You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-registry/container-registry-tutorial-sign-build-push.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,7 +24,7 @@ In this tutorial:
24
24
25
25
## Prerequisites
26
26
27
-
> *Install, create and sign in to OCI artifact enabled registry ACR
27
+
> *Create and sign in ACR with OCI artifact enabled
28
28
> * Create or use an [Azure Key Vault](../key-vault/general/quick-create-cli.md)
29
29
>* This tutorial can be run in the [Azure Cloud Shell](https://portal.azure.com/#cloudshell/)
30
30
@@ -201,7 +201,7 @@ Otherwise create an x509 self-signed certificate storing it in AKV for remote si
201
201
notation ls $IMAGE
202
202
```
203
203
204
-
## [Option] View the graph of artifacts with the ORAS CLI
204
+
## View the graph of artifacts with the ORAS CLI (optional)
205
205
206
206
ACR support for OCI artifacts enables a linked graph of supply chain artifacts that can be viewed through the ORAS CLI or the Azure CLI.
207
207
@@ -212,7 +212,7 @@ ACR support for OCI artifacts enables a linked graph of supply chain artifacts t
212
212
oras discover -o tree $IMAGE
213
213
```
214
214
215
-
## [Option] View the graph of artifacts with the Azure CLI
215
+
## View the graph of artifacts with the Azure CLI (optional)
216
216
217
217
1. List the manifest details for the container image.
218
218
@@ -243,9 +243,9 @@ ACR support for OCI artifacts enables a linked graph of supply chain artifacts t
243
243
244
244
1. Configure trust policy before verification.
245
245
246
-
The trust policy is a JSON document named `trustpolicy.jsoin`, which is stored under notation configuration directory. Users who verify signed artifact from a registry use the trust policy to specify trusted identities which sign the artifacts, and level of signature verification to use.
247
-
248
-
Use the following command to configure trust policy for this tutorial. Upon successful execution of the command, one trust policy named `wabbit-networks-images` is created. This trust policy applies to all the artifacts stored under repository `$REGISTRY/$REPO`. The trust identity that user trusts has the x509 subject `$CERT_SUBJECT` from previous step, and stored under trust store named `$STORE_NAME` of type `$STORE_TYPE`.
246
+
The trust policy is a JSON document named `trustpolicy.json`, which is stored under the notation configuration directory. Users who verify signed artifacts from a registry use the trust policy to specify trusted identities that sign the artifacts, and the level of signature verification to use.
247
+
248
+
Use the following command to configure trust policy for this tutorial. Upon successful execution of the command, one trust policy named `wabbit-networks-images` is created. This trust policy applies to all the artifacts stored in repositories defined in `$REGISTRY/$REPO`. The trust identity that user trusts has the x509 subject `$CERT_SUBJECT` from previous step, and stored under trust store named `$STORE_NAME` of type `$STORE_TYPE`. See [Trust store and trust policy specification](https://notaryproject.dev/docs/concepts/trust-store-trust-policy-specification/) for details.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments