Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign docker images on dockerhub #137

Open
rhuddleston opened this issue Aug 7, 2017 · 3 comments
Open

Sign docker images on dockerhub #137

rhuddleston opened this issue Aug 7, 2017 · 3 comments
Labels
enhancement
Projects
OpenVAS Docker Modernization

Comments

@rhuddleston
Copy link

$ export DOCKER_CONTENT_TRUST=1
$ docker pull mikesplain/openvas:9
Error: remote trust data does not exist for docker.io/mikesplain/openvas: notary.docker.io does not have trust data for docker.io/mikesplain/openvas

Any chance you could sign your images with notary for dockerhub?
@roman-vynar
Copy link

It would be great if the image for a security tool in particular is signed.

@mikesplain
Copy link
Owner

That's a great suggestion, that said we use auto builds on docker hub. As far as I know they don't support signing? If @rhuddleston or @roman-vynar has suggestions, I'm open to it.

@roman-vynar
Copy link

Yea, it's not supported with auto-builds but as long as the releases are not often, it may be ok pushing by some other mean of automation.
From my side, I can provide the brief instructions how to achieve image signing using Docker Hub Notary. You would need to keep a copy of the keys and passphrases to use when pushing a new image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
OpenVAS Docker Modernization
  
To do
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikesplain @roman-vynar @rhuddleston