fix: add support for uploaded index when signing using notation (#1882)

ci(notation): update to latest notation version
fix(sync): add layers info when syncing signatures

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

pkg/test/oci-utils/oci_layout_test.go

@@ -325,7 +325,7 @@ func TestBaseOciLayoutUtils(t *testing.T) {
 		isSigned := olu.CheckManifestSignature(repo, manifestList[0].Digest)
 		So(isSigned, ShouldBeFalse)
 
-		err = signature.SignImageUsingNotary(fmt.Sprintf("%s:%s", repo, tag), port)
+		err = signature.SignImageUsingNotary(fmt.Sprintf("%s:%s", repo, tag), port, true)
 		So(err, ShouldBeNil)
 
 		isSigned = olu.CheckManifestSignature(repo, manifestList[0].Digest)

pkg/test/signature/notation.go

@@ -139,7 +139,7 @@ func GenerateNotationCerts(tdir string, certName string) error {
 	return nil
 }
 
-func SignWithNotation(keyName string, reference string, tdir string) error {
+func SignWithNotation(keyName, reference, tdir string, referrersCapability bool) error {
 	ctx := context.TODO()
 
 	// getSigner
@@ -193,6 +193,10 @@ func SignWithNotation(keyName string, reference string, tdir string) error {
 		PlainHTTP: plainHTTP,
 	}
 
+	if !referrersCapability {
+		_ = remoteRepo.SetReferrersCapability(false)
+	}
+
 	repositoryOpts := notreg.RepositoryOptions{}
 
 	sigRepo := notreg.NewRepositoryWithOptions(remoteRepo, repositoryOpts)
@@ -432,7 +436,7 @@ func LoadNotationConfig(tdir string) (*notconfig.Config, error) {
 	return configInfo, nil
 }
 
-func SignImageUsingNotary(repoTag, port string) error {
+func SignImageUsingNotary(repoTag, port string, referrersCapability bool) error {
 	cwd, err := os.Getwd()
 	if err != nil {
 		return err
@@ -463,7 +467,7 @@ func SignImageUsingNotary(repoTag, port string) error {
 	// sign the image
 	image := fmt.Sprintf("localhost:%s/%s", port, repoTag)
 
-	err = SignWithNotation("notation-sign-test", image, tdir)
+	err = SignWithNotation("notation-sign-test", image, tdir, referrersCapability)
 
 	return err
 }

pkg/test/signature/notation_test.go

@@ -114,7 +114,7 @@ func TestLoadNotationConfig(t *testing.T) {
 
 func TestSignWithNotation(t *testing.T) {
 	Convey("notation directory doesn't exist", t, func() {
-		err := signature.SignWithNotation("key", "reference", t.TempDir())
+		err := signature.SignWithNotation("key", "reference", t.TempDir(), true)
 		So(err, ShouldNotBeNil)
 	})
 
@@ -128,7 +128,7 @@ func TestSignWithNotation(t *testing.T) {
 		err = os.WriteFile(filePath, []byte("{}"), 0o666) //nolint: gosec
 		So(err, ShouldBeNil)
 
-		err = signature.SignWithNotation("key", "reference", tempDir)
+		err = signature.SignWithNotation("key", "reference", tempDir, true)
 		So(err, ShouldEqual, signature.ErrKeyNotFound)
 	})
 
@@ -150,7 +150,7 @@ func TestSignWithNotation(t *testing.T) {
 		err = os.Chmod(path.Join(tdir, "notation", "localkeys"), 0o000)
 		So(err, ShouldBeNil)
 
-		err = signature.SignWithNotation("key", "reference", tdir)
+		err = signature.SignWithNotation("key", "reference", tdir, true)
 		So(err, ShouldNotBeNil)
 
 		err = os.Chmod(path.Join(tdir, "notation", "localkeys"), 0o755)
@@ -172,7 +172,7 @@ func TestSignWithNotation(t *testing.T) {
 		err = signature.GenerateNotationCerts(tdir, "key")
 		So(err, ShouldBeNil)
 
-		err = signature.SignWithNotation("key", "invalidReference", tdir)
+		err = signature.SignWithNotation("key", "invalidReference", tdir, true)
 		So(err, ShouldNotBeNil)
 	})
 
@@ -191,7 +191,7 @@ func TestSignWithNotation(t *testing.T) {
 		err = signature.GenerateNotationCerts(tdir, "key")
 		So(err, ShouldBeNil)
 
-		err = signature.SignWithNotation("key", "localhost:8080/invalidreference:1.0", tdir)
+		err = signature.SignWithNotation("key", "localhost:8080/invalidreference:1.0", tdir, true)
 		So(err, ShouldNotBeNil)
 	})
 }