公证初始化不能与Microsoft Azure容器注册表一起使用

时间:2019-02-21 11:32:32

标签: azure docker azure-container-registry

在Microsoft Azure容器注册表中使用公证init时遇到问题,以下是日志

administrator@xyz:~/mayank-azure-test$ notary init testhelloworld.azurecr.io/hello-world -d /home/administrator/mayank-azure-test/docker-trust -s https://notary.docker.io -D -v
DEBU[0000] Using the following trust directory: /home/administrator/mayank-azure-test/docker-trust
DEBU[0000] No yubikey found, using alternative key storage: no library found
DEBU[0000] Making dir path: /home/administrator/mayank-azure-test/docker-trust/tuf/testhelloworld.azurecr.io/hello-world/changelist
DEBU[0000] No yubikey found, using alternative key storage: no library found
Root key found, using: e439e12df11382c860bf6aaa0d24c263546d55b6cb724b1d9f896a1ce7d0195a
DEBU[0000] No yubikey found, using alternative key storage: no library found
Enter passphrase for root key with ID e439e12:
DEBU[0006] generated ECDSA key with keyID: 638a47f7dfdcf0f08f66bbf108780eb8a4acffc3db7ec71f64b87f2d221954cb
DEBU[0006] generated new ecdsa key for role: targets and keyID: 638a47f7dfdcf0f08f66bbf108780eb8a4acffc3db7ec71f64b87f2d221954cb
Enter passphrase for new targets key with ID 638a47f:
Repeat passphrase for new targets key with ID 638a47f:
DEBU[0011] generated ECDSA key with keyID: c6a8021ac620c9f5a3185b55fa24b7b5948b8dcde3a4c7529e5dbab6c52139a2
DEBU[0011] generated new ecdsa key for role: snapshot and keyID: c6a8021ac620c9f5a3185b55fa24b7b5948b8dcde3a4c7529e5dbab6c52139a2
Enter passphrase for new snapshot key with ID c6a8021:
Repeat passphrase for new snapshot key with ID c6a8021:
Enter username: TestHelloWorld
Enter password:

* fatal: unauthorized: incorrect username or password
administrator@xyz:~/mayank-azure-test$ 

我还尝试了docker登录以验证哪个有效–

administrator@xyz:~/mayank-azure-test$ docker login testhelloworld.azurecr.io
Username (TestHelloWorld): TestHelloWorld
Password:
Login Succeeded
administrator@ip-10-0-0-159:~/mayank-azure-test$

1 个答案:

答案 0 :(得分:0)

命令不正确。您正在指定dockerhub公证服务器:  -s https://notary.docker.io -D -v

对于ACR注册表,公证服务器与您的注册表服务器(testhelloworld.azurecr.io)相同。

如果您只想推送签名的图像,最简单的方法是使用docker cli代替公证cli:

设置DOCKER_CONTENT_TRUST = 1 docker push testhelloworld.azurecr.io/hello-world:latest