Why calling v2 referrers api and including all signature layer in new signature manifest

[MinerYang]

Question step 1 sign image with regular cosign step2 sign image with COSIGN_EXPERIMENTAL=1 and --registry-referrers-mode oci-1-1 step3 get new signature manifest, will including all preceding signatures layers

/data/registry/docker/registry/v2/blobs/sha256$ cat eb/ebc4372c9fe2bff1a0ba3c15857cab9ba97174c8ca64a8168a4b2f85cbc6700d/data  | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.oci.image.manifest.v1+json",
  "config": {
    "mediaType": "application/vnd.dev.cosign.artifact.sig.v1+json",
    "size": 451,
    "digest": "sha256:24e41e6b63095501c8c9d0b7021b79fcf23ffdb295fba17af443f95205448939"
  },
  "layers": [
    {
      "mediaType": "application/vnd.dev.cosign.simplesigning.v1+json",
      "size": 250,
      "digest": "sha256:53627750525c032c04693ffac1c2a910350d0f6ac36402f0b3a4d1e4f3876819",
      "annotations": {
        "dev.cosignproject.cosign/signature": "MEQCIHqac+pViFr85AikUF78koAK5ELvZ9zpSYie+i8XiRD/AiAdOXycSHfAujPel3QH9GnnNfLSyygglSzpyUJwMuuTaw==",
        "dev.sigstore.cosign/bundle": "{\"SignedEntryTimestamp\":\"MEUCIQDf4eY/DVX21rZIZJUWrpk7MQAcNNwRZuMlnWFdd/pfegIgLR3Z3EF2ohSCC0lIFINcdiyLO1AJJGeCr33qYt+73A8=\",\"Payload\":{\"body\":\"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1MzYyNzc1MDUyNWMwMzJjMDQ2OTNmZmFjMWMyYTkxMDM1MGQwZjZhYzM2NDAyZjBiM2E0ZDFlNGYzODc2ODE5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJSHFhYytwVmlGcjg1QWlrVUY3OGtvQUs1RUx2Wjl6cFNZaWUraThYaVJEL0FpQWRPWHljU0hmQXVqUGVsM1FIOUdubk5mTFN5eWdnbFN6cHlVSndNdXVUYXc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGWVVoSk1DOTZiWEpIYW1VNE9FeFVTM0ZDU2tvNWJXZDNhWEprWkFwaVJrZGpNQzlRYWtWUUwxbFJNelJwZFZweWJGVnRhMGx3ZDBocFdVTmxSV3M0YWpoWE5rSnBaV3BxTHk5WmVVRnZZaXN5VTFCTGRqUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=\",\"integratedTime\":1712641884,\"logIndex\":84292486,\"logID\":\"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d\"}}"
      }
    },
    {
      "mediaType": "application/vnd.dev.cosign.simplesigning.v1+json",
      "size": 250,
      "digest": "sha256:53627750525c032c04693ffac1c2a910350d0f6ac36402f0b3a4d1e4f3876819",
      "annotations": {
        "dev.cosignproject.cosign/signature": "MEQCIF9XqjuO8dMIqQTg6gomrYoGp5ukVN1T9UC8sc4noOfgAiADfrki8OBV36KjckR2X75LWCDrCRLH4NIXy1aWI4+kXg==",
        "dev.sigstore.cosign/bundle": "{\"SignedEntryTimestamp\":\"MEYCIQD9FvimCVi5KMkjYkkLIFC7ISTr86rxqcxSJYUN2ix4RAIhAL4s62geCxqHF0NOmE30J3UsfCtNDzzd+/fTVSfwtusQ\",\"Payload\":{\"body\":\"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1MzYyNzc1MDUyNWMwMzJjMDQ2OTNmZmFjMWMyYTkxMDM1MGQwZjZhYzM2NDAyZjBiM2E0ZDFlNGYzODc2ODE5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FUUNJRjlYcWp1TzhkTUlxUVRnNmdvbXJZb0dwNXVrVk4xVDlVQzhzYzRub09mZ0FpQURmcmtpOE9CVjM2S2pja1IyWDc1TFdDRHJDUkxINE5JWHkxYVdJNCtrWGc9PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGWVVoSk1DOTZiWEpIYW1VNE9FeFVTM0ZDU2tvNWJXZDNhWEprWkFwaVJrZGpNQzlRYWtWUUwxbFJNelJwZFZweWJGVnRhMGx3ZDBocFdVTmxSV3M0YWpoWE5rSnBaV3BxTHk5WmVVRnZZaXN5VTFCTGRqUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=\",\"integratedTime\":1712649737,\"logIndex\":84307241,\"logID\":\"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d\"}}"
      }
    },
    {
      "mediaType": "application/vnd.dev.cosign.simplesigning.v1+json",
      "size": 250,
      "digest": "sha256:53627750525c032c04693ffac1c2a910350d0f6ac36402f0b3a4d1e4f3876819",
      "annotations": {
        "dev.cosignproject.cosign/signature": "MEUCIC4OJ4fcPET7AxS3ZMNeYtxDdSXY1jqVY30KQcqS73sCAiEAkK+R2/cQlYexmq7/avRXLTZ1/SRlaAomfVGwuG+fat0=",
        "dev.sigstore.cosign/bundle": "{\"SignedEntryTimestamp\":\"MEYCIQD9ImUx+SrChaql3SKKJeWOeDYEUetHfIwUcECUc94ZmgIhAMEA2ZCbqT1MT5MO9K40LlZKmrhSXYutnpw+wxJwXxgT\",\"Payload\":{\"body\":\"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1MzYyNzc1MDUyNWMwMzJjMDQ2OTNmZmFjMWMyYTkxMDM1MGQwZjZhYzM2NDAyZjBiM2E0ZDFlNGYzODc2ODE5In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJQzRPSjRmY1BFVDdBeFMzWk1OZVl0eERkU1hZMWpxVlkzMEtRY3FTNzNzQ0FpRUFrSytSMi9jUWxZZXhtcTcvYXZSWExUWjEvU1JsYUFvbWZWR3d1RytmYXQwPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlkwUlJaMEZGWVVoSk1DOTZiWEpIYW1VNE9FeFVTM0ZDU2tvNWJXZDNhWEprWkFwaVJrZGpNQzlRYWtWUUwxbFJNelJwZFZweWJGVnRhMGx3ZDBocFdVTmxSV3M0YWpoWE5rSnBaV3BxTHk5WmVVRnZZaXN5VTFCTGRqUkJQVDBLTFMwdExTMUZUa1FnVUZWQ1RFbERJRXRGV1MwdExTMHRDZz09In19fX0=\",\"integratedTime\":1712649852,\"logIndex\":84307411,\"logID\":\"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d\"}}"
      }
    }
  ],
  "subject": {
    "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
    "size": 524,
    "digest": "sha256:d37ada95d47ad12224c205a938129df7a3e52345828b4fa27b03a98825d1e2e7"
  }
}

[bobcallaway]

I'm not following your question, can you please clarify?

[MinerYang]

Hi @bobcallaway , What I wondering is including all the signature layers in the new signature manifest when I sign a image using --registry-referrers-mode oci-1-1 If I sign a image, what we expected for the layer of signature manifest is this signature itself. However, signing by this experimental mode would including all the old signatures that referenced to this image. e.g. there are 3 descriptors in the above manifest layers.

[MinerYang]

Hi @bobcallaway ,

Any updated here?

[Silvanoc]

I cannot reproduce it. I have created an image with two layers and the manifest of the referrer providing the signature does not list them.

[bobcallaway]

@jonjohnsonjr @hectorj2f any thoughts here?