Story #9510
Updated by ipanova@redhat.com over 2 years ago
Signatures that were: * mirrored from remote source * produced by Pulp Container Registry * pushed into Pulp Container Registry by clients will be available stored and hosted at the signature extensions API. `https://pulp.registry.hostname.com/sigstore/ubi8/ubi-micro@sha256=43520d9634eaaa007a697be79eb604fcbfd348afe5e620c1407629bf20ced542/signature-1` Add new Signature model which will have many to one relationship to the Manifest. On manifest deletion, it's signatures will be also removed. **Q:** store the signature in the DB ( it is a json file) or as an artifact? ~~**Q:** **Q:** store the signature as manifests part of docker v2 api ( make it cosign like, but skopeo/podman do not support that yet)~~ **we will not support this for now** yet)
.