510ce20137659794fb5ed9573c609b2359e2a9481263cbc441a39d6 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:ad9e4ff138fef9d8fb3b6ae135309b7d0dc9aa82828661f2218f1acdf47e5beb RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:8536169e5537fe6c330eba814248abdcf39cdd8f7e7336034d74e6fda9544050 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:7b3eb9108c50321278ccad2032b3fb365911df83084cca953dd068cdd51f7874 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:713ec6d4ac386613674a85c7e387a0e60be56e9a327470ee3ca5715764519a9d RELATED_IMAGE_REKOR_MONITOR=registry.redhat.io/rhtas/rekor-monitor-rhel9@sha256:5457a1c41ab88b0684324aff2a0081aff0b3c5a5a7d145bcab6183f30697db39 Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: No user errors: The diff contains only image digest updates in configuration and does not affect user-facing error handling. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:39287545824681b1d979e5e9d57535f103577bff8038c77eccc661bed21e0faf RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bca903c564f56a2c385f459ddec906a9293f9496db0750ba2787dda387325e07 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50a3d30f382ce38fb8d3d74bfb85e1dd141645bc6915b2bcae85b59f5183cc99 RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:47eec19e875c3db11a31ccf4c199ef52cf0d2df3b7c424868f55f9e0d0dd43df RELATED_IMAGE_CREATETREE=registry.redhat.io/rhtas/createtree-rhel9@sha256:caebefdc6670bdf70cf1a1a6a52f163c0dafbc47d5788aace6e3b7f6f52c00bf RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:4c2d2c718f03ad66e20292ae65d1172bcdd958ba218078015a53792a004208fc RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f1cd3b78495883aeba610437888525bba124028716d659512fa9b47f4fe206bd RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:c5682d81d9060411a146cc2d33c2e1dc8c3b188ff3261cd332973f9e6ddda549 RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:28f089f0d228b72031ae0fcf5183d83c39e2dc595428a9979606061de4ea083c RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:fbf91d2746ddfe1489a562bee7d7d5d02ba7487858baac0d3c5c5437c98ce714 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:3a83f55e9510ce20137659794fb5ed9573c609b2359e2a9481263cbc441a39d6 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:ad9e4ff138fef9d8fb3b6ae135309b7d0dc9aa82828661f2218f1acdf47e5beb RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:8536169e5537fe6c330eba814248abdcf39cdd8f7e7336034d74e6fda9544050 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:7b3eb9108c50321278ccad2032b3fb365911df83084cca953dd068cdd51f7874 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:713ec6d4ac386613674a85c7e387a0e60be56e9a327470ee3ca5715764519a9d RELATED_IMAGE_REKOR_MONITOR=registry.redhat.io/rhtas/rekor-monitor-rhel9@sha256:5457a1c41ab88b0684324aff2a0081aff0b3c5a5a7d145bcab6183f30697db39 Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Config only: The change updates container image references and does not introduce input handling or data processing that could be validated here. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:39287545824681b1d979e5e9d57535f103577bff8038c77eccc661bed21e0faf RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bca903c564f56a2c385f459ddec906a9293f9496db0750ba2787dda387325e07 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:50a3d30f382ce38fb8d3d74bfb85e1dd141645bc6915b2bcae85b59f5183cc99 RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:47eec19e875c3db11a31ccf4c199ef52cf0d2df3b7c424868f55f9e0d0dd43df RELATED_IMAGE_CREATETREE=registry.redhat.io/rhtas/createtree-rhel9@sha256:caebefdc6670bdf70cf1a1a6a52f163c0dafbc47d5788aace6e3b7f6f52c00bf RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:4c2d2c718f03ad66e20292ae65d1172bcdd958ba218078015a53792a004208fc RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f1cd3b78495883aeba610437888525bba124028716d659512fa9b47f4fe206bd RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:c5682d81d9060411a146cc2d33c2e1dc8c3b188ff3261cd332973f9e6ddda549 RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:28f089f0d228b72031ae0fcf5183d83c39e2dc595428a9979606061de4ea083c RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:fbf91d2746ddfe1489a562bee7d7d5d02ba7487858baac0d3c5c5437c98ce714 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:3a83f55e9510ce20137659794fb5ed9573c609b2359e2a9481263cbc441a39d6 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:ad9e4ff138fef9d8fb3b6ae135309b7d0dc9aa82828661f2218f1acdf47e5beb RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:8536169e5537fe6c330eba814248abdcf39cdd8f7e7336034d74e6fda9544050 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:7b3eb9108c50321278ccad2032b3fb365911df83084cca953dd068cdd51f7874 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:713ec6d4ac386613674a85c7e387a0e60be56e9a327470ee3ca5715764519a9d RELATED_IMAGE_REKOR_MONITOR=registry.redhat.io/rhtas/rekor-monitor-rhel9@sha256:5457a1c41ab88b0684324aff2a0081aff0b3c5a5a7d145bcab6183f30697db39 Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[qodo-code-review]

PR Code Suggestions ✨

No code suggestions found for the PR.

[qodo-code-review]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Execute securesign/sigstore-e2e

Failed stage: Run tests [❌]

Failed test name: TestManualTUFRepoTest

Failure summary: The action failed due to a failing end-to-end test in the TUF manual repo suite: - Test file: e2e/test/tuftool/tuftool_manual_tuf_repo_test.go - Failure location: line 286 (assertion), triggered at spec definition around line 68 - Error: Expected at least one file with suffix .signing_config.v0.2.json in the workdir, but found 0 - Suite output: - "[It] should verify workdir structure" FAILED - Ran 2 specs: 1 Passed, 1 Failed

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 460: configmap/ingress-nginx-controller created 461: service/ingress-nginx-controller created 462: service/ingress-nginx-controller-admission created 463: deployment.apps/ingress-nginx-controller created 464: job.batch/ingress-nginx-admission-create created 465: job.batch/ingress-nginx-admission-patch created 466: ingressclass.networking.k8s.io/nginx created 467: validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created 468: pod/ingress-nginx-controller-bcdf75cfc-mc9qh condition met 469: ##[group]Run # Download the bundle.yaml 470: �[36;1m# Download the bundle.yaml�[0m 471: �[36;1mcurl -sL https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.84.0/bundle.yaml -o bundle.yaml �[0m 472: �[36;1m�[0m 473: �[36;1m# Check if the download was successful and the file is not empty�[0m 474: �[36;1mif [ ! -s "bundle.yaml" ]; then�[0m 475: �[36;1m echo "Error: Downloaded bundle.yaml is empty or failed to download."�[0m 476: �[36;1m exit 1�[0m ... 752: IMG: ghcr.io/securesign/secure-sign-operator:dev-31d09d83f9b1ac3d1729b71d6b232310c21da83a 753: BUNDLE_IMG: ghcr.io/securesign/secure-sign-operator-bundle:dev-31d09d83f9b1ac3d1729b71d6b232310c21da83a 754: CATALOG_IMG: ghcr.io/securesign/secure-sign-operator-fbc:dev-31d09d83f9b1ac3d1729b71d6b232310c21da83a 755: NEW_OLM_CHANNEL: rhtas-operator.v1.4.0 756: OCP_VERSION: v4.19 757: TEST_NAMESPACE: test 758: REGISTRY_AUTH_FILE: /tmp/config.json 759: ##[endgroup] 760: /home/runner/work/secure-sign-operator/secure-sign-operator/bin/controller-gen-v0.17.0 rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases 761: Downloading sigs.k8s.io/kustomize/kustomize/[email protected] 762: go: downloading sigs.k8s.io/kustomize/kustomize/v5 v5.6.0 763: go: downloading github.com/spf13/cobra v1.8.0 764: go: downloading sigs.k8s.io/kustomize/api v0.19.0 765: go: downloading sigs.k8s.io/kustomize/cmd/config v0.19.0 766: go: downloading sigs.k8s.io/kustomize/kyaml v0.19.0 767: go: downloading github.com/go-errors/errors v1.4.2 768: go: downloading github.com/davecgh/go-spew v1.1.1 ... 936: {"status":"Extracting","progressDetail":{"current":3859315,"total":3859315},"progress":"[==================================================\u003e] 3.859MB/3.859MB","id":"014e56e61396"} 937: {"status":"Pull complete","progressDetail":{},"id":"014e56e61396"} 938: {"status":"Digest: sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375"} 939: {"status":"Status: Downloaded newer image for mirror.gcr.io/alpine:latest"} 940: {"status":"The push refers to repository [ttl.sh/71c025f5-0599-47a4-b6a0-c36eaf2eeae5]"} 941: {"status":"Preparing","progressDetail":{},"id":"5aa68bbbc67e"} 942: {"status":"Pushing","progressDetail":{"current":101376,"total":8437138},"progress":"[\u003e ] 101.4kB/8.437MB","id":"5aa68bbbc67e"} 943: {"status":"Pushing","progressDetail":{"current":1464832,"total":8437138},"progress":"[========\u003e ] 1.465MB/8.437MB","id":"5aa68bbbc67e"} 944: {"status":"Pushing","progressDetail":{"current":3114496,"total":8437138},"progress":"[==================\u003e ] 3.114MB/8.437MB","id":"5aa68bbbc67e"} 945: {"status":"Pushing","progressDetail":{"current":5572096,"total":8437138},"progress":"[=================================\u003e ] 5.572MB/8.437MB","id":"5aa68bbbc67e"} 946: {"status":"Pushing","progressDetail":{"current":8125440,"total":8437138},"progress":"[================================================\u003e ] 8.125MB/8.437MB","id":"5aa68bbbc67e"} 947: {"status":"Pushing","progressDetail":{"current":8724480,"total":8437138},"progress":"[==================================================\u003e] 8.724MB","id":"5aa68bbbc67e"} 948: {"status":"Pushed","progressDetail":{},"id":"5aa68bbbc67e"} 949: {"status":"5m: digest: sha256:2d115a2f18dc49b3deb8da9b0da5b2a903d4825ee20c3e590870dcf3be739967 size: 527"} 950: {"progressDetail":{},"aux":{"Tag":"5m","Digest":"sha256:2d115a2f18dc49b3deb8da9b0da5b2a903d4825ee20c3e590870dcf3be739967","Size":527}} 951: t=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. 952: t=l=info app=cosign m=Root status: 953: t=l=info app=cosign m= { 954: t=l=info app=cosign m= "local": "/home/runner/.sigstore/root", 955: t=l=info app=cosign m= "remote": "http://tuf.local", 956: t=l=info app=cosign m= "metadata": { 957: t=l=info app=cosign m= "root.json": { 958: t=l=info app=cosign m= "version": 1, 959: t=l=info app=cosign m= "len": 4128, 960: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 961: t=l=info app=cosign m= "error": "" 962: t=l=info app=cosign m= }, 963: t=l=info app=cosign m= "snapshot.json": { 964: t=l=info app=cosign m= "version": 1, 965: t=l=info app=cosign m= "len": 994, 966: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 967: t=l=info app=cosign m= "error": "" 968: t=l=info app=cosign m= }, 969: t=l=info app=cosign m= "targets.json": { 970: t=l=info app=cosign m= "version": 1, 971: t=l=info app=cosign m= "len": 2526, 972: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 973: t=l=info app=cosign m= "error": "" 974: t=l=info app=cosign m= }, 975: t=l=info app=cosign m= "timestamp.json": { 976: t=l=info app=cosign m= "version": 1, 977: t=l=info app=cosign m= "len": 995, 978: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 979: t=l=info app=cosign m= "error": "" 980: t=l=info app=cosign m= } 981: t=l=info app=cosign m= }, 982: t=l=info app=cosign m= "targets": [ 983: t=l=info app=cosign m= "signing_config.v0.2.json", 984: t=l=info app=cosign m= "tsa.certchain.pem", 985: t=l=info app=cosign m= "ctfe.pub", 986: t=l=info app=cosign m= "rekor.pub", 987: t=l=info app=cosign m= "fulcio_v1.crt.pem", 988: t=l=info app=cosign m= "trusted_root.json" 989: t=l=info app=cosign m= ] 990: t=l=info app=cosign m=} 991: �[38;5;10m•�[0mt=l=error app=cosign m=Generating ephemeral keys... 992: t=l=error app=cosign m=Retrieving signed certificate... 993: t=l=error app=cosign m=Successfully verified SCT... 994: t=l=error app=cosign m=WARNING: Image reference ttl.sh/71c025f5-0599-47a4-b6a0-c36eaf2eeae5:5m uses a tag, not a digest, to identify the image to sign. 995: t=l=error app=cosign m= This can lead you to sign a different image than the intended one. Please use a 996: t=l=error app=cosign m= digest (example.com/ubuntu@sha256:abc123...) rather than tag 997: t=l=error app=cosign m= (example.com/ubuntu:latest) for the input to cosign. The ability to refer to 998: t=l=error app=cosign m= images by tag will be removed in a future release. 999: t=l=error app=cosign 1000: t=l=error app=cosign 1001: t=l=error app=cosign m= The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. 1002: t=l=error app=cosign m= Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. 1003: t=l=error app=cosign m= This may include the email address associated with the account with which you authenticate your contractual Agreement. 1004: t=l=error app=cosign m= This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. 1005: t=l=error app=cosign 1006: t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. 1007: t=l=error app=cosign m=Timestamp fetched with time: 2025-12-10 10:51:03 +0000 UTC 1008: t=l=error app=cosign m=tlog entry created with index: 2 1009: t=l=error app=cosign m=Pushing signature to: ttl.sh/71c025f5-0599-47a4-b6a0-c36eaf2eeae5 1010: �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign 1011: t=l=error app=cosign m=Verification for ttl.sh/71c025f5-0599-47a4-b6a0-c36eaf2eeae5:5m -- 1012: t=l=error app=cosign m=The following checks were performed on each of these signatures: 1013: t=l=error app=cosign m= - The cosign claims were validated 1014: t=l=info app=cosign 1015: t=l=error app=cosign m= - Existence of the claims in the transparency log was verified offline 1016: t=l=info app=cosign m=[{"critical":{"identity":{"docker-reference":"ttl.sh/71c025f5-0599-47a4-b6a0-c36eaf2eeae5"},"image":{"docker-manifest-digest":"sha256:2d115a2f18dc49b3deb8da9b0da5b2a903d4825ee20c3e590870dcf3be739967"},"type":"cosign container image signature"},"optional":{"1.3.6.1.4.1.57264.1.1":"http://keycloak-internal.keycloak-system.svc/auth/realms/trusted-artifact-signer","Bundle":{"SignedEntryTimestamp":"MEUCIGxxKAaisPNQR9H9IdKYxER+9GhtrxzmD7z2WDmDoyHoAiEA6z5N3iBqSABolFF65jJYkCrm0lTBu2fmHRahz80iHY4=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyM2JlZjExMjVlMWRmMDUxNWE1NTI0MzA1MmNkMWRkZWYwMDA1ZTQyYTU1MTZlODc3ZWEzYmEwZDgzNTQzZGZmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJQUxxWlNCMk9sREo0RjY3bndDalg1SXR4eno2WThscVFRbUxMRjQ4M0toM0FpQTRMcldCU3NkeVFGcHFvYWFaeStXVXFEazlZVGdnK09CWWR3SFNBTllCQVE9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUktWRU5EUVhFeVowRjNTVUpCWjBsVldXSmhSRmxRTWs5MlUwTlVZbU5pUzJwaFNHZG1aMHRwZEZkWmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RFUkZVVTFCTkVkQk1WVkZRMmhOU0ZWdFZtdEpSV2hvWkVSRldVMUNXVWRCTVZWRlFYaE5VRnB1Vm5OWk1teDJURzFvZG1NelVuVlpWekZzVFVJMFdBcEVWRWt4VFZSSmVFMUVSWGRPVkVWM1RURnZXRVJVU1RGTlZFbDRUVVJGZUUxRVJYZE5NVzkzUVVSQ1drMUNUVWRDZVhGSFUwMDBPVUZuUlVkRFEzRkhDbE5OTkRsQmQwVklRVEJKUVVKT1JYVnZTVEJ5Wkc1T05WcExaMVJoTkVWVFFVMXhRV3RGVmtWbEwzZGpSMmg1V1Zwd1QwbGxjRVpXS3pWTGJFTmhOa1VLWTFwaGQzRm5TVUZITkd4YWJVVnFjSFJhUm1WTUwzWXZkbU5QSzNrM2NqZFpUa3RxWjJkSVdFMUpTVUl3ZWtGUFFtZE9Wa2hST0VKQlpqaEZRa0ZOUXdwQ05FRjNSWGRaUkZaU01HeENRWGQzUTJkWlNVdDNXVUpDVVZWSVFYZE5kMGhSV1VSV1VqQlBRa0paUlVaUVRUQXdLelprTVVsbFUyUjRaVkp0YTFKSkNteDFUVGd4YjBRM1RVSTRSMEV4VldSSmQxRlpUVUpoUVVaUE1HRk5hVTV3V0c5NmMzWjFkbEpTVFVOcGJsVTFZbE51VGxoTlFqQkhRVEZWWkVWUlJVSUtMM2RSVkUxQ1IwSkVNbkJyWWpKV1FXTnRWbXRoUjBZd1RHMU9kbUpVUW1WQ1oyOXlRbWRGUlVGWlR5OU5RVVZDUWtaQ2IyUklVbmRQYVRoMllUSldOUXBaTW5oMldWZHpkR0ZYTlRCYVdFcDFXVmQzZFdFeVZqVlpNbmgyV1ZkemRHTXpiSHBrUjFaMFRHNU9NbGw1T1doa1dGSnZURE5LYkZsWGVIUmplVGt3Q21OdVZucGtSMVpyVEZkR2VXUkhiRzFaVjA0d1RGaE9jRm95Tld4amFrSm5RbWR2Y2tKblJVVkJXVTh2VFVGRlNVSkdTVTFWUjJnd1pFaEJOa3g1T1hJS1dsaHNhbUpIT1doaGVURndZbTVTYkdOdE5XaGlRelZ5V2xoc2FtSkhPV2hoZVRGNlpWaE9NRnBYTUhWak0xcHFUREpHTVdSSFozWmpiVlpvWWtjeGVncE1NMUo1WkZoT01GcFhVWFJaV0Vvd1lWZGFhRmt6VVhSak1teHVZbTFXZVUxSlIwdENaMjl5UW1kRlJVRmtXalZCWjFGRFFraDNSV1ZuUWpSQlNGbEJDbGwyTWxwWlp5OTRkelF2WkdGWGMwdGxWVzVNZUd4T1VVbEtXV2RKV0V0MU5TOTNSVEpQZDB0eFZVRkJRVUZIWWtJclRFOHlkMEZCUWtGTlFWSjZRa1lLUVdsQ05ISkRNVGxMTjBwSUt6QlpRbUp5U0c5NVZGVnBSSFJZVEV4S1IzaDBXVFpZU2pod05YQkxZVUpEZDBsb1FVbFRUR2xZYWtoMlowNUtjVm8zZWdwM1YzZEVhbXhCYVhSak9YaFlXbnBXZUZOeVJGSlhXa2gzYlRSR1RVRnZSME5EY1VkVFRUUTVRa0ZOUkVFeVdVRk5SMDFEVEhocU1tNU1jbnBXU0RkMENuaDRVMEZtVmxKdFZYVkJXa0ZLUVRGdU1FczBjVXA2YUhKUmNHYzBkMUZJUVRSMFpVMTFUamRrTVcxcE1WSlZjbVJoZFRoQmFrRk9RbGxXZFU1eFRsSUtOMmxJWlVabGEzUlNNM1E0WWpWdU5UaHpibWhKZFhKRFNrWllXRWxIVGtkTkwxQnFkbHBQVVVsNE5HYzJiRWxhYzA4NE5IVTNPRDBLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In19fX0=","integratedTime":1765363863,"logIndex":2,"logID":"9f1e671513ef77f224360cb798793c98648a44b77e80c09b0b7de497506d856a"}},"Issuer":"http://keycloak-internal.keycloak-system.svc/auth/realms/trusted-artifact-signer","RFC3161Timestamp":{"SignedRFC3161Timestamp":"MIIEvDADAgEAMIIEswYJKoZIhvcNAQcCoIIEpDCCBKACAQMxDTALBglghkgBZQMEAgEwgc0GCyqGSIb3DQEJEAEEoIG9BIG6MIG3AgEBBgkrBgEEAYO/MAIwMTANBglghkgBZQMEAgEFAAQgncBTvYO+ru9s9EjuK27IZ7Djc6I2l9rswqZvIYLDKkcCFBsnYj++yc/x4Ai5avfb0IA1vcwFGA8yMDI1MTIxMDEwNTEwM1owAwIBAQIUb0JYuQ7E1DtAuRvASh4eKPLoySqgMqQwMC4xEDAOBgNVBAoTB1JlZCBIYXQxGjAYBgNVBAMTEXRzYS5ob3N0bmFtZS1sZWFmoIIB8jCCAe4wggF1oAMCAQICFCmaTtdVGke7KX/7hdgtPn/ywzIVMAoGCCqGSM49BAMDMC4xEDAOBgNVBAoTB1JlZCBIYXQxGjAYBgNVBAMTEXRzYS5ob3N0bmFtZS1yb290MB4XDTI1MTIxMDEwNDcyMloXDTM1MTIwODEwNDcyMlowLjEQMA4GA1UEChMHUmVkIEhhdDEaMBgGA1UEAxMRdHNhLmhvc3RuYW1lLWxlYWYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARah/v9zT2y5kjMXCVdEMBTWhIkaGHInNqxl9Y/d2Xs2OnbRA58T8rxsZW8R4SSwszN/TtFUxl7UrF5HtbokQ5Q0vSKTytYc+hLrdvZdHoscegP3q6av9ls/sf4WRU+oVqjVDBSMA4GA1UdDwEB/wQEAwIBBjAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGBD2pkb2VAcmVkaGF0LmNvbTAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAKBggqhkjOPQQDAwNnADBkAjBunFAzLSECfjsuMsGDo5VuqrHuSRe81vqSfiw3ITHAzkY4IQabiwU2xdtO5h8n9w4CMFkR6JeEJ4zHRyJjXHsmg/0jhuiMrGeiTCTl9ubKnm7I8yqh0WWW9Qa0H1YM3ao6VDGCAcQwggHAAgEBMEYwLjEQMA4GA1UEChMHUmVkIEhhdDEaMBgGA1UEAxMRdHNhLmhvc3RuYW1lLXJvb3QCFCmaTtdVGke7KX/7hdgtPn/ywzIVMAsGCWCGSAFlAwQCAaCB8TAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI1MTIxMDEwNTEwM1owLwYJKoZIhvcNAQkEMSIEIFtDMJ4Posv793qe6FVVgxo8Mu6BTOQ3FFe9geY5HNpZMIGDBgsqhkiG9w0BCRACLzF0MHIwcDBuBCDeahGn7jiRFam/gM2+DIQyFfWLTzndWupVjY9i3BZ7aDBKMDKkMDAuMRAwDgYDVQQKEwdSZWQgSGF0MRowGAYDVQQDExF0c2EuaG9zdG5hbWUtcm9vdAIUKZpO11UaR7spf/uF2C0+f/LDMhUwCgYIKoZIzj0EAwIEZjBkAjBK9CZ4Sy9CnNH0N63dTHy4Y8w6qW7o0CQJS040+8WBx476pSmz8FYTo0aINLITIZQCMB1qVpvBFwoyumrg/c4dLcdKRLrR/9HdzxeSsR0iLecu2SE7f7C2IQcBTMJ4yavwqA=="},"Subject":"[email protected]"}}] 1017: t=l=error app=cosign m= - The code-signing certificate was verified using trusted certificate authority certificates 1018: �[38;5;10m•�[0mt=l=info m=Starting cosign test ... 1069: t=l=info app=ec m=OPA v1.6.0 1070: t=l=info app=ec m=Conftest v0.62.0 1071: t=l=info app=ec m=Cosign v2.4.1 1072: t=l=info app=ec m=Sigstore v1.8.9 1073: t=l=info app=ec m=Rekor v1.3.6 1074: t=l=info app=ec m=Tekton Pipeline v0.66.0 1075: t=l=info app=ec m=Kubernetes Client v0.32.3 1076: {"status":"Pulling from alpine","id":"latest"} 1077: {"status":"Digest: sha256:51183f2cfa6320055da30872f211093f9ff1d3cf06f39a0bdb212314c5dc7375"} 1078: {"status":"Status: Image is up to date for mirror.gcr.io/alpine:latest"} 1079: {"status":"The push refers to repository [ttl.sh/60b7dc89-086d-4389-9d46-de4671e70135]"} 1080: {"status":"Preparing","progressDetail":{},"id":"5aa68bbbc67e"} 1081: {"status":"Mounted from 71c025f5-0599-47a4-b6a0-c36eaf2eeae5","progressDetail":{},"id":"5aa68bbbc67e"} 1082: {"status":"5m: digest: sha256:2d115a2f18dc49b3deb8da9b0da5b2a903d4825ee20c3e590870dcf3be739967 size: 527"} 1083: {"progressDetail":{},"aux":{"Tag":"5m","Digest":"sha256:2d115a2f18dc49b3deb8da9b0da5b2a903d4825ee20c3e590870dcf3be739967","Size":527}} 1084: t=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. 1085: t=l=info app=cosign m=Root status: 1086: t=l=info app=cosign m= { 1087: t=l=info app=cosign m= "local": "/home/runner/.sigstore/root", 1088: t=l=info app=cosign m= "remote": "http://tuf.local", 1089: t=l=info app=cosign m= "metadata": { 1090: t=l=info app=cosign m= "root.json": { 1091: t=l=info app=cosign m= "version": 1, 1092: t=l=info app=cosign m= "len": 4128, 1093: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1094: t=l=info app=cosign m= "error": "" 1095: t=l=info app=cosign m= }, 1096: t=l=info app=cosign m= "snapshot.json": { 1097: t=l=info app=cosign m= "version": 1, 1098: t=l=info app=cosign m= "len": 994, 1099: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1100: t=l=info app=cosign m= "error": "" 1101: t=l=info app=cosign m= }, 1102: t=l=info app=cosign m= "targets.json": { 1103: t=l=info app=cosign m= "version": 1, 1104: t=l=info app=cosign m= "len": 2526, 1105: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1106: t=l=info app=cosign m= "error": "" 1107: t=l=info app=cosign m= }, 1108: t=l=info app=cosign m= "timestamp.json": { 1109: t=l=info app=cosign m= "version": 1, 1110: t=l=info app=cosign m= "len": 995, 1111: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1112: t=l=info app=cosign m= "error": "" 1113: t=l=info app=cosign m= } 1114: t=l=info app=cosign m= }, 1115: t=l=info app=cosign m= "targets": [ 1116: t=l=info app=cosign m= "tsa.certchain.pem", 1117: t=l=info app=cosign m= "ctfe.pub", 1118: t=l=info app=cosign m= "rekor.pub", 1119: t=l=info app=cosign m= "fulcio_v1.crt.pem", 1120: t=l=info app=cosign m= "trusted_root.json", 1121: t=l=info app=cosign m= "signing_config.v0.2.json" 1122: t=l=info app=cosign m= ] 1123: t=l=info app=cosign m=} 1124: �[38;5;10m•�[0mt=l=error app=cosign m=Generating ephemeral keys... 1125: t=l=error app=cosign m=Retrieving signed certificate... 1126: t=l=error app=cosign m=Successfully verified SCT... 1127: t=l=error app=cosign m=WARNING: Image reference ttl.sh/60b7dc89-086d-4389-9d46-de4671e70135:5m uses a tag, not a digest, to identify the image to sign. 1128: t=l=error app=cosign m= This can lead you to sign a different image than the intended one. Please use a 1129: t=l=error app=cosign m= digest (example.com/ubuntu@sha256:abc123...) rather than tag 1130: t=l=error app=cosign m= (example.com/ubuntu:latest) for the input to cosign. The ability to refer to 1131: t=l=error app=cosign m= images by tag will be removed in a future release. 1132: t=l=error app=cosign 1133: t=l=error app=cosign 1134: t=l=error app=cosign m= The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. 1135: t=l=error app=cosign m= Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. 1136: t=l=error app=cosign m= This may include the email address associated with the account with which you authenticate your contractual Agreement. 1137: t=l=error app=cosign m= This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. 1138: t=l=error app=cosign 1139: t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. 1140: t=l=error app=cosign m=tlog entry created with index: 3 1141: t=l=error app=cosign m=Pushing signature to: ttl.sh/60b7dc89-086d-4389-9d46-de4671e70135 1142: �[38;5;10m•�[0mt=l=info app=cosign m= ... 1174: t=l=info app=rekor-cli m=4 1175: t=l=info app=rekor-cli m=Rsa+RGTU9CZXD8Jwu0oOYf6Zrq7IMNoFHrfx5Y0qnuM= 1176: t=l=info app=rekor-cli 1177: t=l=info app=rekor-cli m=— rekor-server-59d5c8df4c-2g4rh nx5nFTBEAiAqHt3VZGeccN45Z5U6K8nbgz24+CP7uvj2RJthHh3/jwIgF/gCAgPatputWydD1hA4CqZIpZIvbuQF77PuJIHG+tQ= 1178: t=l=info app=rekor-cli 1179: t=l=info app=rekor-cli 1180: t=l=info app=rekor-cli m=Inclusion Proof: 1181: t=l=info app=rekor-cli m=SHA256(0x01 | f1a0b624df405d775e39f9282d9b15eab324a432f42682436851576c5f0a767a | ed248da9ab8e6c5fee648b326db58b3315da7df9f687ccf9c260115562298bd5) = 1182: t=l=info app=rekor-cli m= 68d3ba7f7a11c9cd6015c530514e220c9d4ad47df172204cd1444697ea797013 1183: t=l=info app=rekor-cli 1184: t=l=info app=rekor-cli m=SHA256(0x01 | 7f6044ca6fc5002e635f31a70a785484e46017eb9f71307070529e0a238a2778 | 68d3ba7f7a11c9cd6015c530514e220c9d4ad47df172204cd1444697ea797013) = 1185: t=l=info app=rekor-cli m= 46c6be4464d4f426570fc270bb4a0e61fe99aeaec830da051eb7f1e58d2a9ee3 1186: t=l=info app=rekor-cli 1187: t=l=info app=rekor-cli m=Computed Root Hash: 46c6be4464d4f426570fc270bb4a0e61fe99aeaec830da051eb7f1e58d2a9ee3 1188: t=l=info app=rekor-cli m=Expected Root Hash: 46c6be4464d4f426570fc270bb4a0e61fe99aeaec830da051eb7f1e58d2a9ee3 1189: �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign m=WARNING: Image reference ttl.sh/60b7dc89-086d-4389-9d46-de4671e70135:5m uses a tag, not a digest, to identify the image to sign. 1190: t=l=error app=cosign m= This can lead you to sign a different image than the intended one. Please use a 1191: t=l=error app=cosign m= digest (example.com/ubuntu@sha256:abc123...) rather than tag 1192: t=l=error app=cosign m= (example.com/ubuntu:latest) for the input to cosign. The ability to refer to 1193: t=l=error app=cosign m= images by tag will be removed in a future release. 1194: t=l=error app=cosign 1195: t=l=error app=cosign m=Generating ephemeral keys... 1196: t=l=error app=cosign m=Retrieving signed certificate... 1197: t=l=error app=cosign m=Successfully verified SCT... 1198: t=l=error app=cosign m=Using payload from: /tmp/tmp753844082/predicate.json 1199: t=l=error app=cosign 1200: t=l=error app=cosign m= The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/. 1201: t=l=error app=cosign m= Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record. 1202: t=l=error app=cosign m= This may include the email address associated with the account with which you authenticate your contractual Agreement. 1203: t=l=error app=cosign m= This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/. 1204: t=l=error app=cosign 1205: t=l=error app=cosign m=By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above. 1206: t=l=error app=cosign m=tlog entry created with index: 4 1207: �[38;5;10m•�[0mt=l=info app=cosign m=📦 Supply Chain Security Related artifacts for an image: ttl.sh/60b7dc89-086d-4389-9d46-de4671e70135:5m ... 1315: code: builtin.attestation.signature_check 1316: msg: Pass 1317: - metadata: 1318: code: builtin.attestation.syntax_check 1319: msg: Pass 1320: - metadata: 1321: code: builtin.image.signature_check 1322: msg: Pass 1323: ec-version: v0.7.160+redhat 1324: effective-time: "2025-12-10T10:51:27.300612601Z" 1325: key: "" 1326: policy: {} 1327: success: true 1328: �[38;5;10m•�[0m 1329: �[38;5;10m�[1mRan 13 of 13 Specs in 38.994 seconds�[0m 1330: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m13 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1331: --- PASS: TestCosignTest (39.00s) ... 1399: t=l=info app=rekor-cli m= | |_) | | _| | ' / | | | | | |_) | _____ | | | | | | 1400: t=l=info app=rekor-cli m= | _ < | |___ | . \ | |_| | | _ < |_____| | |___ | |___ | | 1401: t=l=info app=rekor-cli m= |_| \_\ |_____| |_|\_\ \___/ |_| \_\ \____| |_____| |___| 1402: t=l=info app=rekor-cli m=rekor-cli: Rekor CLI 1403: t=l=info app=rekor-cli 1404: t=l=info app=rekor-cli m=GitVersion: f75971db 1405: t=l=info app=rekor-cli m=GitCommit: f75971dba878dac9403740c2a4a9126a62a86288 1406: t=l=info app=rekor-cli m=GitTreeState: clean 1407: t=l=info app=rekor-cli m=BuildDate: t=l=info app=rekor-cli m=GoVersion: go1.25.3 (Red Hat 1.25.3-1.el9_7) X:strictfipsruntime 1408: t=l=info app=rekor-cli m=Compiler: gc 1409: t=l=info app=rekor-cli m=Platform: linux/amd64 1410: t=l=info app=rekor-cli 1411: �[38;5;10m•�[0m�[38;5;10m•�[0m�[38;5;10m•�[0mt=l=info app=git m=[master (root-commit) a462fa7] CI commit 2025-12-10 10:50:54.549390202 +0000 UTC m=+2.467223528 1412: t=l=info app=git m= 1 file changed, 1 insertion(+) 1413: t=l=info app=git m= create mode 100644 testFile.txt 1414: �[38;5;10m•�[0m�[38;5;10m•�[0mt=l=error app=cosign m=WARNING: Fetching initial root from URL without providing its checksum is deprecated and will be disallowed in a future Cosign release. Please provide the initial root checksum via the --root-checksum argument. 1415: t=l=info app=cosign m=Root status: 1416: t=l=info app=cosign m= { 1417: t=l=info app=cosign m= "local": "/home/runner/.sigstore/root", 1418: t=l=info app=cosign m= "remote": "http://tuf.local", 1419: t=l=info app=cosign m= "metadata": { 1420: t=l=info app=cosign m= "root.json": { 1421: t=l=info app=cosign m= "version": 1, 1422: t=l=info app=cosign m= "len": 4128, 1423: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1424: t=l=info app=cosign m= "error": "" 1425: t=l=info app=cosign m= }, 1426: t=l=info app=cosign m= "snapshot.json": { 1427: t=l=info app=cosign m= "version": 1, 1428: t=l=info app=cosign m= "len": 994, 1429: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1430: t=l=info app=cosign m= "error": "" 1431: t=l=info app=cosign m= }, 1432: t=l=info app=cosign m= "targets.json": { 1433: t=l=info app=cosign m= "version": 1, 1434: t=l=info app=cosign m= "len": 2526, 1435: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1436: t=l=info app=cosign m= "error": "" 1437: t=l=info app=cosign m= }, 1438: t=l=info app=cosign m= "timestamp.json": { 1439: t=l=info app=cosign m= "version": 1, 1440: t=l=info app=cosign m= "len": 995, 1441: t=l=info app=cosign m= "expiration": "09 Dec 26 10:49 UTC", 1442: t=l=info app=cosign m= "error": "" 1443: t=l=info app=cosign m= } ... 1484: t=l=info app=rekor-cli m=rekor-server-59d5c8df4c-2g4rh - 99803694834515574 1485: t=l=info app=rekor-cli m=2 1486: t=l=info app=rekor-cli m=f2BEym/FAC5jXzGnCnhUhORgF+ufcTBwcFKeCiOKJ3g= 1487: t=l=info app=rekor-cli 1488: t=l=info app=rekor-cli m=— rekor-server-59d5c8df4c-2g4rh nx5nFTBFAiB/YjrvqGmiOoxu4Iyt5RQCZmXqLTxE5TD4WweERdkO9gIhAOKbgrFm7AXPB5EeIk5of+dCjmmbek6wWpK+WN4TCPNX 1489: t=l=info app=rekor-cli 1490: t=l=info app=rekor-cli 1491: t=l=info app=rekor-cli m=Inclusion Proof: 1492: t=l=info app=rekor-cli m=SHA256(0x01 | 3724c16f0b8b0a94971026f144ac58c8bc5f7726677b3040fd3d951a2727fd86 | 2b1e39ac61eaf83ccb4cc2844a303f243d3a6c0944b88dad3aa1c099dd4adcc0) = 1493: t=l=info app=rekor-cli m= 7f6044ca6fc5002e635f31a70a785484e46017eb9f71307070529e0a238a2778 1494: t=l=info app=rekor-cli 1495: t=l=info app=rekor-cli m=Computed Root Hash: 7f6044ca6fc5002e635f31a70a785484e46017eb9f71307070529e0a238a2778 1496: t=l=info app=rekor-cli m=Expected Root Hash: 7f6044ca6fc5002e635f31a70a785484e46017eb9f71307070529e0a238a2778 1497: �[38;5;10m•�[0m 1498: �[38;5;10m�[1mRan 9 of 9 Specs in 3.227 seconds�[0m 1499: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m9 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1500: --- PASS: TestGitsignE2E (3.23s) ... 1629: Total Tree Size: 1 1630: Root Hash: 3724c16f0b8b0a94971026f144ac58c8bc5f7726677b3040fd3d951a2727fd86 1631: TreeID: 99803694834515574 1632: [78 111 32 112 114 101 118 105 111 117 115 32 108 111 103 32 115 116 97 116 101 32 115 116 111 114 101 100 44 32 117 110 97 98 108 101 32 116 111 32 112 114 111 118 101 32 99 111 110 115 105 115 116 101 110 99 121 10 86 101 114 105 102 105 99 97 116 105 111 110 32 83 117 99 99 101 115 115 102 117 108 33 10 65 99 116 105 118 101 32 84 114 101 101 32 83 105 122 101 58 32 32 32 32 32 32 32 49 10 84 111 116 97 108 32 84 114 101 101 32 83 105 122 101 58 32 32 32 32 32 32 32 32 49 10 82 111 111 116 32 72 97 115 104 58 32 32 32 32 32 32 32 32 32 32 32 32 32 32 51 55 50 52 99 49 54 102 48 98 56 98 48 97 57 52 57 55 49 48 50 54 102 49 52 52 97 99 53 56 99 56 98 99 53 102 55 55 50 54 54 55 55 98 51 48 52 48 102 100 51 100 57 53 49 97 50 55 50 55 102 100 56 54 10 84 114 101 101 73 68 58 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 57 57 56 48 51 54 57 52 56 51 52 53 49 53 53 55 52 10] 1633: �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID): 1634: 016292ee81e1fe763724c16f0b8b0a94971026f144ac58c8bc5f7726677b3040fd3d951a2727fd86 1635: [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 48 49 54 50 57 50 101 101 56 49 101 49 102 101 55 54 51 55 50 52 99 49 54 102 48 98 56 98 48 97 57 52 57 55 49 48 50 54 102 49 52 52 97 99 53 56 99 56 98 99 53 102 55 55 50 54 54 55 55 98 51 48 52 48 102 100 51 100 57 53 49 97 50 55 50 55 102 100 56 54 10] 1636: �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID): 1637: 016292ee81e1fe763724c16f0b8b0a94971026f144ac58c8bc5f7726677b3040fd3d951a2727fd86 1638: [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 48 49 54 50 57 50 101 101 56 49 101 49 102 101 55 54 51 55 50 52 99 49 54 102 48 98 56 98 48 97 57 52 57 55 49 48 50 54 102 49 52 52 97 99 53 56 99 56 98 99 53 102 55 55 50 54 54 55 55 98 51 48 52 48 102 100 51 100 57 53 49 97 50 55 50 55 102 100 56 54 10] 1639: �[38;5;10m•�[0mt=l=info app=rekor-cli m=Found matching entries (listed by UUID): 1640: 016292ee81e1fe763724c16f0b8b0a94971026f144ac58c8bc5f7726677b3040fd3d951a2727fd86 1641: [70 111 117 110 100 32 109 97 116 99 104 105 110 103 32 101 110 116 114 105 101 115 32 40 108 105 115 116 101 100 32 98 121 32 85 85 73 68 41 58 10 48 49 54 50 57 50 101 101 56 49 101 49 102 101 55 54 51 55 50 52 99 49 54 102 48 98 56 98 48 97 57 52 57 55 49 48 50 54 102 49 52 52 97 99 53 56 99 56 98 99 53 102 55 55 50 54 54 55 55 98 51 48 52 48 102 100 51 100 57 53 49 97 50 55 50 55 102 100 56 54 10] 1642: �[38;5;10m•�[0m 1643: �[38;5;10m�[1mRan 9 of 9 Specs in 1.030 seconds�[0m 1644: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m9 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1645: --- PASS: TestRekorCliE2E (1.03s) ... 1656: t=l=info m=SIGSTORE_FULCIO_URL=http://fulcio-server.local 1657: t=l=info m=SIGSTORE_REKOR_URL=http://rekor-server.local 1658: t=l=info m=TUF_URL=http://tuf.local 1659: t=l=info m=TSA_URL=http://tsa-server.local/api/v1/timestamp 1660: t=l=info m=KEYCLOAK_REALM=trusted-artifact-signer 1661: t=l=info m=Getting binary 'updatetree' from CLI serverServer URLhttp://cli-server.local 1662: t=l=info m=Downloading updatetree from http://cli-server.local/clients/linux/updatetree-amd64.gz 1663: t=l=info m=Getting binary 'createtree' from CLI serverServer URLhttp://cli-server.local 1664: t=l=info m=Downloading createtree from http://cli-server.local/clients/linux/createtree-amd64.gz 1665: t=l=info app=createtree m=Usage of /tmp/createtree3738155633/createtree: 1666: -add_dir_header 1667: If true, adds the file directory to the header of the log messages 1668: -admin_server string 1669: Address of the gRPC Trillian Admin Server (host:port) 1670: -alsologtostderr 1671: log to standard error as well as files (no effect when -logtostderr=true) 1672: -config string 1673: Config file containing flags, file contents can be overridden by command line flags 1674: -description string 1675: Description of the new tree 1676: -display_name string 1677: Display name of the new tree 1678: -log_backtrace_at value 1679: when logging hits line file:N, emit a stack trace 1680: -log_dir string 1681: If non-empty, write log files in this directory (no effect when -logtostderr=true) 1682: -log_file string 1683: If non-empty, use this log file (no effect when -logtostderr=true) 1684: -log_file_max_size uint 1685: Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) 1686: -logtostderr 1687: log to standard error instead of files (default true) 1688: -max_root_duration duration ... 1701: Path to the file containing the Trillian server's PEM-encoded public TLS certificate. If unset, unsecured connections will be used 1702: -tree_state string 1703: State of the new tree (default "ACTIVE") 1704: -tree_type string 1705: Type of the new tree (default "LOG") 1706: -v value 1707: number for the log level verbosity 1708: -vmodule value 1709: comma-separated list of pattern=N settings for file-filtered logging 1710: �[38;5;10m•�[0mt=l=info app=updatetree m=Usage of /tmp/updatetree1878710108/updatetree: 1711: -add_dir_header 1712: If true, adds the file directory to the header of the log messages 1713: -admin_server string 1714: Address of the gRPC Trillian Admin Server (host:port) 1715: -alsologtostderr 1716: log to standard error as well as files (no effect when -logtostderr=true) 1717: -log_backtrace_at value 1718: when logging hits line file:N, emit a stack trace 1719: -log_dir string 1720: If non-empty, write log files in this directory (no effect when -logtostderr=true) 1721: -log_file string 1722: If non-empty, use this log file (no effect when -logtostderr=true) 1723: -log_file_max_size uint 1724: Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800) 1725: -logtostderr 1726: log to standard error instead of files (default true) 1727: -one_output ... 1738: logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=true) (default 2) 1739: -tls_cert_file string 1740: Path to the file containing the Trillian server's PEM-encoded public TLS certificate. If unset, unsecured connections will be used 1741: -tree_id int 1742: The ID of the tree to be set updated 1743: -tree_state string 1744: If set the tree state will be updated 1745: -tree_type string 1746: If set the tree type will be updated 1747: -v value 1748: number for the log level verbosity 1749: -vmodule value 1750: comma-separated list of pattern=N settings for file-filtered logging 1751: �[38;5;10m•�[0m 1752: �[38;5;10m�[1mRan 2 of 2 Specs in 0.506 seconds�[0m 1753: �[38;5;10m�[1mSUCCESS!�[0m -- �[38;5;10m�[1m2 Passed�[0m | �[38;5;9m�[1m0 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1754: --- PASS: TestTrillianTest (0.51s) ... 1758: Running Suite: Create tuf repo manually - /home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool 1759: ====================================================================================================================== 1760: Random Seed: �[1m1765363855�[0m 1761: Will run �[1m2�[0m of �[1m2�[0m specs 1762: t=l=info m=Getting binary 'tuftool' from CLI serverServer URLhttp://cli-server.local 1763: t=l=info m=Downloading tuftool from http://cli-server.local/clients/linux/tuftool-amd64.gz 1764: t=l=info m=Done. Using '/tmp/tuftool3864120970/tuftool' with version: 1765: t=l=info app=tuftool m=tuftool 0.12.0 1766: t=l=info m=Created temporary directory: /tmp/trustroot_example2292953110 1767: t=l=info app=tuftool m=c9c161e113aad3ca71af74b04b7b16b409ebf51c86647b34746129f3e92e9d39 1768: t=l=info app=tuftool m=0bc0c722a05a560f9305fb1a900655c8abec1bf736eaa56dbf88b836f9423d71 1769: t=l=info app=tuftool m=6e4a690f3130691bb41e1df8b79c3f6c2900ce06b6bd992e3df4b0dcb0d4915a 1770: t=l=info app=tuftool m=15e493047802892b65d502e9446361020a71201aa4449b2bf0cb4cdac4a3d647 1771: �[38;5;10m•�[0m 1772: �[38;5;243m------------------------------�[0m 1773: �[38;5;9m• [FAILED] [0.001 seconds]�[0m 1774: �[0mTUF manual repo test �[38;5;9m�[1m[It] should verify workdir structure�[0m 1775: �[38;5;243m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:68�[0m 1776: �[38;5;9m[FAILED] Expected at least one file with suffix .signing_config.v0.2.json, found 0 1777: Expected 1778: <int>: 0 1779: to be >= 1780: <int>: 1�[0m 1781: �[38;5;9mIn �[1m[It]�[0m�[38;5;9m at: �[1m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:286�[0m �[38;5;243m@ 12/10/25 10:50:56.372�[0m 1782: �[38;5;243m------------------------------�[0m 1783: �[38;5;9m�[1mSummarizing 1 Failure:�[0m 1784: �[38;5;9m[FAIL]�[0m �[0mTUF manual repo test �[38;5;9m�[1m[It] should verify workdir structure�[0m 1785: �[38;5;243m/home/runner/work/secure-sign-operator/secure-sign-operator/e2e/test/tuftool/tuftool_manual_tuf_repo_test.go:286�[0m 1786: �[38;5;9m�[1mRan 2 of 2 Specs in 1.364 seconds�[0m 1787: �[38;5;9m�[1mFAIL!�[0m -- �[38;5;10m�[1m1 Passed�[0m | �[38;5;9m�[1m1 Failed�[0m | �[38;5;11m�[1m0 Pending�[0m | �[38;5;14m�[1m0 Skipped�[0m 1788: --- FAIL: TestManualTUFRepoTest (1.36s) 1789: FAIL 1790: FAIL github.com/securesign/sigstore-e2e/test/tuftool 1.378s 1791: FAIL 1792: ##[error]Process completed with exit code 1. 1793: ##[group]Run kubectl logs -n openshift-rhtas-operator deployment/rhtas-operator-controller-manager ... 1852: I1210 10:47:09.883618 1 controller.go:286] "Starting Controller" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" 1853: I1210 10:47:09.883662 1 controller.go:289] "Starting workers" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" worker count=1 1854: I1210 10:47:09.883618 1 controller.go:286] "Starting Controller" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" 1855: I1210 10:47:09.883687 1 controller.go:289] "Starting workers" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" worker count=1 1856: I1210 10:47:09.883618 1 controller.go:286] "Starting Controller" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" 1857: I1210 10:47:09.883706 1 controller.go:289] "Starting workers" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" worker count=1 1858: I1210 10:47:09.883769 1 controller.go:286] "Starting Controller" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" 1859: I1210 10:47:09.883786 1 controller.go:289] "Starting workers" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" worker count=1 1860: I1210 10:47:09.883770 1 controller.go:286] "Starting Controller" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" 1861: I1210 10:47:09.883799 1 controller.go:289] "Starting workers" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" worker count=1 1862: I1210 10:47:09.884993 1 controller.go:286] "Starting Controller" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" 1863: I1210 10:47:09.885009 1 controller.go:286] "Starting Controller" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" 1864: I1210 10:47:09.885011 1 controller.go:289] "Starting workers" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" worker count=1 1865: I1210 10:47:09.885048 1 controller.go:289] "Starting workers" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" worker count=1 1866: I1210 10:47:22.238644 1 warning_handler.go:64] "metadata.finalizers: \"tas.rhtas.redhat.com\": prefer a domain-qualified finalizer name including a path (/) to avoid accidental conflicts with other finalizer writers" controller="securesign" controllerGroup="rhtas.redhat.com" controllerKind="Securesign" Securesign="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="714713d5-101f-43a4-b77f-1fc91602416d" 1867: I1210 10:47:22.912467 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="3e7ebae1-4034-44a3-ae4b-c633f1f2fd78" error="deployment not ready(fulcio-server): not available" 1868: I1210 10:47:22.912495 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="3e7ebae1-4034-44a3-ae4b-c633f1f2fd78" 1869: I1210 10:47:22.938911 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="efcd298a-115c-45a9-915d-2e092988190d" error="deployment not ready(fulcio-server): not available" 1870: I1210 10:47:22.938944 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="efcd298a-115c-45a9-915d-2e092988190d" 1871: I1210 10:47:23.001145 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="ce617790-4ae4-4988-b612-f980b5c758c6" error="deployment not ready(tsa-server): not available" 1872: I1210 10:47:23.001177 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="ce617790-4ae4-4988-b612-f980b5c758c6" 1873: I1210 10:47:23.018330 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4a074eba-0255-485e-b46a-0196a15f1f92" error="deployment not ready(tsa-server): not available" 1874: I1210 10:47:23.018361 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4a074eba-0255-485e-b46a-0196a15f1f92" 1875: I1210 10:47:23.467170 1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="cd5f48b1-73ff-4aa3-8bf4-8fde2b428409" error="deployment not ready(trillian-db): not available" 1876: I1210 10:47:23.467195 1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="cd5f48b1-73ff-4aa3-8bf4-8fde2b428409" 1877: I1210 10:47:23.486685 1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a45fa818-e902-43e8-90f5-8bd9f63cef96" error="deployment not ready(trillian-db): not available" 1878: I1210 10:47:23.486714 1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a45fa818-e902-43e8-90f5-8bd9f63cef96" 1879: I1210 10:47:23.531534 1 initialize.go:40] "deployment is not ready" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="53c750f7-110f-41a2-82cd-370c6a8517b7" error="deployment not ready(trillian-db): not available" 1880: I1210 10:47:23.531575 1 initialize.go:45] "Waiting for deployment" logger="db initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="53c750f7-110f-41a2-82cd-370c6a8517b7" 1881: I1210 10:47:34.584471 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a3c713f4-bff8-4d5d-9882-06101cfb60c6" error="deployment not ready(tsa-server): not available" 1882: I1210 10:47:34.584491 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="timestampauthority" controllerGroup="rhtas.redhat.com" controllerKind="TimestampAuthority" TimestampAuthority="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="a3c713f4-bff8-4d5d-9882-06101cfb60c6" 1883: I1210 10:47:34.586079 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f6e3ac35-383c-491c-b1dd-e34664cc9c52" error="deployment not ready(fulcio-server): not available" 1884: I1210 10:47:34.586102 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="fulcio" controllerGroup="rhtas.redhat.com" controllerKind="Fulcio" Fulcio="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f6e3ac35-383c-491c-b1dd-e34664cc9c52" 1885: I1210 10:48:35.261452 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="91fb2e99-f968-4c0d-bb68-0532eaab425d" error="deployment not ready(trillian-logserver): not available" 1886: I1210 10:48:35.261479 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="91fb2e99-f968-4c0d-bb68-0532eaab425d" 1887: I1210 10:48:35.268277 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f6136168-4048-4d68-89ac-3c0bf7e0f0c4" error="deployment not ready(trillian-logserver): not available" 1888: I1210 10:48:35.268299 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f6136168-4048-4d68-89ac-3c0bf7e0f0c4" 1889: I1210 10:48:52.269499 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="5e81d98f-c804-4d0b-b5da-2b6b8a1aec7e" error="deployment not ready(trillian-logsigner): not available" 1890: I1210 10:48:52.269527 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="5e81d98f-c804-4d0b-b5da-2b6b8a1aec7e" 1891: I1210 10:48:52.276374 1 initialize.go:38] "deployment is not ready" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f637a00d-95a5-46fa-b5cc-1af686fe8825" error="deployment not ready(trillian-logsigner): not available" 1892: I1210 10:48:52.276395 1 initialize.go:43] "Waiting for deployment" logger="server initialize" controller="trillian" controllerGroup="rhtas.redhat.com" controllerKind="Trillian" Trillian="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f637a00d-95a5-46fa-b5cc-1af686fe8825" 1893: I1210 10:49:03.877004 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f31855d8-fdf3-4c19-a61e-1f9cb1dd0d3f" error="deployment not ready(rekor-server): not available" 1894: I1210 10:49:03.877089 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f31855d8-fdf3-4c19-a61e-1f9cb1dd0d3f" 1895: I1210 10:49:03.893653 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="57e6ed0c-d7a2-42d4-bbfd-504008d9366e" error="deployment not ready(rekor-server): not available" 1896: I1210 10:49:03.893679 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="57e6ed0c-d7a2-42d4-bbfd-504008d9366e" 1897: I1210 10:49:18.380795 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="01fd2a31-f174-47f3-9687-020d33b27d1e" error="deployment not ready(rekor-server): not available" 1898: I1210 10:49:18.380825 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="01fd2a31-f174-47f3-9687-020d33b27d1e" 1899: I1210 10:49:24.406004 1 initialize.go:44] "deployment is not ready" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6a2c1898-34c1-4c8e-af86-144480988495" error="deployment not ready(rekor-server): not available" 1900: I1210 10:49:24.406139 1 initialize.go:49] "Waiting for deployment" logger="initialize" controller="rekor" controllerGroup="rhtas.redhat.com" controllerKind="Rekor" Rekor="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="6a2c1898-34c1-4c8e-af86-144480988495" 1901: I1210 10:49:32.754934 1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="21098633-c270-4796-ad43-9a64a7afab99" Succeeded=0 Failures=0 1902: I1210 10:49:33.363960 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="66a5911d-e0f1-4c53-bdeb-1083bb9b15cb" error="deployment not ready(ctlog): not available" 1903: I1210 10:49:33.364066 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="66a5911d-e0f1-4c53-bdeb-1083bb9b15cb" 1904: I1210 10:49:33.378212 1 initialize.go:42] "deployment is not ready" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="06524604-f507-48d2-95cc-3e55e05ab874" error="deployment not ready(ctlog): not available" 1905: I1210 10:49:33.378234 1 initialize.go:47] "Waiting for deployment" logger="initialize" controller="ctlog" controllerGroup="rhtas.redhat.com" controllerKind="CTlog" CTlog="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="06524604-f507-48d2-95cc-3e55e05ab874" 1906: I1210 10:49:37.761366 1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="aaa0acf4-7567-4e9c-bd94-d4e0d52e025c" Succeeded=0 Failures=0 1907: I1210 10:49:42.767638 1 tuf_init_job.go:62] "Tuf tuf-repository-init is present." logger="controller.tuf.tuf-init job" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="f37a7acf-7a20-487d-b2d7-ae78144cbc84" Succeeded=1 Failures=0 1908: I1210 10:49:42.892513 1 initialize.go:43] "deployment is not ready" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="582af11c-de35-40a9-be3f-d06daa7d6ae1" error="deployment not ready(tuf): not available" 1909: I1210 10:49:42.892637 1 initialize.go:48] "Waiting for deployment" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="582af11c-de35-40a9-be3f-d06daa7d6ae1" 1910: I1210 10:49:42.899808 1 initialize.go:43] "deployment is not ready" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4c364360-5cd3-4f28-b1f3-7bfc8812635b" error="deployment not ready(tuf): not available" 1911: I1210 10:49:42.899842 1 initialize.go:48] "Waiting for deployment" logger="controller.tuf.initialize" controller="tuf" controllerGroup="rhtas.redhat.com" controllerKind="Tuf" Tuf="test/securesign-sample" namespace="test" name="securesign-sample" reconcileID="4c364360-5cd3-4f28-b1f3-7bfc8812635b"