Project

Profile

Help

Story #9510

Updated by ipanova@redhat.com about 1 month ago

Signatures that were:
* mirrored from remote source
* produced by Pulp Container Registry
* pushed into Pulp Container Registry by clients


will be available stored and hosted at the signature extensions API.

`https://pulp.registry.hostname.com/sigstore/ubi8/ubi-micro@sha256=43520d9634eaaa007a697be79eb604fcbfd348afe5e620c1407629bf20ced542/signature-1`

Add new Signature model which will have many to one relationship to the Manifest.
On manifest deletion, it's signatures will be also removed.

**Q:** store the signature in the DB ( it is a json file) or as an artifact?

~~**Q:**

**Q:**
store the signature as manifests part of docker v2 api ( make it cosign like, but skopeo/podman do not support that yet)~~ **we will not support this for now** yet)

Back