mirror of
https://github.com/project-zot/zot.git
synced 2025-01-27 23:01:43 -05:00
d5065513f5
- Cosign supports 2 types of signature formats:
1. Using tag -> each new signature of the same manifest is
added as a new layer of the signature manifest having that
specific tag("{alghoritm}-{digest_of_signed_manifest}.sig")
2. Using referrers -> each new signature of the same manifest is
added as a new manifest
- For adding these cosign signature to metadb, we reserved index 0 of the
list of cosign signatures for tag-based signatures. When a new tag-based
signature is added for the same manifest, the element on first position
in its list of cosign signatures(in metadb) will be updated/overwritten.
When a new cosign signature(using referrers) will be added for the same
manifest this new signature will be appended to the list of cosign
signatures.
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
|
||
|---|---|---|
| .. | ||
| auth | ||
| common | ||
| deprecated | ||
| image-utils | ||
| inject | ||
| mocks | ||
| oci-utils | ||
| signature | ||
| skip | ||