Story #9512
Updated by ipanova@redhat.com about 3 years ago
~~Container Container signature has a specific path structure `base/namespaces/name@digest-algo=digest-value/signature-index`~~ `base/namespaces/name@digest-algo=digest-value/signature-index` ~~**Example **Example of the URL the client calls during signature verification process** GET https://registry.redhat.io/containers/sigstore/ubi8/ubi-micro@sha256=43520d9634eaaa007a697be79eb604fcbfd348afe5e620c1407629bf20ced542/signature-1~~ https://registry.redhat.io/containers/sigstore/ubi8/ubi-micro@sha256=43520d9634eaaa007a697be79eb604fcbfd348afe5e620c1407629bf20ced542/signature-1 ~~Within Within the URL, `index` is a decimal integer (in the canonical form), starting with 1. Signatures are stored at URLs with successive index values; to read all of them, clients start with index=1, and continue reading signatures and increasing index as long as signatures with these index values exist.~~ ~~Similarly, exist. Similarly, to add one more signatures to an image, one would need find the first index which does not exist, and then store the new signature using that index value.~~ value. ~~For For these reasons, it is not advised to provide a DELETE API, and the only way a signature would be removed from the sigstore would be with the image removal itself.~~ This is no longer true since we're adding signature api extentions. We'd still not allow signature removal api. The only way a signature would be removed from the registry would be with the image removal itself. **More info on the signature protocols** https://github.com/containers/image/blob/main/docs/signature-protocols.md
.