containers
/
image
mirror of https://github.com/containers/image.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Point out use-sigstore-registries in sigstoreSigned documentation 

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit is contained in:
Miloslav Trmač 2022-07-19 18:21:26 +02:00
parent 55ea76c7db
commit ac5d515f3e
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/containers-policy.json.5.md
View File

@ -255,6 +255,8 @@ Exactly one of `keyPath` and `keyData` must be present, containing a sigstore pu
The `signedIdentity` field has the same semantics as in the `signedBy` requirement described above.
Note that `cosign`-created signatures only contain a repository, so only `matchRepository` and `exactRepository` can be used to accept them (and that does not protect against substitution of a signed image with an unexpected tag).
To use this with images hosted on image registries, the relevant registry or repository must have the `use-sigstore-attachments` option enabled in containers-registries.d(5).
## Examples
It is *strongly* recommended to set the `default` policy to `reject`, and then