I want to sign containers with SignServer. I saw in the documentation that we can use client side hash signing to do it but I want something compatible with popular containers' runtimes (containerd, podman, CRI-O) and not have to do some openssl/openPGP commands to verify the signature.
Is it possible with SignServer at the moment ?
If not, are you thinking about implementing this feature ?
What's your point of view about this ?
Thanks a lot in advance.
Regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I wrote a simple script that build a json with the container data (https://github.com/containers/image/blob/master/docs/containers-signature.5.md), sign it with signserver and a pgp worker (data with an attached signature) and upload it to a server. I used this guide to undestand the process and I adapted the signing part to include signserver instead of using podman.
Regards,
Axel
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for sharing those interesting links and the great news about your achievement.
Do you want to contribute your script or the instructions for how to do the container signer with SignServer?
Is there anything in SignServer you see that could be improved to make the process smoother?
Cheers,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I want to sign containers with SignServer. I saw in the documentation that we can use client side hash signing to do it but I want something compatible with popular containers' runtimes (containerd, podman, CRI-O) and not have to do some openssl/openPGP commands to verify the signature.
Is it possible with SignServer at the moment ?
If not, are you thinking about implementing this feature ?
What's your point of view about this ?
Thanks a lot in advance.
Regards.
Hi Axel,
Do you have a suggestion for which scheme/standard to use for container signing?
Cheers,
Markus
PrimeKey
Hi Markus,
I wrote a simple script that build a json with the container data (https://github.com/containers/image/blob/master/docs/containers-signature.5.md), sign it with signserver and a pgp worker (data with an attached signature) and upload it to a server. I used this guide to undestand the process and I adapted the signing part to include signserver instead of using podman.
Regards,
Axel
Hi Axel,
Thanks for sharing those interesting links and the great news about your achievement.
Do you want to contribute your script or the instructions for how to do the container signer with SignServer?
Is there anything in SignServer you see that could be improved to make the process smoother?
Cheers,
Markus