Story #9510
Updated by ipanova@redhat.com over 3 years ago
Signatures that were:
* mirrored from remote source
* produced by Pulp Container Registry
* pushed into Pulp Container Registry by clients
will be stored and hosted at `https://pulp.registry.hostname.com/sigstore/ubi8/ubi-micro@sha256=43520d9634eaaa007a697be79eb604fcbfd348afe5e620c1407629bf20ced542/signature-1`
Add new Signature model which will have many to one relationship to the Manifest.
On manifest deletion, it's signatures will be also removed.
**Q:** store the signature in the DB ( it is a json file) or as an artifact?
**Q:** store the signature as manifests part of docker v2 api ( make it cosign like, but skopeo/podman do not support that yet)
.