What is the areas you would like to add the new feature to?
Notation CLI
Is your feature request related to a problem?
Suppose I have an external/thirdparty signing service that allows me to produce a signature compatible with the Notary spec. Currently, If I want to then "publish" or "attach" that to the container/artifact I am signing, I need to do a few things that currently are handled by the notation client:
- I need to produce the proper manifest including: artifacts type, referrers/subject, and io.cncf.notary.x509chain.thumbprint#S256 annotation.
- I then need to use something like
oras to attach that to the image and ensure that I am using a proper version (i.e. 0.16.0 or later) and keep the tools in sync
What solution do you propose?
I propose either a plugin or an "attach" command that would allow an externally generated notary compliant signature to be attached to an image.
What alternatives have you considered?
I have built a proof of concept stand alone tool but would like to make something more generally available for anyone that might need to generate notary v2 compliant signuares using some other third-party service.
Any additional context?
No response
What is the areas you would like to add the new feature to?
Notation CLI
Is your feature request related to a problem?
Suppose I have an external/thirdparty signing service that allows me to produce a signature compatible with the Notary spec. Currently, If I want to then "publish" or "attach" that to the container/artifact I am signing, I need to do a few things that currently are handled by the
notationclient:orasto attach that to the image and ensure that I am using a proper version (i.e. 0.16.0 or later) and keep the tools in syncWhat solution do you propose?
I propose either a plugin or an "attach" command that would allow an externally generated notary compliant signature to be attached to an image.
What alternatives have you considered?
I have built a proof of concept stand alone tool but would like to make something more generally available for anyone that might need to generate notary v2 compliant signuares using some other third-party service.
Any additional context?
No response