k8s-image-swapper icon indicating copy to clipboard operation
k8s-image-swapper copied to clipboard

Published 20 hours ago verified publisher icon estahn

Sigstore signature validation and copying

Open reegnz opened this issue 1 year ago • 1 comments

I've noticed that this project is using skopeo to copy images, that's very cool! Would be great if this project supported validating and copying sigstore signatures as well.

Skopeo utilizes this config format to validate images: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md It can be instructed to look at signatures using this config format: https://github.com/containers/image/blob/main/docs/containers-registries.d.5.md#individual-configuration-sections

Ideally one should be able to pass the necessary configuration files to skopeo by allowing for custom skopeo args to be configured.

reegnz avatar Dec 14 '23 14:12 reegnz

@reegnz Thanks. FYI There is currently a PR (#497) to remove the skopeo dependency and handle image pulling natively. This will use the same libraries as skopeo, so it should still be possible to use above.

estahn avatar Jan 30 '24 13:01 estahn