Story #9502: [EPIC] Contrainer Signing and Verification
As a user I can host container image signatures
Signatures that were:
- mirrored from remote source
- produced by Pulp Container Registry
- pushed into Pulp Container Registry by clients
will be available at the signature extensions API.
Add new Signature model which will have many to one relationship to the Manifest. On manifest deletion, it's signatures will be also removed.
Q: store the signature in the DB ( it is a json file) or as an artifact?
Q: store the signature as manifests part of docker v2 api ( make it cosign like, but skopeo/podman do not support that yet) we will not support this for now
Please register to edit this issue