docker-hugo icon indicating copy to clipboard operation
docker-hugo copied to clipboard

Published 20 hours ago verified publisher icon jojomi

Content Trust

Open hutson opened this issue 7 years ago • 1 comments

I've been trying to be good at only pulling Docker images that have been cryptographically signed by setting the DOCKER_CONTENT_TRUST environment variable.

In the case of pulling NodeJS images, everything works.

When I go to pull jojomi/hugo I get the following error:

docker: Error: remote trust data does not exist for docker.io/jojomi/hugo: notary.docker.io does not have trust data for docker.io/jojomi/hugo.

My assumption is that jojomi/hugo has not been signed.

If you haven't already, would you consider signing your images?

Reference - https://docs.docker.com/engine/security/trust/content_trust/

hutson avatar Jul 21 '17 14:07 hutson

I would like to do this, but can we do this using automated builds?

jojomi avatar Jan 14 '18 09:01 jojomi