Replication Enforcement with Docker Content Trust

[MohamedTalhaoui]

I have an Harbor registry with Content Trust enabled. I have setup a replication rule to replicate nginx/nginx-ingress:latest image from Docker Hub. I know this image is not signed from my docker client:

$ sudo DOCKER_CONTENT_TRUST=1 docker pull nginx/nginx-ingress
Using default tag: latest
Error: remote trust data does not exist for docker.io/nginx/nginx-ingress: notary.docker.io does not have trust data for docker.io/nginx/nginx-ingress

However this image is still replicated succesfully. My expectation would be that only signed images would be replicated.

Is there a way to block the replication of unsigned images ?

[reasonerjt]

Thanks for pointing out.

Currently, there's no way to do that.

This MAY be do-able but not on the top of the list, if you are interested, any contribution is welcome.

[MohamedTalhaoui]

Also, it would be good if replicated images are signed on push to harbor when content trust is enabled.

Not sure about the implementation details, but with some guidance I am keen to have a look at it.

[xaleeks]

replicated images cannot be signed on push because it's a different notary signer server in the target instance with its own DB and delegations; unless your goal is to just resign the image with a new signature. But it cannot be used to verify integrity as a signed image from the source registry anymore. And replicating a signed artifact and having that signature persist to the target registry is not possible because of upstream Notary project, but a solution is being worked on right now.

Once that's available, blocking replication of unsigned images from within Harbor is as easy as checking a bit. It's the replication of signed images that we don't have a solution for atm.

[xaleeks]

I'm keeping the blocking unsigned as a requirement in backlog, pending notary v2 solution

[MohamedTalhaoui]

Yes my goal is to resign the image with a new signature as it is replicated in Harbor. The idea is I am okay to sign an image on my target registry as long as I can verify it has been signed in the source registry.

[yogeek]

I enables "content trust" on an harbor project, pushed a signed image into it, and try to replicate it to an ECR, and it failed as expected because the image is not signed.... so I am not sure to understand when you say that harbor is not able to block replication for unsigned images. Can you precise the issue please ?

[axi92]

Is this now possible with cosign?

[github-actions[bot]]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.