dmc5179/oc-mirror-signature-disable-certified-index.md

Last active April 23, 2026 18:40

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/dmc5179/dae25beeb77d3754675985b637cf8b64.js"></script>
Save dmc5179/dae25beeb77d3754675985b637cf8b64 to your computer and use it in GitHub Desktop.

Download ZIP

oc mirror signature disable for certified operator index

Raw

oc-mirror-signature-disable-certified-index.md

Disabling signatures in oc mirror for the certified operator index

Certified operator index is complicated when it comes to image signatures. oc mirror 4.21 started to enforce signature pulls. Either use oc mirror 4.20.x binary or use the below workaround.

Create a registries.d config

mkdir registries.d
cat <<EOF > registries.d/redhat.yaml
docker:
    registry.connect.redhat.com:
        use-sigstore-attachments: false
EOF

Run oc mirror to disk command

oc-mirror --v2 --authfile ~/.docker/config.json --registries.d "${PWD}/registries.d" --config ./imageset-config.yaml file://${PWD}/mirror

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment