-
Story
-
Resolution: Done
-
Normal
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
None
-
None
-
CLID Sprint 268, CLID Sprint 269
In operating systems (OS) where the registries.d and policy.json does not include our internal registries and the field use-sigstore-attachment: true, it is necessary to have a default embedded in oc-mirror.
For oc-mirror cache:
docker:
localhost:55000:
use-sigstore-attachments: true
For customer regitry (only an example of a registry running on localhost:6000 below)
docker:
localhost:6000:
use-sigstore-attachments: true
For the release images:
docker:
quay.io:
use-sigstore-attachments: true
For operator catalog and bundles:
docker: registry.access.redhat.com: use-sigstore-attachments: true lookaside: https://access.redhat.com/webassets/docker/content/sigstore
docker: registry.redhat.io: use-sigstore-attachments: true lookaside: https://registry.redhat.io/containers/sigstore
Reference about containers/image policy.json/registries.d:
https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
https://github.com/containers/image/blob/main/docs/containers-registries.conf.d.5.md
- is related to
-
OCPBUGS-55100 Currently it is not possible to disable signature mirroring by registry / namespace / image
-
- Verified
-
- links to
There are no Sub-Tasks for this issue.