Registry Support #40
Comments
|
I just tested on DockerHub and things appear to work. |
|
Azure support here: #61 |
|
Would be interested in any support for Harbor |
|
@fubarhouse is there an easy for me to try it out? It probably will "just work", but I'd need to check to be sure. |
|
@dlorenc I might give it a try later - would be great if it would already be supported. I don't really know of any public registries I could test on... |
should you do so, please open a separate issue so we can track, cheers |
|
Any technical reasons why cosign would not work with JFrog's container registry? |
Nope! The only registry we've tried that it hasn't worked on so far is Quay. It works on the newest versions, but not the one running in the hosted service so far. |
|
BTW, if anyone has access to these repos and can provide test credentials I'd love to get some CI setup... Feel free to email me privately and we can figure out a way to handle the credentials. |
|
hey! I just tested JFrog's Artifactory registry with cosign (signing and signature verification) and it works without any issues! Thought you'd like to know :) |
Based on: #40 (comment) Signed-off-by: Luke Hinds <[email protected]>
|
Just tested AWS Elastic Container Registry (ECR) and all seems fine there. |
|
@rosstimson amazing! Do you want to send a PR to add it to the list here: https://github.com/sigstore/cosign#registry-support? I'm happy to take it if you don't have the time :) |
|
@dlorenc could you specify in since which quay version cosign is supported? Tried with a v3.3.0 installation and got this error: |
|
Hm, we've upgraded a test environment to Quay 3.4.3 but still get this error: Could this be related to another issue? Will try to upgrade Quay 3.5.1 later. EDIT: updated to 3.5.1, but we still facing this issue Probably need some adjustments here: https://github.com/quay/quay/tree/master/image/docker/schema2 Or I've missed a feature flag. |
|
@spielkind @dlorenc Apologies for the delay! While Quay 3.4 added support for OCI Artifacts, it's only for pre-defined mime types. Quay will actually not support custom mime types until 3.6. Once 3.6 is available, quay.io support will follow. See https://issues.redhat.com/browse/PROJQUAY-1032 for more details. |
|
Hi, small correction here: Quay will support custom mime types in 3.6, not 4.6. We are also updating our default configurations in the documentation and the config-app to include the required mime type for cosign to work as of the 3.6 release. |
|
@dmesser Thanks for the update! |
This has been shipped as per https://cloud.redhat.com/blog/red-hat-quay-3.6-is-generally-available |
|
Though, updates to quay.io would be pending for a while I guess. |
|
I think GitHub Package registry should be included as well. Given that the doc says it supports Docker Manifest V2 and OCI specs I would expect it to work. |
That's already listed as "GitHub Container Registry" |
|
I think that confusingly, GitHub Packages Container Registry might not be the same as GitHub Container Registry. We could list both. The docs seem to indicate there are two systems:
|
@sabre1041 - you know the roadmap here? Is there any way to introspect what version quay.io is? |
|
I'm going to close this one - we have pretty good support now :) |
Our primary goal is broad registry support. Right now we're unsure of where we are:
We have some options we can try to increase support, but they're kind of ugly. I'd first like to understand how much support we have vs. how much we would gain by doing terrible things with media types.
cc @jonjohnsonjr @font
(slack here: https://github.com/google/go-containerregistry/blob/93228a70849651ba98cdee6f0654f623d7cdcbdb/pkg/v1/manifest.go#L27)
The text was updated successfully, but these errors were encountered: