Infrastructure/zot
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-27 23:01:43 -05:00
Code Issues Activity
zot/pkg/meta
History
Andreea Lupu 41b05c60dd
feat: upload certificates and public keys for verifying signatures (#1485) 
In order to verify signatures, users could upload their certificates and public keys using these routes:
	-> for public keys:
		/v2/_zot/ext/mgmt?resource=signatures&tool=cosign
	-> for certificates:
		/v2/_zot/ext/mgmt?resource=signatures&tool=notation&truststoreType=ca&truststoreName=name
Then the public keys will be stored under $rootdir/_cosign and the certificates will be stored under
$rootdir/_notation/truststore/x509/$truststoreType/$truststoreName.
Also, for notation case, the "truststores" field of $rootir/_notation/trustpolicy.json file will be
updated with a new entry "$truststoreType:$truststoreName".
Also based on the uploaded files, the information about the signatures validity will be updated
periodically.

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2023-07-06 14:57:59 +03:00
..
bolt refactor(artifact): remove oci artifact support (#1359) 2023-05-10 10:15:33 -07:00
common feat(cve): implemented trivy image scan for multiarch images (#1510) 2023-07-06 11:36:26 +03:00
dynamo refactor(artifact): remove oci artifact support (#1359) 2023-05-10 10:15:33 -07:00
repodb feat: upload certificates and public keys for verifying signatures (#1485) 2023-07-06 14:57:59 +03:00
signatures feat: upload certificates and public keys for verifying signatures (#1485) 2023-07-06 14:57:59 +03:00
version refactor(artifact): remove oci artifact support (#1359) 2023-05-10 10:15:33 -07:00
update.go feat(graphql & repodb): add info about signature validity (#1344) 2023-05-24 09:46:16 -07:00
update_test.go feat(graphql & repodb): add info about signature validity (#1344) 2023-05-24 09:46:16 -07:00