Project

Profile

Help

Story #9511

Updated by ipanova@redhat.com about 3 years ago

To add a single signature, PUT a new json object with `version` set to 2( manifest schema version) , `type` set to atomic, atomic (?TBD), and `content` set to the base64 encoded signature data (usually a GPG signed data). 
 Name should be set to an unique name with the form digest@per-image-name, where digest is an image manifest digest (also used in the URL), and per-image-name is any unique identifier. 
 ``` 
 $ curl -X PUT --data @signature.json http://<registry_endpoint>:24817/extensions/v2/<namespace>/<name>/signatures/<imagesha256digest> 

 cat signature.json 

 { 
     "version": 2, 
     "type":      "docker", 
     "name":      "sha256:4028782c08eae4a8c9a28bf661c0a8d1c2fc8e19dbaae2b018b21011197e1484@cddeb7006d914716e2728000746a0b23", 
     "content": "<base64 encoded signature>", 
   } 
 ``` 

 See https://github.com/openshift/openshift-docs/pull/3556/files and https://docs.openshift.com/container-platform/3.10/admin_guide/image_signatures.html#writing-image-signatures-using-registry-api 

 **Note** skopeo will upload signature given that regitry has present `X-Registry-Supports-Signatures ` header    https://github.com/mtrmac/image/commit/6c17ca34793b19accc3d278fc93ce68e9943fcb4

Back