feat: add support for oci1.1 cosign signatures #1963
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Andreea-Lupu
force-pushed
the
add_support_cosign_oci1.1
branch
from
7e75c5a to
bd8221d
Compare
Codecov Report
@@ Coverage Diff @@
## main #1963 +/- ##
==========================================
+ Coverage 90.07% 90.14% +0.07%
==========================================
Files 164 164
Lines 27563 27642 +79
==========================================
+ Hits 24826 24919 +93
+ Misses 2020 2008 -12
+ Partials 717 715 -2
📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today! |
Andreea-Lupu
force-pushed
the
add_support_cosign_oci1.1
branch
6 times, most recently
from
8f3596e to
704ac00
Compare
Andreea-Lupu
requested review from
eusebiu-constantin-petu-dbk,
shimish2,
rchincha and
andaaron
as code owners
adodon2go
reviewed
Oct 30, 2023
adodon2go
reviewed
Oct 30, 2023
Andreea-Lupu
force-pushed
the
add_support_cosign_oci1.1
branch
2 times, most recently
from
af8a1ab to
5884764
Compare
adodon2go
reviewed
Nov 1, 2023
adodon2go
reviewed
Nov 1, 2023
adodon2go
reviewed
Nov 1, 2023
Andreea-Lupu
force-pushed
the
add_support_cosign_oci1.1
branch
from
5884764 to
f8eb8c4
Compare
adodon2go
force-pushed
the
add_support_cosign_oci1.1
branch
from
f8eb8c4 to
738ba1d
Compare
eusebiu-constantin-petu-dbk
approved these changes
Nov 6, 2023
- Cosign supports 2 types of signature formats:
1. Using tag -> each new signature of the same manifest is
added as a new layer of the signature manifest having that
specific tag("{alghoritm}-{digest_of_signed_manifest}.sig")
2. Using referrers -> each new signature of the same manifest is
added as a new manifest
- For adding these cosign signature to metadb, we reserved index 0 of the
list of cosign signatures for tag-based signatures. When a new tag-based
signature is added for the same manifest, the element on first position
in its list of cosign signatures(in metadb) will be updated/overwritten.
When a new cosign signature(using referrers) will be added for the same
manifest this new signature will be appended to the list of cosign
signatures.
Signed-off-by: Andreea-Lupu <[email protected]>
adodon2go
force-pushed
the
add_support_cosign_oci1.1
branch
from
738ba1d to
485c41e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
Which issue does this PR fix:
What does this PR do / Why do we need it:
If an issue # is not available please add repro steps and logs showing the issue:
Testing done on this change:
Automation added to e2e:
Will this break upgrades or downgrades?
Does this PR introduce any user-facing change?:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.