Overview

• Discover and mirror Rekor's public key required for verifying signature transaction records associated with mirrored content. 

Goals

• oc-mirror v2 can discover and mirror Rekor's public key required for verifying signature transaction records associated with mirrored content.
• When mirroring toDisk, oc-mirror v2 makes the mirrored public keys available locally within the mirror output directory structure.
• oc-mirror provides the mirrored public keys in a standard location within the output, enabling users with appropriate system permissions (e.g., root) to copy/move them to system trust stores under “/etc“ for offline verification if desired.
• Public key mirroring is an optional configuration to prevent potential failures related to key discovery or mirroring from blocking the overall image mirroring process.