Sign published docker images [ossf silver]

[bnevis-i]

🚀 Feature Request

Description

Enable image signing for image published to Docker Hub.

Use case is that this enables end-users to pull images where DOCKER_CONTENT_TRUST=1.

OpenSSF silver badge requirement:
The project MUST cryptographically sign releases of the project results intended for widespread use, and there MUST be a documented process explaining to users how they can obtain the public signing keys and verify the signature(s). The private key for these signature(s) MUST NOT be on site(s) used to directly distribute the software to the public. If releases are not intended for widespread use, select "not applicable" (N/A). [signed_releases]
The project results include both source code and any generated deliverables where applicable (e.g., executables, packages, and containers). Generated deliverables MAY be signed separately from source code. These MAY be implemented as signed git tags (using cryptographic digital signatures). Projects MAY provide generated results separately from tools like git, but in those cases, the separate results MUST be separately signed.

Docker Hub Image Signing Requirements

(Note: emphasis added for specific requirements.)

From https://docs.docker.com/docker-hub/publish/trustchain/

The Docker Hub has a thorough and well-defined certification process to ensure top-quality content from producers is delivered to consumers in a trusted manner. As a producer of content, you are required to sign your images so that Docker can verify that your content is not tampered with upon starting the image certification and publishing process as outlined below:

Producers sign and push their images using Docker Content Trust to a private staging area. To do this, run a docker push command with Content Trust enabled:

 DOCKER_CONTENT_TRUST=1 docker push <image>

Docker verifies the signatures to guarantee authenticity, integrity, and freshness of the image. All of the individual layers of your image, and the combination thereof, are encompassed as part of this verification check. Read more detail about Content Trust in Docker’s documentation.

Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Hub certification team.

The Docker Hub certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks.

Upon a successful review, Docker signs the image and makes it officially available on Docker Hub. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers confirm that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust:

 DOCKER_CONTENT_TRUST=1 docker pull <image>

 DOCKER_CONTENT_TRUST=1 docker run <image>

Notes

It seems possible (experimentally verified) to sign image published to dockerhub using docker content trust, even if you don't request an officially vetted image.