Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Docker content trust #9620

Merged
merged 1 commit into from Apr 29, 2024
Merged

Enable Docker content trust #9620

merged 1 commit into from Apr 29, 2024

Conversation

JamieMagee
Copy link
Contributor

This change enabled Docker content trust which verifies the signatures of container images used by docker. This is only done for the base image, which is built on top of Ubuntu.

The signature can be manually verified as follows:

$ docker trust inspect --pretty docker.io/library/ubuntu:22.04

Signatures for docker.io/library/ubuntu:22.04

SIGNED TAG   DIGEST                                                             SIGNERS
22.04        6d7b5d3317a71adb5e175640150e44b8b9a9401a7dd394f44840626aff9fa94d   (Repo Admin)

Administrative keys for docker.io/library/ubuntu:22.04

  Repository Key:       8273733f491f362bb36710fd8a99f78c3fbaecd8d09333985c76f1064b80760f
  Root Key:     1f9bc7ae6335ae41ee03e983c0e31303901be567b4cdb3fc7c7363f0591128ff

Why are we using Docker content trust to verify signatures, when I am talking about signing container images with cosign in #9546 I hear you ask? I hope this explains things: https://xkcd.com/927/

@JamieMagee JamieMagee requested a review from a team as a code owner April 26, 2024 15:46
@JamieMagee JamieMagee force-pushed the jamiemagee/enable-docker-content-trust branch 3 times, most recently from cd6a4d9 to aa0e30c Compare April 26, 2024 17:44
@raj-meka raj-meka force-pushed the jamiemagee/enable-docker-content-trust branch from 57cda42 to 37bedcf Compare April 29, 2024 17:17
@raj-meka raj-meka force-pushed the jamiemagee/enable-docker-content-trust branch from 37bedcf to 7739f24 Compare April 29, 2024 19:06
@raj-meka raj-meka merged commit 195c36b into main Apr 29, 2024
53 checks passed
@raj-meka raj-meka deleted the jamiemagee/enable-docker-content-trust branch April 29, 2024 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bdragon bdragon bdragon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@JamieMagee @bdragon @raj-meka