Comments (4)
In fact given to the above info indicates that this signature is signer by legacy cosign version that haven't support oci-spec 1.1 yet, means can not simply collecting either media_type
or manifest_media_type
to do differentiation. It actual type is concealed in layers for legacy cosign behavior. It needs query two tables rather than just artifact.
However, In next harbor release it can be easily achieved by using cosign --registry-referrers-mode oci-1-1
signing image
from harbor.
Which harbor and cosign version/build you are using?
Current behavior is collecting artifact.type AS artifact_type
from db, we do add artifact.artifact_type
column in the next release(v2.11) to collect image.Manifest.ArtifactType. So if cosign is using ArtifactType
for their signature manifest (adopt oci-spec 1.1), we possibly could do so to differenciate as you expected.
from harbor.
My Harbor version is 2.10.0.
I don't know about the cosign version because my only exemple comes from a replication rule importing image and signature from a remote Harbor registry (I don't have any information about it).
Currently, in database, I have those rows :
type | media_type | manifest_media_type
-------+------------------------------------------------+------------------------------------------------------
IMAGE | application/vnd.docker.container.image.v1+json | application/vnd.docker.distribution.manifest.v2+json
IMAGE | application/vnd.oci.image.config.v1+json | application/vnd.oci.image.manifest.v1+json
The first rows is about image artifact, the second is about the signature artifact. So if you implement a type based either on media_type or manifest_media_type, it will work indeed.
from harbor.
Ok thanks.
When Harbor 2.11 will be released, I will tell the editor to sign image with the oci-spec 1.1.
I will close the issue after the release if that's ok for you.
from harbor.
Related Issues (20)
- Inaccurate descriptors returned when discovering referrers HOT 3
- Harbor Can not connect to external sentinel redis HOT 2
- Adding custom CA gets skipped for non-Photon images HOT 1
- Trivy scanner in air-gapped environment HOT 2
- Way to get Trivy Statistics to Prometheus?
- Harbor replication : image deletion is not replicated HOT 2
- New test cases/Refactor & Enhancement & Remove test cases/Bump up version Harbor 2.12
- Customize logo/title
- API created Robot accounts not appearing in UI HOT 2
- Project admins from group unable to create robot accounts HOT 2
- expose SCANNER_TRIVY_TIMEOUT in harbor.yml
- `cannot redirect to other site` with OIDC login and empty `redirect_url` parameter HOT 3
- invalid image reference format in Logs Portal HOT 3
- Token generated with higher access rights than requested HOT 4
- Add search in the tags for docker image HOT 2
- Tag RC-versions with pre-release HOT 1
- The latest installation script (v2.10.2-rc1) cannot be run.
- Harbor UI does not show helm value file and throws error "unknown: gzip: invalid header" HOT 9
- Replication filter - exclude by name HOT 2
- ERROR: column t0.subject_artifact_repo does not exist at character 61 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from harbor.