search

jojomi / docker-hugo

Docker image for hugo static page generator (https://gohugo.io)
https://hub.docker.com/r/jojomi/hugo
MIT License
250 stars 95 forks source link

Content Trust #19

Open hutson opened 7 years ago

hutson commented 7 years ago

I've been trying to be good at only pulling Docker images that have been cryptographically signed by setting the DOCKER_CONTENT_TRUST environment variable.

In the case of pulling NodeJS images, everything works.

When I go to pull jojomi/hugo I get the following error:

docker: Error: remote trust data does not exist for docker.io/jojomi/hugo: notary.docker.io does not have trust data for docker.io/jojomi/hugo.

My assumption is that jojomi/hugo has not been signed.

If you haven't already, would you consider signing your images?

Reference - https://docs.docker.com/engine/security/trust/content_trust/

jojomi commented 6 years ago

I would like to do this, but can we do this using automated builds?