The oadm verify-image-signature uses insecure connection to the integrated registry. For this reason, the following extended test fails:
• Failure [121.196 seconds]
[imageapis][registry] image signature workflow
/go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/test/extended/registry/signature.go:113
can push a signed image to openshift registry and verify it [It]
/go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/test/extended/registry/signature.go:112
Expected
<string>: error verifying signature sha256:bd25771c79b53946ab1f92970f6a08907e07b9acb8f3a359494a037be2f09f57@e52846c9ec597d9b905862e16cc946d7 for image sha256:bd25771c79b53946ab1f92970f6a08907e07b9acb8f3a359494a037be2f09f57 (verification status will be removed): failed to get image "sha256:bd25771c79b53946ab1f92970f6a08907e07b9acb8f3a359494a037be2f09f57" manifest: Get http://docker-registry.default.svc:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
to contain substring
<string>: identity is now confirmed
/go/src/github.com/openshift/origin/_output/local/go/src/github.com/openshift/origin/test/extended/registry/signature.go:106
The command needs to try https first and fall-back to http if not possible. The insecure connection should be enabled based on insecure flags of corresponding imagestream (e.g. insecure repository annotation or insecure import policy.
The
oadm verify-image-signatureuses insecure connection to the integrated registry. For this reason, the following extended test fails:The command needs to try
httpsfirst and fall-back tohttpif not possible. The insecure connection should be enabled based on insecure flags of corresponding imagestream (e.g. insecure repository annotation or insecure import policy.