sign containers and check signatures of content in containers

seL4 / seL4-CAmkES-L4v-dockerfiles

Dockerfiles defining the dependencies required to build seL4, CAmkES, and L4v.

13 stars 40 forks source link

Open lsf37 opened 8 months ago

lsf37 commented 8 months ago

For a more trustworthy build/supply chain story, we should

[ ] check all signatures of things downloaded in the container builds (most of this is already done by apt-install
[ ] sign the containers when they are deployed to docker hub

lsf37 commented 8 months ago