Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-10-22 12:20:17 +02:00
Code Issues Projects Releases Wiki Activity

Updated Harbor FAQs (markdown)

MinerYang 2024-06-20 15:26:15 +08:00
parent 8576067c9d
commit f8512ba798
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Harbor-FAQs.md

@ -589,15 +589,18 @@ registry=# select artifact_id, subject_artifact_id, digest, subject_artifact_dig
```
## Notation Signature Accessory
Here's some tips you for your awareness,as of [Harbor v2.11.0](https://github.com/goharbor/harbor/releases/tag/v2.11.0) and [Notation v1.2.0](https://github.com/notaryproject/notation/releases/tag/v1.2.0-alpha.1) released and both fully support [distribution-spec v1.1](https://github.com/opencontainers/distribution-spec/tree/v1.1.0).
- Harbor recommend to explicitly set flag`--force-referrers-tag=false` while singing since Harbor supports [distribution-spec referrers-api](https://github.com/opencontainers/distribution-spec/blob/main/spec.md#enabling-the-referrers-api), this would avoid to generate unnecessary signature index for Harbor, hence, more smoothy experiences on signature verification, image copy and replications.
Here's some tips you for your awareness, as of [Harbor v2.11.0](https://github.com/goharbor/harbor/releases/tag/v2.11.0) and [Notation v1.2.0](https://github.com/notaryproject/notation/releases/tag/v1.2.0-alpha.1) released and both fully support [distribution-spec v1.1](https://github.com/opencontainers/distribution-spec/tree/v1.1.0).
- **Harbor recommend to explicitly set flag** `--force-referrers-tag=false` while singing since Harbor supports [distribution-spec referrers-api](https://github.com/opencontainers/distribution-spec/blob/main/spec.md#enabling-the-referrers-api). This could avoid generating unnecessary signature index for Harbor, hence, more smoothy experiences on signature singing/verification, image copy and replications.
```
$ notation-v1.2 --force-referrers-tag=false sign xx.xx.xx.xxx/library/hello-world:latest
```
<img width="829" alt="Screenshot 2024-06-20 at 15 01 47" src="https://github.com/goharbor/harbor/assets/44956229/ef65a906-abfd-4a47-b7f6-cd1603846b34">
- If you forgot to disable the `force-referrers-tag` or choose to use the notation v1.2 default behavior, please be aware of this would pushing extra signature index while signing. Miss-behaving like delete the index solely, unselected copy or replication the index along with images would cause trouble for the next signing operations.
- If you choose to use the notation v1.2 default behavior or forgot to disable the `force-referrers-tag`, please be aware of this would pushing extra signature index while signing. Miss-behaving like delete the index solely, unselected copy or replication the index along with images would cause trouble for the next signing operations.
```
~$ notation-v1.2 sign xx.xx.xx.xxx/library/hello-world:latest
```