From 9989b6a6ff286e5b62abfb19ac516c5ad6045572 Mon Sep 17 00:00:00 2001 From: Sajay Antony Date: Thu, 21 Dec 2023 21:39:14 +0000 Subject: [PATCH] spec: clarify referrers response for index Signed-off-by: Sajay Antony --- spec.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/spec.md b/spec.md index 5f6f1cfa..93064902 100644 --- a/spec.md +++ b/spec.md @@ -556,10 +556,11 @@ If the request is invalid, such as a `` with an invalid syntax, a `400 B Upon success, the response MUST be a JSON body with an image index containing a list of descriptors. The `Content-Type` header MUST be set to `application/vnd.oci.image.index.v1+json`. -Each descriptor is of an image manifest in the same `` namespace with a `subject` field that specifies the value of ``. -The descriptors MUST include an `artifactType` field that is set to the value of the `artifactType` in the image manifest, if present. +Each descriptor is of an image manifest or index in the same `` namespace with a `subject` field that specifies the value of ``. +The descriptors MUST include an `artifactType` field that is set to the value of the `artifactType` in the image manifest or index, if present. If the `artifactType` is empty or missing in the image manifest, the value of `artifactType` MUST be set to the config descriptor `mediaType` value. -The descriptors MUST include annotations from the image manifest. +If the `artifactType` is empty or missing in an index, the `artifactType` MUST be omitted. +The descriptors MUST include annotations from the image manifest or index. If a query results in no matching referrers, an empty manifest list MUST be returned. If a manifest with the digest `` does not exist, a registry MAY return an empty manifest list. After a manifest with the digest `` is pushed, the registry MUST include previously pushed entries in the referrers list. @@ -575,7 +576,7 @@ After a manifest with the digest `` is pushed, the registry MUST include "digest": "sha256:a1a1a1...", "artifactType": "application/vnd.example.sbom.v1", "annotations": { - "org.opencontainers.artifact.created": "2022-01-01T14:42:55Z", + "org.opencontainers.image.created": "2022-01-01T14:42:55Z", "org.example.sbom.format": "json" } }, @@ -585,9 +586,17 @@ After a manifest with the digest `` is pushed, the registry MUST include "digest": "sha256:a2a2a2...", "artifactType": "application/vnd.example.signature.v1", "annotations": { - "org.opencontainers.artifact.created": "2022-01-01T07:21:33Z", + "org.opencontainers.image.created": "2022-01-01T07:21:33Z", "org.example.signature.fingerprint": "abcd" } + }, + { + "mediaType": "application/vnd.oci.image.index.v1+json", + "size": 1234, + "digest": "sha256:a3a3a3...", + "annotations": { + "org.opencontainers.image.created": "2023-01-01T07:21:33Z", + } } ] }