is there a way to trust the docker official image via signedby? #15219

braindevices · 2022-08-05T18:09:39Z

braindevices
Aug 5, 2022

docker trust inspect shows:

Signatures for alpine:latest

SIGNED TAG   DIGEST                                                             SIGNERS
latest       7580ece7963bfa863801466c0a488f11c86f85d9988051a9f9c68cb27f6b7872   (Repo Admin)

Administrative keys for alpine:latest

  Repository Key:       5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
  Root Key:     a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce

I wonder which key should we use in podman trust command? Or is this even possible?

mheon · 2022-08-06T05:45:04Z

mheon
Aug 6, 2022
Maintainer

The Docker signature scheme and the ones used by Podman are, I believe, incompatible, so I do not believe we can use these keys; @mtrmac can you confirm?

0 replies

rhatdan · 2022-08-06T11:19:08Z

rhatdan
Aug 6, 2022
Maintainer

Correct Podman does not work with docker notary. Podman supports simple signing and soon sigstore.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

is there a way to trust the docker official image via signedby? #15219

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments

{{title}}

{{title}}

Select a reply

is there a way to trust the docker official image via signedby? #15219

braindevices Aug 5, 2022

Replies: 2 comments

mheon Aug 6, 2022 Maintainer

rhatdan Aug 6, 2022 Maintainer

braindevices
Aug 5, 2022

mheon
Aug 6, 2022
Maintainer

rhatdan
Aug 6, 2022
Maintainer