Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(docs): Disambiguate sigstoreSigned documentation #1890

Merged
merged 2 commits into from
Mar 20, 2023
Merged

refactor(docs): Disambiguate sigstoreSigned documentation #1890

merged 2 commits into from
Mar 20, 2023

Conversation

Delet0r
Copy link
Contributor

@Delet0r Delet0r commented Mar 17, 2023

From the current documentation, one could mistakenly assume, that use-sigstore-attachments needs to be enabled by the registry and not in the client. This commit rephrases the part of the documentation to make it more clear, that this needs to be done on the client side.

Signed-off-by: Lucas Humfeldt <[email protected]>

mtrmac
mtrmac reviewed Mar 17, 2023
View reviewed changes
Copy link
Collaborator

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is definitely worth clarifying.

docs/containers-policy.json.5.md Outdated
@@ -282,7 +282,7 @@ signed by the provided public key.
The `signedIdentity` field has the same semantics as in the `signedBy` requirement described above.
Note that `cosign`-created signatures only contain a repository, so only `matchRepository` and `exactRepository` can be used to accept them (and that does not protect against substitution of a signed image with an unexpected tag).

To use this with images hosted on image registries, the relevant registry or repository must have the `use-sigstore-attachments` option enabled in containers-registries.d(5).
To use this with images hosted on image registries, the `use-sigstore-attachments` option needs to be enabled for any registry specifically in the client's containers-registries.d(5).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

“the relevant registry or repository” is right; “any registry” is not saying the same thing, and I don’t understand “any registry specifically” at all.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, you are right. That sounded better when is was writing it. I'll change that back.

@Delet0r
refactor(docs): Disambiguate sigstoreSigned documentation
b3e0ba2 
From the current documentation, one could mistakenly assume, that
`use-sigstore-attachments` needs to be enabled by the registry and not
in the client. This commit rephrases the part of the documentation to
make it more clear, that this needs to be done on the client side.

Signed-off-by: Lucas Humfeldt <[email protected]>
mtrmac
mtrmac approved these changes Mar 20, 2023
View reviewed changes
Copy link
Collaborator

@mtrmac mtrmac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@mtrmac mtrmac merged commit 7000523 into containers:main Mar 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtrmac mtrmac mtrmac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Delet0r @mtrmac