[v4.4] Add … push --sign-by-sigstore #17240
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a backport of (as yet unmerged) #17088.
podman push
andpodman manifest push sync
now support--sign-by-sigstore=param-file
,using the
containers-sigstore-signing-params.yaml(5)
file format.That notably adds support for Fulcio and Rekor signing.
Depends on
unmergedcontainers/image#1787 ; see that PR for documentation of the YAML file format, as well as example files.See also containers/common#1288 for more discussion about where the interactive prompting pieces should be.
Untested so far.Does this PR introduce a user-facing change?