After upgraded from v.1.10.0 to v.2.20, failed to sign An error occurred during validation: rpc error: code = 5 desc = key XXX not found

[ghost]

I upgraded from v1.10.0 to v2.2.0 and it turns out I am not able to push and sign with the same signer.

[root@admin mysigner]# docker push registry.XXXXXX.com/project/nginx:test1
The push refers to repository [registry.XXXXXX.com/project/nginx]
075508cf8f04: Layer already exists
5c865c78bc96: Layer already exists
134e19b2fac5: Layer already exists
83634f76e732: Layer already exists
766fe2c3fc08: Layer already exists
02c055ef67f5: Layer already exists
test1: digest: sha256:61191087790c31e43eb37caa10de1135b002f10c09fdda7fa8a5989db74033aa size: 1570
Signing and pushing trust metadata
Enter passphrase for mysigner key with ID 2524d86:
failed to sign registry.XXXXXX.com/project/nginx:test1: An error occurred during validation: rpc error: code = 5 desc = key 4664aaf179be00403edce70573be055e0688577c3888fea4a207f85a473222c4 not found

What is even more weird is that don't understand what is the missing key in question, since it does not correspond to any previously existing keys. Where does this missing key come from? on the server side? why it is looking for a key which never existed?

[ghost]

anyone has an idea why an irrelevant key is required? this key was never used.

[reasonerjt]

@zyitingftnt This key 4664aaf179be00403edce70573be055e0688577c3888fea4a207f85a473222c4 is probably used by notary signer for signing the snapshot.

You can find it referenced by the json file in ~/.docker/trust/

This looks a dup of #14932 I'm still trying to reproduce and investigate, let me close this one and let's focus the discussion in #14932