docker-nginx-unprivileged icon indicating copy to clipboard operation
docker-nginx-unprivileged copied to clipboard

Published 20 hours ago verified publisher icon nginxinc

Docker Content Trust (sign the provided images)

Open cableman opened this issue 1 year ago • 3 comments

Is your feature request related to a problem? Please describe

Have you considered signing the release tags, so people using DOCKER_CONTENT_TRUST=1 can use these images. The official nginx image are signed with DCT.

For more about DCT see https://docs.docker.com/engine/security/trust/

Describe the solution you'd like

That the images are signed like the official nginx images :-).

See docker trust inspect --pretty nginx:alpine

Describe alternatives you've considered

Build own images base on these images and sign them, but that somehow seams wrong.

cableman avatar Aug 28 '22 15:08 cableman

I will look into it! At first glance I don't see why this wouldn't be feasible 😄

alessfg avatar Aug 29 '22 11:08 alessfg

No progress?

cableman avatar Sep 28 '22 08:09 cableman

Not yet! Maintaining these images is a secondary task to my day to day responsibilities, so anything beyond porting upstream changes tends to take a bit more time than I'd hope. Rest assured it's still on my mind and I'll get to it as soon as I can!

alessfg avatar Sep 28 '22 11:09 alessfg

It took a while, but it's finally done! Let me know how it works out! :)

alessfg avatar Nov 18 '22 23:11 alessfg