Only one legacy cosign signature been replicated as accessory while several attached in the src artifact

[MinerYang]

Description
When we are using legacy cosign singing images in a source Harbor and replicate into target Harbor instance, there's only one signature been attached to subject artifact in the target Harbor instance due to legacy cosign using specific tag sha256-<subject-digest-xxxx>.sig to reference its subject.Since only one signature remain tagged and could establish relationship with subject when pushing to target Harbor. While other signatures been untagged and replicated as individual artifacts.

Step1 signing a image several time using legacy cosign in the source harbor instance

Step2 replicate to the target harbor instance

Step3 We will see only one signature with specific tag sha256-xxxxxx.sig been attached with subject artifact, the untagged one will been populate as an individual image in the UI.

[wy65701436]

In harbor, we only support a single signature using the default mode of cosign image signing. If you need to sign an artifact multiple times with cosign, please use the OCI 1.1 mode for signing the artifacts.

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.