[enhancement]: sign container artifacts #1039

wwest4 · 2025-01-01T02:36:20Z

Which feature or improvement would you like to request?

I'd like to see this feature: sign container artifacts with DCT, cosign, or something else.

Currently:

DOCKER_CONTENT_TRUST=1 ; docker pull stalwartlabs/mail-server
Using default tag: latest
Error: remote trust data does not exist for docker.io/stalwartlabs/mail-server: notary.docker.io does not have trust data for docker.io/stalwartlabs/mail-server

Probably worth mentioning that not all container runtimes support DCT, but anything would be better than nothing.

In the meantime folks can just build from source using the Dockerfile in the repo to get equivalent assurance of authenticity, it's just less than ideal. TIA.

Is your feature request related to a problem?

I'm having a problem with...

Code of Conduct

I agree to follow this project's Code of Conduct

The text was updated successfully, but these errors were encountered:

williamdes · 2025-01-01T20:39:30Z

Ref: #1033
The original discussion
Where I had said

See https://github.com/sudo-bot/action-docker-sign/ and all the documentation I built in the recent years

mdecimus · 2025-01-03T10:43:39Z

This is covered by #561

wwest4 added the enhancement New feature or request label Jan 1, 2025

mdecimus closed this as completed Jan 3, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[enhancement]: sign container artifacts #1039

[enhancement]: sign container artifacts #1039

wwest4 commented Jan 1, 2025

williamdes commented Jan 1, 2025

mdecimus commented Jan 3, 2025

[enhancement]: sign container artifacts #1039

[enhancement]: sign container artifacts #1039

Comments

wwest4 commented Jan 1, 2025

Which feature or improvement would you like to request?

Is your feature request related to a problem?

Code of Conduct

williamdes commented Jan 1, 2025

mdecimus commented Jan 3, 2025