Implement signed images verification #67
Comments
Closed
|
Signatures would be pulled only on creation and would be deleted with their corresponding container images. Keys for verification could be provided globally - through container-management configuration, per container - through container configuration. Per container keys are prioritized.
Skip verification - no verification is performed, container is created/started |
|
The focus has changed to implement signed image verification with notation-go instead of sigstore/cosign, for more information check this comment. |
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Nov 30, 2023
Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Nov 30, 2023
Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Nov 30, 2023
Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Dec 12, 2023
Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
k-gostev
pushed a commit
that referenced
this issue
Dec 12, 2023
* [#67] Implement signed images verification --------- Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
k-gostev
pushed a commit
that referenced
this issue
Apr 30, 2024
* [#67] Implement signed images verification --------- Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
dimitar-dimitrow
added a commit
that referenced
this issue
May 10, 2024
[#234] Merge `dev-m5` branch into `main` * [#51] Improve containerd client unit tests (#203) * [#201] Optimized, deterministic intermediate desired state feedback messages (#204) * [#208] Add file flag to the CLI create command (#209) * [#191] Container remains Stopped after container-management service restart (#214) * [#210] Remove command should accept more than one container ID (#212) * [#196] Starting of constantly restarting container fails (#216) * [#67] Implement signed images verification (#215) * [#91] Provide unit tests covering signed images verification (#220) * [#213] Add quiet flag, to the list command. (#221) * [#217] CLI Remove command improvements (#224) --------- Signed-off-by: Daniel Milchev fixed-term.daniel.milchev@bosch.io Signed-off-by: Stoyan Zoubev <Stoyan.Zoubev@bosch.com> Signed-off-by: Kristiyan Gostev <kristiyan.gostev@bosch.com> Signed-off-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com> Co-authored-by: Daniel Milchev <fixed-term.daniel.milchev@bosch.io> Co-authored-by: Stoyan Zoubev <Stoyan.Zoubev@bosch.io> Co-authored-by: Dimitar Dimitrov <dimitar.dimitrov3@bosch.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All used container images must undergo a signature verification (if signed) based on the provided verification data. If the verification fails, running a container instance using such an image must be aborted with the appropriate error.
The verification has to be implemented integrating sigstore's Cosign.
If a global daemon's configuration is applicable, it has to be covered as well.
The text was updated successfully, but these errors were encountered: