InTheForest/moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2026-01-11 18:51:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

image: pull/load/save attestation manifest and signatures with image

Browse Source 
Updates docker pull to pull related attestation manifest and
any signatures for that manifest in cosign referrer objects.

These objects are transferred with the image when running
docker save and docker load and can be used to identify
the image in future updates.

Push is not updated atm as the currect push semantics
in containerd mode do not have correct immutability
guaranteed and don't work with image indexes.

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
Tonis Tiigi
2025-09-16 12:53:40 -07:00
parent fb2ca99227
commit 47e852f061
6 changed files with 291 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
daemon/pkg/plugin/registry.go
View File

@@ -73,7 +73,7 @@ func (pm *Manager) registryHostsFn(auth *registry.AuthConfig, httpFallback bool)
continue
}
caps := docker.HostCapabilityPull | docker.HostCapabilityResolve
caps := docker.HostCapabilityPull | docker.HostCapabilityResolve | docker.HostCapabilityReferrers
if !ep.Mirror {
caps = caps | docker.HostCapabilityPush
}