verifying the images by using cosign during the image pulling #577
Labels
Comments
Dentrax
added a commit
to developer-guy/nerdctl
that referenced
this issue
Nov 29, 2021
Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
Dentrax
added a commit
to developer-guy/nerdctl
that referenced
this issue
Nov 29, 2021
Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com>
|
SGTM, left comments in #556 (comment) |
|
Could you propose this to BuildKit (https://github.com/moby/buildkit/issues) too, so that we can verify Dockerfile |
developer-guy
added a commit
to developer-guy/nerdctl
that referenced
this issue
Nov 30, 2021
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> docs: add cosign.md Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: verify image with cosign Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> feat: add cosign-key flag to pull command Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> docs(cosign): clarify according to reviews Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuha.apaydin@trendyol.com> feat: updates according to code review Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: add resolve digest feature while pulling the image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy
added a commit
to developer-guy/nerdctl
that referenced
this issue
Nov 30, 2021
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> docs: add cosign.md Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: verify image with cosign Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> feat: add cosign-key flag to pull command Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> docs(cosign): clarify according to reviews Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuha.apaydin@trendyol.com> feat: updates according to code review Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: add resolve digest feature while pulling the image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat(cosign): cosign test for push and pull Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy
added a commit
to developer-guy/nerdctl
that referenced
this issue
Dec 2, 2021
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> docs: add cosign.md Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: verify image with cosign Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> feat: add cosign-key flag to pull command Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> docs(cosign): clarify according to reviews Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuha.apaydin@trendyol.com> feat: updates according to code review Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: add resolve digest feature while pulling the image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat(cosign): cosign test for push and pull Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy
added a commit
to developer-guy/nerdctl
that referenced
this issue
Dec 2, 2021
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> docs: add cosign.md Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: verify image with cosign Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> feat: add cosign-key flag to pull command Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> docs(cosign): clarify according to reviews Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuha.apaydin@trendyol.com> feat: updates according to code review Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: add resolve digest feature while pulling the image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat(cosign): cosign test for push and pull Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
developer-guy
added a commit
to developer-guy/nerdctl
that referenced
this issue
Dec 3, 2021
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Co-authored-by: Furkan Türkal <furkan.turkal@trendyol.com> docs: add cosign.md Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: verify image with cosign Fixes containerd#577 Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> feat: add cosign-key flag to pull command Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> docs(cosign): clarify according to reviews Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuha.apaydin@trendyol.com> feat: updates according to code review Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat: add resolve digest feature while pulling the image Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> feat(cosign): cosign test for push and pull Signed-off-by: Furkan <furkan.turkal@trendyol.com> Co-authored-by: Batuhan <batuhan.apaydin@trendyol.com> Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
|
Closing, as this is implemented in v0.15 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Follow-up issue for #423
We can verify the images during the image pull since we will be able to signing it using keyless mode at PR #556. If it makes sense, we can (@developer-guy) implement this feature in the same branch!
The text was updated successfully, but these errors were encountered: