Jason Hall

icon indicating a website link https://imjasonh.com icon indicating an email [email protected]

icon company Chainguard icon location Brooklyn, NY icon location Engineer at @chainguard-dev

Results 521 comments of Jason Hall

Dockerhub token server always issues a token

Still reproducible, I assume this is just expected behavior.

Question: More flexible auth options?

So I finally got some time to play around with this, and thanks to help from @hasheddan even made some progress. It's my first real Rust, so PTAL and laugh/jeer...

Question: More flexible auth options?

Cool, I've opened https://github.com/krustlet/oci-distribution/pull/39 and we can go from there. Full disclosure, most of my use for this existing in Rust has evaporated since March, so I might not have...

WIP: chore: use ko instead of docker to minimize the image size

> This is not the case. The Dockerfile uses a multi-stage build. The final produced image uses `scratch` as the base and copies in the built binary from the "base"...

Add support to provide search capabilities for the stored artifacts

> * Participants agreed to start the new WG under ORAS to collect and document scenarios > * Once the scenarios are considered complete, the WG participants will present the...

Add support to provide search capabilities for the stored artifacts

Also: how does this update square with the @michaelb990 's proposal in https://github.com/oras-project/artifacts-spec/pull/119 ?

Test Caes for Interop Scenarios and Comparison Grid

+1 to a meeting, and possibly even bringing this up in the context of the OCI Reference Types WG. If we do that, I'd love to get alignment between us...

add support for fetchManifest: similar to fetchConfigFile: to enable validating contents of manifest file

[`tonistiigi/buildkit:alpine-multi`](https://explore.ggcr.dev/?image=tonistiigi/buildkit@sha256:067ff0832f1c1b89baed9a6ccd61ba173934f7a4dc57c1f7bed260dc676982ef&mt=application%2Fvnd.docker.distribution.manifest.list.v2%2Bjson&size=1625) seems like a good starting point. Clicking through an `unknown` manifest ([here's the second one](https://explore.ggcr.dev/?image=tonistiigi/buildkit@sha256:4c3d59f115d8c1894c972f35f7f6163e8b88993ad7c1e7b99571174938688970&mt=application%2Fvnd.oci.image.manifest.v1%2Bjson&size=566)) into its only layer blob you get to this in-toto provenance attestation: https://explore.ggcr.dev/?blob=tonistiigi/buildkit@sha256:bd2c04257d7c580981f0864a5603a67a6420efa919f4dad7c41d5f613c4f9ae9&mt=application%2Fvnd.in-toto%2Bjson&size=1040

Clarification on sget functionality

Would it help to have some kind of cross-project e2e test that ensures that keys generated with `cosign` can be used to verify using `sget`, and vice versa? If we...

Rename sget to plz?

It's not bad! Another name I thought of: `yolo`: you only live once, so be careful out there. ``` yolo ``` Edit: the folks behind http://yolo.sh/ would appreciate it! 😄