The new fields `KeyPaths` and `KeyDatas` is taken directly from
`/etc/containers/policy.json` and allows users to provide multiple signature
keys to be used to verify images. Only one of the keys has to verify, thereby
this mechanism allows us to have support seamless key rotation on a registry.
This fixes https://github.com/containers/image/issues/2319
Signed-off-by: Dan Čermák <dcermak@suse.com>
Co-authored-by: Danish Prakash <danish.prakash@suse.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This avoid some unnecessary uses of interface{}, and allows us to
pass existing functions to otherJSONParser without needing an extra
type conversion thunk.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to make policy_config*.go a bit smaller, and to allow sigstore
logic expansion.
Only moves unchanged code, should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Qi Wang