Open
Description
@woodruffw @facutuesca we recently saw an HTTP 502 and a traceback in the attestations flow:
Traceback (most recent call last):
File "/root/.local/lib/python3.12/site-packages/sigstore/_internal/rekor/client.py", line 160, in post
resp.raise_for_status()
File "/root/.local/lib/python3.12/site-packages/requests/models.py", line 1024, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 502 Server Error: Bad Gateway for url: https://rekor.sigstore.dev/api/v1/log/entries/
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/app/attestations.py", line 149, in <module>
main()
File "/app/attestations.py", line 145, in main
attest_dist(dist_path, attestation_path, signer)
File "/app/attestations.py", line 114, in attest_dist
attestation = Attestation.sign(signer, dist)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.12/site-packages/pypi_attestations/_impl.py", line 200, in sign
bundle = signer.sign_dsse(stmt)
^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.12/site-packages/sigstore/sign.py", line 230, in sign_dsse
return self._finalize_sign(cert, content, proposed_entry)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.12/site-packages/sigstore/sign.py", line 189, in _finalize_sign
entry = self._signing_ctx._rekor.log.entries.post(proposed_entry)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/root/.local/lib/python3.12/site-packages/sigstore/_internal/rekor/client.py", line 162, in post
raise RekorClientError(http_error)
sigstore._internal.rekor.client.RekorClientError: Rekor returned an unknown error with HTTP 502(https://github.com/aio-libs/aiohttp/actions/runs/15359675323/job/43225662768#step:9:384)
Mind taking a look?