Package create breaks when a cosign signature image exists in the package and in the cache

[AustinAbro321]

Environment

Device and OS: Ubuntu Linux (but pretty sure will happen with any OS)
App version: v0.34.0

Steps to reproduce

This will occur with any package that uses a cosign image such as ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.sig

1. zarf package create examples/helm-charts
2. zarf package create examples/helm-charts again

Expected result

The package build will work fine

Actual Result

The package build fails with the following error

Severity/Priority

Medium, while we have not yet heard of someone running into this we should fix this before the next release

By running zarf tools clear-cache this resolve the error (until the next run)

[AustinAbro321]

I can say with relative confidence that crane is compressing the layer of the signature file that looks like below. Not sure what the logic is that determines which files should or should not be compressed. I believe the easiest solution is to skip putting layers in the cache if they are not from a container image.

A few ideas

• check if all of the layers are uncompressed
• check if all the layers of the image are image layers and not something like "application/vnd.dev.cosign.simplesigning.v1+json"

We are already planning to check if the config.mediaType == "application/vnd.oci.image.config.v1+json" in #1974 before putting an image in the cache for helm charts as OCI images, though that would do anything in the case of cosign signatures as they have the same config.mediaTypes as images.

{
  "critical": {
    "identity": {
      "docker-reference": "ghcr.io/stefanprodan/podinfo"
    },
    "image": {
      "docker-manifest-digest": "sha256:57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8"
    },
    "type": "cosign container image signature"
  },
  "optional": null
}

[AustinAbro321]

This is the function to reproduce. First we write the image and populate the cache, then we delete the image so that on the next write crane will attempt to write again and pull from the cache. We will get the error error writing layer: expected blob size 244, but only wrote 205. 205 is the file size received if the one of the layers from the image ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.sig is run through the internal crane function ReadCloserLevel

func run() error {
	cwd, err := os.Getwd()
	if err != nil {
		return err
	}

	craneDirectory := filepath.Join(cwd, "crane")

	cranePath, err := layout.Write(craneDirectory, empty.Index)
	if err != nil {
		return err
	}
	ref := "ghcr.io/stefanprodan/podinfo:sha256-57a654ace69ec02ba8973093b6a786faa15640575fbf0dbb603db55aca2ccec8.sig"
	img, err := crane.Pull(ref, []crane.Option{}...)
	if err != nil {
		return err
	}
	img = cache.Image(img, cache.NewFilesystemCache(filepath.Join(cwd, "cache")))
	err = cranePath.WriteImage(img)
	if err != nil {
		return err
	}

	_ = os.RemoveAll(craneDirectory)

	err = cranePath.WriteImage(img)
	if err != nil {
		return err
	}
	return nil
}