Signed Docker image

[augi]

Hello, it would be great if the renovate/renovate Docker images were signed, so we could use it in a more strict environment where DOCKER_CONTENT_TRUST=1 is enforced.

Now, the pull is failing on this:

export DOCKER_CONTENT_TRUST=1
docker -D pull renovate/renovate:19.189.3
  time="2020-05-04T12:02:50+02:00" level=debug msg="reading certificate directory: /home/tcagent/.docker/tls/notary.docker.io"
  time="2020-05-04T12:02:50+02:00" level=debug msg="No yubikey found, using alternative key storage: no library found"
  time="2020-05-04T12:02:50+02:00" level=debug msg="Making dir path: /home/tcagent/.docker/trust/tuf/docker.io/renovate/renovate/changelist"
  time="2020-05-04T12:02:51+02:00" level=debug msg="received HTTP status 404 when requesting root."
  Error: remote trust data does not exist for docker.io/renovate/renovate: notary.docker.io does not have trust data for docker.io/renovate/renovate

[viceice]

This seem to be complicated: Content trust in Docker

@augi If you have any experience with signing docker images you can help us to configure our github workflows so add additional image signing.

[augi]

Agree that it seems to be complicated 😢

It actually requires to load the key docker trust key load and then export DOCKER_CONTENT_TRUST=1 && docker push so maybe it is not so complicated 🤔

But I don't have any real-world experience.

[viceice]

I found that one can load the key, but how to pass the password ? Because it need to be integrated to our docker builder

https://github.com/renovatebot/internal-tools/blob/92271f10d18fa1da9c02aa23a66b8802983b7581/src/utils/docker.ts#L176

[augi]

I've found here that DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE and DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE environment variables can be used. Maybe it is what you are looking for 🤔

[viceice]

OK, does docker hub support content trust for open source projects?

[augi]

This is also not clear to me from the documentation 😢

According to this article, it should work for everyone with Docker Hub account.

[viceice]

so the steps would be:

• create root key
• create a delegate key for each image and add to the git repo (as secret) ?
• add key passphrase as secret to repo
• enable DOCKER_CONTENT_TRUST=1 while pushing images

Queststions

• Who stores the root key (secure) ?
• Who knows passphrase for deletegated keys and has access to them?
• Do we need a new key for every docker image / repo?
• Who is allowed to sign / push images ?

[rarkins]

• Who stores the root key (secure) ?

I can store it.

• Who knows passphrase for delegated keys and has access to them?

The reality is anyone with write access to a github repo can access secrets if they want. Which means anyone with write access or anyone who compromises someone with write access can published a signed image.

• Who is allowed to sign / push images ?

Presumably it would be as per above.

[viceice]

So we can use the same key and same passphrase for all images, as we only have one docker user for publish anyways.

[viceice]

So @rarkins needs to configure the keys and then i can configure the signing.

We should add a test docker image / repo first, so we can test everything and after we can add signing to all our images.

[nscuro]

With sigstore and cosign, we now have an easy-to-use alternative for image signing, which also works outside the Docker ecosystem. It also supports keyless signing, which addresses your concerns about key storage. GitHub itself blogged about it yesterday.

Renovate per design has access to a lot of sensible information. Having its images signed and verifyable would certainly be a great thing. Would this be something that you'd be interested in looking into?

[viceice]

• blocked by Sign container images containerbase/base#201

[JamieMagee]

Renovate images are now signed using cosign

Details

cosign verify docker.io/renovate/renovate:latest | jq .

Verification for index.docker.io/renovate/renovate:latest --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.
[
  {
    "critical": {
      "identity": {
        "docker-reference": "index.docker.io/renovate/renovate"
      },
      "image": {
        "docker-manifest-digest": "sha256:efff49102c74aec8fdd56a8405676fd16b6c02804813555c1b9306e7a0f26f50"
      },
      "type": "cosign container image signature"
    },
    "optional": {
      "Bundle": {
        "SignedEntryTimestamp": "MEQCIGPKSja6d/vdtEyzCsobBOe69pCIqPBSe/rohcRbNDDeAiARoabsa0EQARGVa75q+YlEJouURJp+SqikoOdr/5l6TQ==",
        "Payload": {
          "body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjNmRkOTE5MjZhNGUxNzE3NWE3NmNkNzNlOTY4MTQ0YWM0MjkyOTJjMWIzNzI3MGE0NmQ2ZWY5MTNhMjhjN2FlIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRFFZRWFINlJ1a0t5MzBUV01QWUpXSlhndWlwTFRhMGxpdG5DaXNqb0ZSTUFpRUFyUTBHR3ZKMDM4Q3cxRXNmbEJOTzNWcmdXT096UldTL0JZTWdsT1l0NURzPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTjVha05EUVd4SFowRjNTVUpCWjBsVlFVeEJVV0kxTmpJMFdWQm1RVTluYVUxMlJsTlZibEI2U1hnd2QwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1MycEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWtWM1JIZFpSRlpSVVVSRmQyaDZZVmRrZW1SSE9YbGFWRUZsUm5jd2VRcE5ha0Y0VFVSSmVFNTZWVEpOUkZaaFJuY3dlVTFxUVhoTlJFbDRUMFJCTWsxRVVtRk5RazE0UlZSQlVFSm5UbFpDUVc5VVEwaE9jRm96VGpCaU0wcHNDazFHYTNkRmQxbElTMjlhU1hwcU1FTkJVVmxKUzI5YVNYcHFNRVJCVVdORVVXZEJSVlZoZFM5T1N6aHNOazFsY1c1elR5dHRjRTlJWVcwclEyTjFhMFVLT1haSVozaDVhMll5TWpZM1EyUnhka3BsWTJwc1ZVOW9iblpsYld4RlltZE1VVEZpTjBWbFVHWTFlVGc0Y0hkbFFtZGxZVkE1WVVSbFlVOURRVmR2ZHdwblowWnRUVUUwUjBFeFZXUkVkMFZDTDNkUlJVRjNTVWhuUkVGVVFtZE9Wa2hUVlVWRVJFRkxRbWRuY2tKblJVWkNVV05FUVhwQlRVSm5UbFpJVWsxQ0NrRm1PRVZCYWtGQlRVSXdSMEV4VldSRVoxRlhRa0pVWmxKVFNITkVNRFZJZGtaYVVIZ3hUR1JTWlM5M2F6Y3hVVE5xUVdaQ1owNVdTRk5OUlVkRVFWY0taMEpTV1hkQ05XWnJWVmRzV25Gc05ucEtRMmhyZVV4UlMzTllSaXRxUW5GQ1owNVdTRkpGUlZsNlFtaG9iRGx2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NUXBaYVRWcVlqSXdkbU50Vm5WaU0xcG9aRWRXYVdJelVYWmFSemxxWVRKV2VVeFlTbXhpYlRreVdWaFNiRXhYV2pGaVIzZDJURzFrY0dSSGFERlphVGt6Q21JelNuSmFiWGgyWkROTmRsbHVWbkJpUjFGMVpWY3hjMUZJU214YWJrMTJZVWRXYUZwSVRYWmlWMFp3WW1wQlUwSm5iM0pDWjBWRlFWbFBMMDFCUlVNS1FrRlNkMlJZVG05TlJHdEhRMmx6UjBGUlVVSm5OemgzUVZGRlJVc3lhREJrU0VKNlQyazRkbVJIT1hKYVZ6UjFXVmRPTUdGWE9YVmplVFZ1WVZoU2J3cGtWMG94WXpKV2VWa3lPWFZrUjFaMVpFTTFhbUl5TUhkT1oxbExTM2RaUWtKQlIwUjJla0ZDUVhkUmIxcFVZekpPUjA1c1drUmpNbHBIVG0xT1JFWnRDazFxWXpSUFJHdDZXbXBTYWxwSFZUTk9WRlpyV2tSSk5VNHlVVE5PYWxKc1dYcEJTMEpuWjNGb2EycFBVRkZSUkVGM1RtNUJSRUpyUVdwQmEwbzVORlVLTTNKT1VWSkRSR3BEWWxReGMxVXhRM0kzUjBwaU1YQTRVM2RpUm1OVWQxWlRUM0UwVG1kUlRHZExjSEk1YWtSaVlVWXZhek5qVFUxM05ITkRUVVF2TUFveVpIb3JNSGt3Y1hGVlp6QkVPV2N3WjFSSU5ta3ZUVXhYVVU5dWJHMURUbUkzTUVwWk0xUXZiM1JHYmxwb2EySnBXak4zY1VseE5FVmpiekExWnowOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19",
          "integratedTime": 1641146166,
          "logIndex": 1018569,
          "logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"
        }
      },
      "Issuer": "https://token.actions.githubusercontent.com",
      "Subject": "https://github.com/renovatebot/docker-renovate-full/.github/workflows/build.yml@refs/heads/main"
    }
  }
]

Docker currently has an open item to use cosign for integrated image verification¹. Please give it a 👍

Footnotes

1. https://github.com/docker/roadmap/issues/269 ↩

[viceice]

I close this as we use cosign