Implement signed images verification #67
Comments
Closed
|
Signatures would be pulled only on creation and would be deleted with their corresponding container images. Keys for verification could be provided globally - through container-management configuration, per container - through container configuration. Per container keys are prioritized.
Skip verification - no verification is performed, container is created/started |
dimitar-dimitrow
moved this from In Progress (max 10)
to Ready for Review (max 3)
in Eclipse Kanto
e-grigorov
moved this from Ready for Review (max 3)
to In Progress (max 10)
in Eclipse Kanto
dimitar-dimitrow
moved this from In Progress (max 10)
to Ready for Review (max 3)
in Eclipse Kanto
ata-atanasov
moved this from Ready for Review (max 3)
to In Review (max 3)
in Eclipse Kanto
|
The focus has changed to implement signed image verification with notation-go instead of sigstore/cosign, for more information check this comment. |
dimitar-dimitrow
moved this from In Progress (max 10)
to Ready for Review (max 3)
in Eclipse Kanto
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Nov 30, 2023
Signed-off-by: Dimitar Dimitrov <[email protected]>
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Nov 30, 2023
Signed-off-by: Dimitar Dimitrov <[email protected]>
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Nov 30, 2023
Signed-off-by: Dimitar Dimitrov <[email protected]>
k-gostev
moved this from Ready for Review (max 3)
to In Review (max 3)
in Eclipse Kanto
dimitar-dimitrow
added a commit
to bosch-io/container-management
that referenced
this issue
Dec 12, 2023
Signed-off-by: Dimitar Dimitrov <[email protected]>
k-gostev
pushed a commit
that referenced
this issue
Dec 12, 2023
* [#67] Implement signed images verification --------- Signed-off-by: Dimitar Dimitrov <[email protected]>
github-project-automation
bot
moved this from In Review (max 3)
to Done
in Eclipse Kanto
k-gostev
pushed a commit
that referenced
this issue
Apr 30, 2024
* [#67] Implement signed images verification --------- Signed-off-by: Dimitar Dimitrov <[email protected]>
dimitar-dimitrow
added a commit
that referenced
this issue
May 10, 2024
[#234] Merge `dev-m5` branch into `main` * [#51] Improve containerd client unit tests (#203) * [#201] Optimized, deterministic intermediate desired state feedback messages (#204) * [#208] Add file flag to the CLI create command (#209) * [#191] Container remains Stopped after container-management service restart (#214) * [#210] Remove command should accept more than one container ID (#212) * [#196] Starting of constantly restarting container fails (#216) * [#67] Implement signed images verification (#215) * [#91] Provide unit tests covering signed images verification (#220) * [#213] Add quiet flag, to the list command. (#221) * [#217] CLI Remove command improvements (#224) --------- Signed-off-by: Daniel Milchev [email protected] Signed-off-by: Stoyan Zoubev <[email protected]> Signed-off-by: Kristiyan Gostev <[email protected]> Signed-off-by: Dimitar Dimitrov <[email protected]> Co-authored-by: Daniel Milchev <[email protected]> Co-authored-by: Stoyan Zoubev <[email protected]> Co-authored-by: Dimitar Dimitrov <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All used container images must undergo a signature verification (if signed) based on the provided verification data. If the verification fails, running a container instance using such an image must be aborted with the appropriate error.
The verification has to be implemented integrating sigstore's Cosign.
If a global daemon's configuration is applicable, it has to be covered as well.
The text was updated successfully, but these errors were encountered: