Support delete signed images with tag retention

goharbor / harbor

An open source trusted cloud native registry project that stores, signs, and scans content.

https://goharbor.io

Apache License 2.0

23.98k stars 4.75k forks source link

Support delete signed images with tag retention #10115

Open DerrickMartinez opened 4 years ago

DerrickMartinez commented 4 years ago

I'd like to file a feature request. Harbor has some really powerful tag retention rules, but they don't work with signed images due to the issues with Notary. Can we work with the Notary team to come up with a way to remove images?

reasonerjt commented 4 years ago

Thanks for raising it.

The issue is that notary does not have a friendly API to sign and remove the signatures.
Notary team is working on a v2 to address a few existing issues and we are closely following up.

But this limitation may have to exist for a while.

youvegotmoxie commented 2 years ago

Is there any update on this?

github-actions[bot] commented 2 years ago

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

DavidRayner commented 1 year ago

Looks like Cosign solved this: https://goharbor.io/blog/cosign-2.5.0/ I'm about to look into the best way to switch from Notary to Cosign and what to do with old tags/images that should have been garbage collected