Story #9511
Updated by ipanova@redhat.com about 3 years ago
To add a single signature, PUT a new json object with `version` set to 2( manifest schema version) , `type` set to atomic, atomic (?TBD), and `content` set to the base64 encoded signature data (usually a GPG signed data). Name should be set to an unique name with the form digest@per-image-name, where digest is an image manifest digest (also used in the URL), and per-image-name is any unique identifier. ``` $ curl -X PUT --data @signature.json http://<registry_endpoint>:24817/extensions/v2/<namespace>/<name>/signatures/<imagesha256digest> cat signature.json { "version": 2, "type": "docker", "name": "sha256:4028782c08eae4a8c9a28bf661c0a8d1c2fc8e19dbaae2b018b21011197e1484@cddeb7006d914716e2728000746a0b23", "content": "<base64 encoded signature>", } ``` See https://github.com/openshift/openshift-docs/pull/3556/files and https://docs.openshift.com/container-platform/3.10/admin_guide/image_signatures.html#writing-image-signatures-using-registry-api **Note** skopeo will upload signature given that regitry has present `X-Registry-Supports-Signatures ` header https://github.com/mtrmac/image/commit/6c17ca34793b19accc3d278fc93ce68e9943fcb4