Cannot mirror certified falcon-operator

[evanstoner]

Version

$ oc mirror version
Client Version: version.Info{Major:"", Minor:"", GitVersion:"4.16.0-202407100906.p0.g75da281.assembly.stream.el9-75da281", GitCommit:"75da281989a147ead237e738507bbd8cec3175e5", GitTreeState:"clean", BuildDate:"2024-07-10T09:48:54Z", GoVersion:"go1.21.11 (Red Hat 1.21.11-1.el9_4) X:strictfipsruntime", Compiler:"gc", Platform:"linux/arm64"}

What happened?

When mirroring CrowdStrike's certified falcon-operator, the following error is shown:

error: unable to retrieve source image registry.connect.redhat.com/crowdstrike/falcon-operator manifest #3 from manifest list: name unknown: Image not found
error: an error occurred during planning

What did you expect to happen?

The operator is successfully mirrored.

How to reproduce it (as minimally and precisely as possible)?

kind: ImageSetConfiguration
apiVersion: mirror.openshift.io/v1alpha2
storageConfig:
  local:
    path: /home/estoner/mirror
mirror:
  blockedImages:
    # you must block the components from our registry because you do not have credentials
    - name: registry.crowdstrike.com/falcon-container/us-1
    - name: registry.crowdstrike.com/falcon-imageanalyzer/us-1
    - name: registry.crowdstrike.com/falcon-sensor/us-1
    - name: registry.crowdstrike.com/falcon-kac/us-1
  platform:
    channels:
    - name: stable-4.16
      type: ocp
  operators:
  - catalog: registry.redhat.io/redhat/certified-operator-index:v4.16
    packages:
    - name: falcon-operator
      channels:
      - name: certified-1.0
  additionalImages: []
  helm: {}

$ oc mirror --config=./imageset-config.yaml file://./mirror-output

Anything else we need to know?

Note that these images contain attestation-manfest type manifests. We wonder if this could be the problem.

$ docker buildx imagetools inspect registry.connect.redhat.com/crowdstrike/falcon-operator:1.0.1                                                                              
Name:      registry.connect.redhat.com/crowdstrike/falcon-operator:1.0.1
MediaType: application/vnd.oci.image.index.v1+json
Digest:    sha256:48078e3ad36db12c5b769ab924b1bd6bfe5836d8e3099fc84b3204c0e33ddbae

Manifests:
  Name:        registry.connect.redhat.com/crowdstrike/falcon-operator:1.0.1@sha256:466b81e1d2acf262c9d5addd4506889097541adfcb7da3b5b27250c00c41d0a9
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    linux/arm64

  Name:        registry.connect.redhat.com/crowdstrike/falcon-operator:1.0.1@sha256:18e8ef53f8abf24cd7b7e1541da427daf835ce8fd1e24ae4cd4c1b748fb01cb3
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    linux/amd64

  Name:        registry.connect.redhat.com/crowdstrike/falcon-operator:1.0.1@sha256:4e9f648fba6195c3ece97ef73f610c85b5b02c5f933a1dec3d0ff652ac345538
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    unknown/unknown
  Annotations:
    vnd.docker.reference.digest: sha256:466b81e1d2acf262c9d5addd4506889097541adfcb7da3b5b27250c00c41d0a9
    vnd.docker.reference.type:   attestation-manifest

  Name:        registry.connect.redhat.com/crowdstrike/falcon-operator:1.0.1@sha256:dd536b11bed224069c46859ab0552dae8bef70011f74abdb3f3eb7350bf4bca7
  MediaType:   application/vnd.oci.image.manifest.v1+json
  Platform:    unknown/unknown
  Annotations:
    vnd.docker.reference.digest: sha256:18e8ef53f8abf24cd7b7e1541da427daf835ce8fd1e24ae4cd4c1b748fb01cb3
    vnd.docker.reference.type:   attestation-manifest