Closed S0b1t closed 1 year ago
Sorry we're just now getting to this! Why are you trying to run Cosign inside of Docker? We'd typically recommend that you install it on your local machine: https://docs.sigstore.dev/cosign/installation/
I am new to Harbor, there is a Dockerfile in the project repository.
Which Dockerfile are you referring to? There's no Dockerfile in the Cosign repository, or in the root for https://github.com/goharbor/harbor
For quick, one-off questions like this, I recommend the Sigstore Slack—we'll be much more responsive. Sorry again!
Hi ! Thanks for the response!
It was a helpful https://docs.sigstore.dev/cosign/installation/
I configured it on my local VM !
@znewman01 Hi I just get into this issue when I try to cosign the image inside the docker:
nstall_cosign() {
docker build -t cosign-test --no-cache \
--build-arg USER_UID=`id -u` \
--build-arg USER_GID=`id -g` \
--build-arg USER_NAME=`id -un` -<<EOF
FROM yiakwy/cosign:v1.13.0 as cosign-bin
# Source: https://github.com/chainguard-images/static
FROM cgr.dev/chainguard/static:latest
COPY --from=cosign-bin /ko-app/cosign /usr/local/bin/cosign
ENTRYPOINT [ "cosign" ]
EOF
}
exist() {
local tag=$1
[[ "$(docker image inspect $tag 2> /dev/null)" != "" ]]
}
create_cosign_key() {
local cosign_user=root
set -x
docker run -it --privileged --ulimit memlock=-1:-1 --net=host --cap-add=IPC_LOCK --ipc=host -v $(readlink -f `pwd`):/home/$cosign_user -u $cosign_user --rm --workdir /home/$cosign_user cosign-test:latest generate-key-pair --output-file /home/$cosign_user/cosign.log
set +x
}
cosignit() {
local cosign_user=root
set -x
docker run -it --privileged --ulimit memlock=-1:-1 --net=host --cap-add=IPC_LOCK --ipc=host -v $(readlink -f `pwd`):/home/$cosign_user -u $cosign_user --rm --workdir /home/$cosign_user cosign-test:latest sign --key cosign.key "$@" --allow-insecure-registry --upload=false --output-file /home/$cosign_user/cosign.log
set +x
}
main() {
exist cosign-test:latest || (echo "install cosign ..." && install_cosign)
cosignit "$@"
}
main "$@"
cosign key can be generated correctly in host from the docker. But The docker has troubles to sign it. I try to cosign login, it seems verbosely, the only feedback is
auth.go:191: logged in via /root/.docker/config.json
So I cannnot tell whether there is network a problem.
But when I sign with generated cosign key with `upload=true', I will get UNAUTHROISED error.
Hi!
I am new to Harbor, there is a Dockerfile in the project repository. From this Dockerfile, I built a cosign image with the command:
and than i ran the image with command:
container didn't run, am i did something wrong? How to run cosign in docker container from Dockerfile?
The second question is after run docker container how should i run commands cosign sign --key and cosign verify --key ? Like give command from inside docker container or something like that?