Merge pull request from GHSA-pwmf-hvvc-mxm3

* Revert "Fix artifactType examples" This reverts commit 4580f93. * Revert "Remove mediatype from artifact manifest" This reverts commit c1fcb68. * Update as per draft v1.0.0-draft.1 Signed-off-by: Sajay Antony <sajaya@microsoft.com>
oras-project · Nov 17, 2021 · ac46408 · ac46408
1 parent 5a674b4
commit ac46408
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 1 deletion.
diff --git a/artifact-manifest.md b/artifact-manifest.md
@@ -12,6 +12,10 @@ This section defines the `application/vnd.cncf.oras.artifact.manifest.v1+json` m
 
 The `artifact.manifest` provides an optional collection of `blobs`, an optional reference to the manifest of another artifact and an `artifactType` to differentiate different types of artifacts (such as signatures, sboms and security scan results)
 
+- **`mediaType`** *string*
+
+  This field contains the `mediaType` of this document, differentiating from [image-manifest][oci-image-manifest-spec] and [image-index][oci-image-index]. The `mediaType` for this manifest type MUST be `application/vnd.cncf.oras.artifact.manifest.v1+json`, where the version WILL change to reflect newer versions.
+
 - **`artifactType`** *string*
 
   The REQUIRED `artifactType` is a unique value, as registered with [iana.org][registering-iana].

diff --git a/examples/net-monitor-image-nydus-ondemand-loading.json b/examples/net-monitor-image-nydus-ondemand-loading.json
@@ -1,4 +1,5 @@
 {
+  "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
   "artifactType": "application/vnd.cncf.nydus.v1",
   "blobs": [
     {

diff --git a/examples/net-monitor-image-sbom.json b/examples/net-monitor-image-sbom.json
@@ -1,4 +1,5 @@
 {
+  "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
   "artifactType": "sbom/example",
   "blobs": [
     {
@@ -16,3 +17,4 @@
     "example.sbom.author": "wabbit-networks.io"
   }
 }
+
diff --git a/examples/net-monitor-image-signature.json b/examples/net-monitor-image-signature.json
@@ -1,4 +1,5 @@
 {
+  "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
   "artifactType": "application/vnd.cncf.notary.v2",
   "blobs": [
     {

diff --git a/examples/oci-image-artifact.json b/examples/oci-image-artifact.json
@@ -1,4 +1,5 @@
 {
+  "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
   "artifactType": "application/vnd.oci.image.manifest.v1+json",
   "blobs": [
     {
@@ -17,4 +18,4 @@
       "size": 226
     }
   ]
-}
+}
diff --git a/scenarios.md b/scenarios.md
@@ -92,6 +92,7 @@ Following the [oras.artifact.manifest][artifact-manifest-spec] spec, a signature
 - **tag**: _-none-_
   ```json
   {
+    "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
     "artifactType": "application/vnd.cncf.notary.v2",
     "blobs": [
       {
@@ -123,6 +124,7 @@ The SBoM content would be persisted as one or more `[blobs]` with a `subject` re
 - **tag**: _-none-_
   ```json
   {
+    "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
     "artifactType": "sbom/example",
     "blobs": [
       {
@@ -151,6 +153,7 @@ The  `net-monitor:v1` SBoM may also be signed, providing yet another leaf node.
 - **tag**: _-none-_
   ```json
   {
+    "mediaType": "application/vnd.cncf.oras.artifact.manifest.v1+json",
     "artifactType": "application/vnd.cncf.notary.v2",
     "blobs": [
       {

diff --git a/specs-go/v1/manifest.go b/specs-go/v1/manifest.go
@@ -17,6 +17,9 @@ package v1
 // Manifest describes an ORAS artifact.
 // This structure provides `application/vnd.oras.artifact.manifest.v1+json` mediatype when marshalled to JSON.
 type Manifest struct {
+	// MediaType is the media type of the object this schema refers to.
+	MediaType string `json:"mediaType"`
+
 	// ArtifactType is the artifact type of the object this schema refers to.
 	ArtifactType string `json:"artifactType"`