[bug] "Generate builder" and "Run sigstore/cosign-installer" steps failing with error updating to TUF remote mirror: invalid key · Issue #3350 · slsa-framework/slsa-github-generator (original) (raw)
The "Generate builder" and "Run sigstore/cosign-installer" steps have started failing for my workflows. This used to work fine, not sure if it is just an intermittent error or something more fundamental:
Here's a build that worked 18 hours ago but is failing now (i.e. without any code changes): https://github.com/jkreileder/cf-ips-to-hcloud-fw/actions/runs/8339143012 (corresponding workflow)
Generate buildererror:
Verifying artifact slsa-generator-container-linux-amd64: FAILED: error retrieving Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
"mirror": "https://tuf-repo-cdn.sigstore.dev/",
"metadata": {
"root.json": {
"version": 9,
"len": 6766,
"expiration": "12 Sep 24 06:53 UTC",
"error": ""
},
"snapshot.json": {
"version": 132,
"len": 2302,
"expiration": "09 Apr 24 16:16 UTC",
"error": ""
},
"targets.json": {
"version": 9,
"len": 5478,
"expiration": "12 Sep 24 06:13 UTC",
"error": ""
},
"timestamp.json": {
"version": 169,
"len": 723,
"expiration": "26 Mar 24 16:16 UTC",
"error": ""
}
}
}
FAILED: SLSA verification failed: error retrieving Rekor public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
"mirror": "https://tuf-repo-cdn.sigstore.dev/",
"metadata": {
"root.json": {
"version": 9,
"len": 6766,
"expiration": "12 Sep 24 06:53 UTC",
"error": ""
},
"snapshot.json": {
"version": 132,
"len": 2302,
"expiration": "09 Apr 24 16:16 UTC",
"error": ""
},
"targets.json": {
"version": 9,
"len": 5478,
"expiration": "12 Sep 24 06:13 UTC",
"error": ""
},
"timestamp.json": {
"version": 169,
"len": 723,
"expiration": "26 Mar 24 16:16 UTC",
"error": ""
}
}
}
Error: Process completed with exit code 6.
Run sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06error:
Error: getting ctlog public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
"mirror": "https://tuf-repo-cdn.sigstore.dev/",
"metadata": {
"root.json": {
"version": 9,
"len": 6766,
"expiration": "12 Sep 24 06:53 UTC",
"error": ""
},
"snapshot.json": {
"version": 132,
"len": 2302,
"expiration": "09 Apr 24 16:16 UTC",
"error": ""
},
"targets.json": {
"version": 9,
"len": 5478,
"expiration": "12 Sep 24 06:13 UTC",
"error": ""
},
"timestamp.json": {
"version": 169,
"len": 723,
"expiration": "26 Mar 24 16:16 UTC",
"error": ""
}
}
}
main.go:74: error during command execution: getting ctlog public keys: updating local metadata and targets: error updating to TUF remote mirror: invalid key
remote status:{
"mirror": "https://tuf-repo-cdn.sigstore.dev/",
"metadata": {
"root.json": {
"version": 9,
"len": 6766,
"expiration": "12 Sep 24 06:53 UTC",
"error": ""
},
"snapshot.json": {
"version": 132,
"len": 2302,
"expiration": "09 Apr 24 16:16 UTC",
"error": ""
},
"targets.json": {
"version": 9,
"len": 5478,
"expiration": "12 Sep 24 06:13 UTC",
"error": ""
},
"timestamp.json": {
"version": 169,
"len": 723,
"expiration": "26 Mar 24 16:16 UTC",
"error": ""
}
}
}
Error: Process completed with exit code 1.