openjdk-docker icon indicating copy to clipboard operation
openjdk-docker copied to clipboard
verified publisher icon AdoptOpenJDK

Add DockerHub notary signing to all official images e.g. adoptopenjdk/openjdk11

Open rhuddleston opened this issue 6 years ago • 2 comments

$ export DOCKER_CONTENT_TRUST=1 $ docker pull adoptopenjdk/openjdk11:alpine-jre Error: remote trust data does not exist for docker.io/adoptopenjdk/openjdk11: notary.docker.io does not have trust data for docker.io/adoptopenjdk/openjdk11

$ docker pull adoptopenjdk/openjdk11:latest Error: remote trust data does not exist for docker.io/adoptopenjdk/openjdk11: notary.docker.io does not have trust data for docker.io/adoptopenjdk/openjdk11

$ docker pull adoptopenjdk/openjdk11:jre-11.0.3_7 Error: remote trust data does not exist for docker.io/adoptopenjdk/openjdk11: notary.docker.io does not have trust data for docker.io/adoptopenjdk/openjdk11

it would be nice if theses images could be signed.

rhuddleston avatar Jun 12 '19 20:06 rhuddleston

https://github.com/theupdateframework/notary/issues/1370

grzesuav avatar Jul 04 '19 13:07 grzesuav

quoting:

When you run docker build, it tries to verify the image you are building from using the content trust server you specified. There is no trust data for the official ubuntu library in your content trust server. You would have to either sign the image yourself on your local notary server or override the DOCKER_CONTENT_TRUST_SERVER to be https://notary.docker.io for the docker build command specifically.

grzesuav avatar Jul 04 '19 13:07 grzesuav