Skip to content

cosign load does ignore --allow-http-registry #4134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
cck1860 opened this issue Mar 26, 2025 · 0 comments
Open

cosign load does ignore --allow-http-registry #4134

cck1860 opened this issue Mar 26, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@cck1860
Copy link

cck1860 commented Mar 26, 2025

When trying to load cosigned images by using cosign load to a http-only registry, I observed that the flag --allow-http-registry is ignored.

A command like cosign load -d --allow-http-registry --dir /tmp/extract/ xxx.yyy.svc:5000/test/myalpine:latest fails with the error message

2025/03/25 15:08:01 <-- tls: first record does not look like a TLS handshake GET https://xxx.yyy.svc:5000/v2/ (13.223274ms)
Error: remote write: Get "https://xxx.yyy.svc:5000/v2/": http: server gave HTTP response to HTTPS client
error during command execution: remote write: Get "https://xxx.yyy.svc:5000/v2/": http: server gave HTTP response to HTTPS client

which makes me think that the flag is ignored.

Version

cosign version

cosign: A tool for Container Signing, Verification and Storage in an OCI registry.

GitVersion: v2.4.3
GitCommit: 6a7abbf
GitTreeState: clean
BuildDate: 2025-02-19T19:34:52Z
GoVersion: go1.23.6
Compiler: gc
Platform: linux/amd64
@cck1860 cck1860 added the bug Something isn't working label Mar 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cck1860