feat: support notation rc.1

Signed-off-by: Binbin Li <libinbin@microsoft.com>

charts/ratify/templates/configmap.yaml

@@ -59,8 +59,9 @@ data:
                 "name":"notaryv2",
                 "artifactTypes" : "application/vnd.cncf.notary.v2.signature",
                 "verificationCerts": [
-                    "/usr/local/ratify-certs/notary"
-                  ]
+                  "/usr/local/ratify-certs/notary/truststore"
+                  ],
+                "trustPolicy": "/usr/local/ratify-certs/notary/trustpolicy.json"
             {{- if .Values.cosign.enabled }}
             },
             {
@@ -71,4 +72,26 @@ data:
             }
           ]
       }
+    }
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "ratify.fullname" . }}-notation-policy
+data:
+  trustpolicy.json: |
+    {
+      "version": "1.0",
+      "trustPolicies": [
+        {
+          "name": "default",
+          "registryScopes": [ "*" ],
+          "signatureVerification": {
+            "level" : "strict" 
+          },
+          "trustStores": ["ca:certs"],
+          "trustedIdentities": ["*"]
+        }
+      ]
     }

charts/ratify/templates/deployment.yaml

@@ -52,7 +52,7 @@ spec:
           ports:
             - containerPort: 6001
           volumeMounts:
-            - mountPath: "/usr/local/ratify-certs/notary"
+            - mountPath: "/usr/local/ratify-certs/notary/truststore"
             {{- if .Values.akvCertConfig.enabled }}
               name: cert-from-akv
             {{- else }}
@@ -64,6 +64,9 @@ spec:
               name: cosign-certs
               readOnly: true
             {{- end }}
+            - mountPath: "/usr/local/ratify-certs/notary"
+              name: notation-trust-policy
+              readOnly: true
             - mountPath: "/usr/local/ratify"
               name: config
               readOnly: true
@@ -129,6 +132,9 @@ spec:
         - name: config
           configMap:
             name: {{ include "ratify.fullname" . }}-configuration
+        - name: notation-trust-policy
+          configMap:
+            name: {{ include "ratify.fullname" . }}-notation-policy
         {{- if and (.Values.provider.tls.cabundle) (or (eq .Values.provider.auth "tls") (eq .Values.provider.auth "mtls")) }}
         - name: tls
           secret:

charts/ratify/templates/verifier.yaml

@@ -6,8 +6,9 @@ spec:
   name: notaryv2
   artifactTypes: application/vnd.cncf.notary.v2.signature
   parameters:
-    verificationCerts: 
-    - /usr/local/ratify-certs/notary
+    verificationCerts:
+    - /usr/local/ratify-certs/notary/truststore
+    trustPolicy: /usr/local/ratify-certs/notary/trustpolicy.json
 ---
 {{- if .Values.cosign.enabled }}
 apiVersion: config.ratify.deislabs.io/v1alpha1

charts/ratify/values.yaml

@@ -8,21 +8,24 @@ nameOverride: ""
 fullnameOverride: ""
 ratifyTestCert: |
   -----BEGIN CERTIFICATE-----
-  MIIDNjCCAh6gAwIBAgIQH775NeR9QruFa7zk7yzgWDANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQD
-  ExJ3YWJiaXQtbmV0d29ya3MuaW8wHhcNMjIxMDIwMjEyMzU0WhcNMjMxMDIwMjEzMzU0WjAdMRsw
-  GQYDVQQDExJ3YWJiaXQtbmV0d29ya3MuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-  AQDGLZtDqEJGdou/m2sPOQLMAaPSGTCaJ4uWw3J56GlD/L0ahIvzaj0LnL1ovRYerUvBemAJtUqy
-  FJHobSEUq+eXfpOMs9hbxY8bJ90YYMNh2CZ6vTIDgSKw7JowFJNN6FnjPEPfwV2xAi/CU9r1ijMU
-  5m5MImnzbj4JiikdBjtQRPolQNWLubDqCw5hceC2pgcKlpWM//8SodAqu1lPBtlG5BhzPL8bQMAo
-  hW8Qe+Jo2J/AxO7Zp/mJFP4ipMhfAHDcQ1CWC0PRIO0qk9JhtSD+o0gQyTXQwFcWi5PgSnMe3rSE
-  kmI8WMe+oz7DYDENGz2Pgy7IqtTAphiDycQW6G3ZAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwIFoDAJ
-  BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQYMBaAFGFzdC0AfxDJkxM1ZIVx
-  BxTrEGvKMB0GA1UdDgQWBBRhc3QtAH8QyZMTNWSFcQcU6xBryjANBgkqhkiG9w0BAQsFAAOCAQEA
-  mmXh2QAH03O5+ADia1AXAb97SIAEVSQj6mgYN9E9Os0/3aXDYVLKVShA1OiBidr6Iya9epFBbpzc
-  vJv15bGDg+k5KYAsRYSzfQpILADMYW4T/E3uaFBpbt0GYiwTlpRSKnEvyEwf9cRZOouE9CesIn2L
-  L0j/+zhBb8RpB7UbrcEL0PXnn/UbnQKkkekpwEOV/USrpT2T/AwE2GUiAzaLj8ps2qgm/4fPj/uh
-  w2W7SbZafkVYxirVIdra1Yq2V6BvnnCkbnBLdjAHbQ48+BgiJJTk3QZFofP88tRjGHPYN3TH2Ycv
-  Ibo/J0urezLK/M8/QeMkkhY1WClsAi+xLhVWUw==
+  MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEL
+  MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEb
+  MBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIyMTExODA2MTA0NVoXDTIy
+  MTExOTA2MTA0NVowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH
+  EwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3
+  b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKihKIy7qOp+
+  TZB91f/tOuK3XtPVQcDSZI5s8VRa76pbHp1QboJaL5FypsCFj3aKxo4Y32H1KdBm
+  x5FdXwN49Tr1Au1nfJCFYxANfEHEd1FplwCDz1sIBujH+hhZbqwXHYz1UDhpTDwI
+  WBtX72x7sqefJOdQepKv8YpyAeXtez4/e52AGz+Hhd4R6UmCZiOJzrkowdx4gd7L
+  2j5dIi87gjP4Y6q0G6x9rPfr53nvvZx4bEAQ7w9k574IefA22Ksr7k2/dKzt3f5z
+  hZgYOXlJUwiGew3+KaD6t2uvjWgkWrPoeEZJc9YygP3IMyCdvkThP4nZ01C0+SYF
+  dxK1JIWG1rcCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
+  AQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQBFp62Oja59xsIV/SQKY/tubQYsw2Bc
+  sgkc3DZ69iJCI5lbfKGswLVDR9JIqhINInKD6kSs/ZWU+nCH7R28IllBxKTjA/IV
+  7FUCbx+DfZXjcZhRqdO9fHuRANKZQ2dg2+XOqKMa5Z9uWoRGk2iB9PD1WOh3U5KZ
+  b8F/IWI5tZ0Fj2M54QLWOxwKdnJAnZeZdFvompTWA9JG16dXdk2wYs9cvrK0Vayd
+  AytpVffdkOQkDOufGjPZN7ykYfw7Fhzsh0QJLIDbP16+g+HFqVSn0M5AEEh07Wvj
+  7kv52l3hvXBh06f8x3O//GKrn5IRwE+1RT05gcqIjxDhGTSRVElps2se
   -----END CERTIFICATE-----
 cosign:
   enabled: false

config/samples/config_v1alpha1_verifier_notary.yaml

@@ -6,6 +6,7 @@ spec:
   name: notaryv2
   artifactTypes: application/vnd.cncf.notary.v2.signature
   parameters:
-    verificationCerts: 
-    - /usr/local/ratify-certs/notary
+    verificationCerts:
+    - /usr/local/ratify-certs/notary/truststore
+    trustPolicy: /usr/local/ratify-certs/notary/trustpolicy.json
 

go.mod

@@ -17,8 +17,8 @@ require (
 	github.com/golang/protobuf v1.5.2
 	github.com/google/go-containerregistry v0.12.1
 	github.com/gorilla/mux v1.8.0
-	github.com/notaryproject/notation-core-go v0.1.0-alpha.4
-	github.com/notaryproject/notation-go v0.11.0-alpha.4
+	github.com/notaryproject/notation-core-go v0.2.0-beta.1
+	github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117032523-ed3112236845
 	github.com/open-policy-agent/frameworks/constraint v0.0.0-20220627162905-95c012350402
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.0-rc2
@@ -36,7 +36,13 @@ require (
 	k8s.io/api v0.24.8
 	k8s.io/apimachinery v0.24.8
 	k8s.io/client-go v0.24.8
-	oras.land/oras-go/v2 v2.0.0-rc.3
+	oras.land/oras-go/v2 v2.0.0-rc.4
+)
+
+require (
+	github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
+	github.com/go-ldap/ldap/v3 v3.4.4 // indirect
 )
 
 require (
@@ -147,7 +153,6 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/open-policy-agent/opa v0.44.0 // indirect
-	github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect

go.sum

@@ -95,6 +95,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z
 github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8=
 github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=
 github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
+github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU=
+github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.5.3 h1:TsFCaaF5tR4XN8b4zLVl/J4qMb0nf80Q4CXcpXDNJDY=
 github.com/AzureAD/microsoft-authentication-library-for-go v0.5.3/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
@@ -300,6 +302,8 @@ github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49P
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF0+Y1A=
+github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
 github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -308,6 +312,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0=
+github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs=
+github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
@@ -717,10 +723,10 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nightlyone/lockfile v1.0.0/go.mod h1:rywoIealpdNse2r832aiD9jRk8ErCatROs6LzC841CI=
 github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso=
-github.com/notaryproject/notation-core-go v0.1.0-alpha.4 h1:0OhA2PjwT0TAouHOrU4K+8H9YM6E/e4/ocoq+JiHeOw=
-github.com/notaryproject/notation-core-go v0.1.0-alpha.4/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U=
-github.com/notaryproject/notation-go v0.11.0-alpha.4 h1:PNptLtrhW0jyw10hUWU+KNzvzeuBBZmg+/1IUaGYE10=
-github.com/notaryproject/notation-go v0.11.0-alpha.4/go.mod h1:4xYTcW4wfsXkXw3piUA53uSW82RwdXyipSEtiiRVrCw=
+github.com/notaryproject/notation-core-go v0.2.0-beta.1 h1:8tFxNycWCcPLti9ZYST5kjkX2wMXtX9YPvMjiBAQ1tA=
+github.com/notaryproject/notation-core-go v0.2.0-beta.1/go.mod h1:s8DZptmN1rZS0tBLTPt/w+d4o6eAcGWTYYJlXaJhQ4U=
+github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117032523-ed3112236845 h1:UTN71vcdcPYXXVNUe5ph6XUayWc0WmjFuZK8smbX3gA=
+github.com/notaryproject/notation-go v0.12.0-beta.1.0.20221117032523-ed3112236845/go.mod h1:FSKeaMPAyxt5OpfCX3TK1RC3HHFBwFrNkwcBtyfU8x8=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
@@ -746,8 +752,6 @@ github.com/open-policy-agent/frameworks/constraint v0.0.0-20220627162905-95c0123
 github.com/open-policy-agent/frameworks/constraint v0.0.0-20220627162905-95c012350402/go.mod h1:Ct6YrxaLT9c28X7yv+GtDEKapG/EbI29ZsAO9oWs9Vg=
 github.com/open-policy-agent/opa v0.44.0 h1:sEZthsrWBqIN+ShTMJ0Hcz6a3GkYsY4FaB2S/ou2hZk=
 github.com/open-policy-agent/opa v0.44.0/go.mod h1:YpJaFIk5pq89n/k72c1lVvfvR5uopdJft2tMg1CW/yU=
-github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU=
-github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034=
@@ -1727,8 +1731,8 @@ k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-oras.land/oras-go/v2 v2.0.0-rc.3 h1:O4GeIwJ9Ge7rbCkqa/M7DLrL55ww+ZEc+Rhc63OYitU=
-oras.land/oras-go/v2 v2.0.0-rc.3/go.mod h1:PrY+cCglzK/DrQoJUtxbYVbL94ZHecVS3eJR01RglpE=
+oras.land/oras-go/v2 v2.0.0-rc.4 h1:hg/R2znUQ1+qd43gRmL16VeX1GIZ8hQlLalBjYhhKSk=
+oras.land/oras-go/v2 v2.0.0-rc.4/go.mod h1:YGHvWBGuqRlZgUyXUIoKsR3lcuCOb3DAtG0SEsEw1iY=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

pkg/controllers/verifier_controller.go

@@ -102,7 +102,7 @@ func verifierAddOrReplace(spec configv1alpha1.VerifierSpec, objectName string) e
 	verifierConfigVersion := "1.0.0" // TODO: move default values to defaulting webhook in the future #413
 	if spec.Address == "" {
 		spec.Address = config.GetDefaultPluginPath()
-		verifierLogger.Info(fmt.Sprintf("Address was empty, setting to default path %v", spec.Address))
+		verifierLogger.Info(fmt.Sprintf("Address was empty, setting to default path: %v", spec.Address))
 	}
 	verifierReference, err := vf.CreateVerifierFromConfig(verifierConfig, verifierConfigVersion, []string{spec.Address})
 

pkg/referrerstore/oras/oras.go

@@ -46,7 +46,6 @@ import (
 	_ "github.com/deislabs/ratify/pkg/referrerstore/oras/authprovider/aws"
 	_ "github.com/deislabs/ratify/pkg/referrerstore/oras/authprovider/azure"
 	"github.com/opencontainers/go-digest"
-	artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1"
 	"github.com/sirupsen/logrus"
 )
 
@@ -171,8 +170,8 @@ func (store *orasStore) ListReferrers(ctx context.Context, subjectReference comm
 
 	// find all referrers referencing subject descriptor
 	artifactTypeFilter := ""
-	var referrerDescriptors []artifactspec.Descriptor
-	if err := repository.Referrers(ctx, resolvedSubjectDesc.Descriptor, artifactTypeFilter, func(referrers []artifactspec.Descriptor) error {
+	var referrerDescriptors []oci.Descriptor
+	if err := repository.Referrers(ctx, resolvedSubjectDesc.Descriptor, artifactTypeFilter, func(referrers []oci.Descriptor) error {
 		referrerDescriptors = append(referrerDescriptors, referrers...)
 		return nil
 	}); err != nil && !errors.Is(err, errdef.ErrNotFound) {
@@ -185,7 +184,7 @@ func (store *orasStore) ListReferrers(ctx context.Context, subjectReference comm
 	// convert artifact descriptors to oci descriptor with artifact type
 	var referrers []ocispecs.ReferenceDescriptor
 	for _, referrer := range referrerDescriptors {
-		referrers = append(referrers, ArtifactDescriptorToReferenceDescriptor(referrer))
+		referrers = append(referrers, OciDescriptorToReferenceDescriptor(referrer))
 	}
 
 	if store.config.CosignEnabled {

pkg/referrerstore/oras/utils.go

@@ -16,11 +16,12 @@ limitations under the License.
 package oras
 
 import (
+	"regexp"
+	"strings"
+
 	"github.com/deislabs/ratify/pkg/ocispecs"
 	oci "github.com/opencontainers/image-spec/specs-go/v1"
 	artifactspec "github.com/oras-project/artifacts-spec/specs-go/v1"
-	"regexp"
-	"strings"
 )
 
 // Detect the loopback IP (127.0.0.1)
@@ -47,16 +48,10 @@ func isInsecureRegistry(registry string, config *OrasStoreConf) bool {
 	return false
 }
 
-func ArtifactDescriptorToReferenceDescriptor(artifactDescriptor artifactspec.Descriptor) ocispecs.ReferenceDescriptor {
+func OciDescriptorToReferenceDescriptor(ociDescriptor oci.Descriptor) ocispecs.ReferenceDescriptor {
 	return ocispecs.ReferenceDescriptor{
-		Descriptor: oci.Descriptor{
-			MediaType:   artifactDescriptor.MediaType,
-			Digest:      artifactDescriptor.Digest,
-			Size:        artifactDescriptor.Size,
-			URLs:        artifactDescriptor.URLs,
-			Annotations: artifactDescriptor.Annotations,
-		},
-		ArtifactType: artifactDescriptor.ArtifactType,
+		Descriptor:   ociDescriptor,
+		ArtifactType: ociDescriptor.ArtifactType,
 	}
 }