You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jul 18, 2023. It is now read-only.
In the above example, the signing entity is Docker, which is represented as a notary scoped annotation: `"org.cncf.notary.v2.signature.subject": "docker.io"`
223
+
217
224
#### OCI-Registry CLI
218
225
219
-
To copy the above image and the associated signatures, a new `oci-reg` cli is proposed. The oci-reg cli is an independent tool that demonstrates the value of these collections, providing a unified standard means for working within and across different OCI compliant registry implementations.
226
+
To copy the above image and the associated signatures, a new `oci-reg` cli is proposed for illustrative purposes. The `oci-reg` cli is an independent tool that demonstrates the value of these collections, providing a standard means for working within and across different OCI conformant registry implementations.
220
227
221
-
The following command would copy the `mysql:8` image from docker hub to the acme-rockets registry. The CLI could be run within the source or target cloud.
228
+
The following command would copy the `mysql:8` image from docker hub to the acme-rockets registry. The CLI _could_ be run within the source or target cloud eliminating the download/upload network hops.
- assure the manifest and layer/blob digests remain the same
232
-
- copy any artifacts that are dependent on the source artifact-manifest, persisting them in the target registry.
239
+
- copy any artifacts that are dependent on the source artifact-manifest, persisting them in the target registry. These _could_ include Notary v2 signatures, SBoMs, GPL source or other referenced artifacts.
233
240
234
241
### Reference Artifacts
235
242
@@ -239,7 +246,7 @@ There are a set of artifact types that declare references to other artifacts tha
In the above scenario, a helm chart is copied from a public registry to the ACME Rockets registry. The `wordpress-chart:v5` is represented as an `application/vnd.oci.artifact.manifest.v1+json`. The `wordpress-chart:v5` helm chart references the `wordpress:v5` image and the `mysql:8` image. All three artifacts have signatures attesting to their authenticity.
249
+
In the above scenario, a helm chart is copied from a public registry to the ACME Rockets registry. The `wordpress-chart:v5` is represented as an `application/vnd.oci.artifact.manifest.v1+json`. The `wordpress-chart:v5` helm chart references the `wordpress:v5` image and the `mysql:8` image. All three artifacts have Notary v2 signatures attesting to their authenticity.
243
250
244
251
As the copy is initiated, the `oci.artifact.manifest` of the `wordpress-chart:v5` is evaluated. As the chart references the same version (digest) of the `mysql:8` image already in theACME Rockets registry, the copy skips duplicating the content and moves to copying the `wordpress:v5` image, the `wordpress-chart:v5` and their associated signatures.
245
252
@@ -251,40 +258,45 @@ To support the loose references between artifacts, a `references` collection is
@@ -396,6 +414,9 @@ OCI Artifact Manifests provide the following types of references:
396
414
### Blobs Collection
397
415
398
416
All blobs are considered to be hard dependencies that must be resolvable within a registry. An artifact is considered invalid if the manifest blobs are not resolvable. Registries MAY implement de-duping, using ref-counting to assure at least one copy of the blob is resolvable for any given `oci.artifact.manifest`. OCI Artifact blobs are generalizations of the OCI Image Spec layers definition.
417
+
## Manifests Collection
418
+
419
+
> **NOTE!** Update to consolidate the Dependencies and References collections
0 commit comments