Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sign container images after built #1443

Closed
1 task done
developer-guy opened this issue May 13, 2022 · 6 comments
Closed
1 task done

sign container images after built #1443

developer-guy opened this issue May 13, 2022 · 6 comments
Labels
help wanted Need some extra hands to get this done. status/ready Issue ready to be worked on. type/enhancement Issue that requests a new feature or improvement.

Comments

@developer-guy
Copy link

developer-guy commented May 13, 2022

Description

We (w/@Dentrax) thought that it'd be nice if pack CLI has the support of signing container images right after building them without requiring any additional steps to sign container images based on cosign, a tool developed by the sigstore community that lets you sign, and verify container images according to several types of key management types, or any other signing tool.

Proposed solution

Maybe we can add additional flag to the build command in pack CLI to enable signing, it'll be look like this:

# Set default signer to the config
$ paketo config default-signer cosign
# it'll sign container image right after built
$ pack build --signer cosign <img>

Describe alternatives you've considered

Additional context

  • This feature should be documented somewhere
@developer-guy developer-guy added status/triage Issue or PR that requires contributor attention. type/enhancement Issue that requests a new feature or improvement. labels May 13, 2022
@developer-guy developer-guy changed the title sign container images after built with cosign sign container images after built Jun 6, 2022
@developer-guy
Copy link
Author

developer-guy commented Jun 6, 2022

kindly ping @samj1912

@sambhav
Copy link
Member

sambhav commented Jun 7, 2022

Related buildpacks/rfcs#195 and #268 (comment)

@developer-guy perfect timing! We have been actively working to get cosign integration, along with sbom attestations integrated in the project! We would love to have contributors help with the implementation once RFC 195 is merged (which should happen this week or the next).

Would you and @Dentrax be interested in helping with the implementation? This would help not only pack but any buildpacks based platform so it would be a huge win.

@sambhav sambhav closed this as completed Jun 7, 2022
@sambhav sambhav reopened this Jun 7, 2022
@sambhav
Copy link
Member

sambhav commented Jun 7, 2022

(Accidentally closed, reopened again)

@developer-guy
Copy link
Author

OFC, we'd love to help 🤩

@natalieparellano natalieparellano added status/ready Issue ready to be worked on. help wanted Need some extra hands to get this done. and removed status/triage Issue or PR that requires contributor attention. labels Oct 12, 2022
@Gauravkumar2701
Copy link

@developer-guy @samj1912 @Dentrax Guys I also want to work on this issue @developer-guy could you please guide me with more information.

@natalieparellano
Copy link
Member

Closing as duplicate of #268

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Need some extra hands to get this done. status/ready Issue ready to be worked on. type/enhancement Issue that requests a new feature or improvement.
Projects
None yet
Development

No branches or pull requests

4 participants