registries.conf is a system-wide configuration file initially
developed in https://github.com/projectatomic/registries. We
eventually want to ship the configuration file with this project;
hence the addition. However, we also needed a library like
approach that gave this and other projects the ability to
parse the file in the same manner.
Signed-off-by: baude <bbaude@redhat.com>
This is primarily the only documentation of the sigstore layout;
in addition it comments on the OpenShift API master REST API and the
OpenShift docker/distribution API extension.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is the new default: tag references require a signature with a
matching repo:tag, digest references require a signature with a matching
repo (and any tag [or digest]), with the digest itself still being
validated in image.UnparsedImage, independently of signature processing.
Users can still opt into strict checking by specifying matchExact
in signedIdentity.
Also update most tests to use matchExactOrSignedDigest, to match
the default.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This makes it much clearer how that URL is supposed to be used.
(And it could also clear the way to, in the future, have a write server.
Perhaps.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Allows configuring "sigstore" (for RW) and "sigstore-write" (write-only)
for images/repositories/namespaces/registries in
/etc/containers/repositories.d/*.yaml .
If configured, uses them to store signatures in the docker: transport.
Also includes documentation in docs/registries.d.md.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
baude