docker-signatures

Release 1.0.1

docker signatures ensure that a Docker Image has all signatures

Homepage PyPI Python

Keywords
docker, docker-security, docker-signatures, docker-trusted-registry
License
OSET-PL-2.1
Install
pip install docker-signatures==1.0.1

Documentation

Docker-Signatures

Docker signatures ensure that a Docker Image has all required signatures.

Why

This project helps you to parse "Docker trust inspect" command and checks if all the signatures you need are included in the Docker Image

Install

> pip install docker-signatures

Usage examples

Checking one signer

> docker trust inspect --pretty dtr.example.com/admin/demo:1
Signatures for dtr.example.com/admin/demo:1

SIGNED TAG          DIGEST                                                             SIGNERS
1                   3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   jeff

List of signers and their keys for dtr.example.com/admin/demo:1

SIGNER              KEYS
jeff                8ae710e3ba82

Administrative keys for dtr.example.com/admin/demo:1

  Repository Key:	10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27
  Root Key:	84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc

Checking if 'Paul' signature are included in Docker Image:

> docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures Paul 
[!] Missing signer: 'Paul'
> echo $?
1

Checking if 'jeff' signature are included in Docker Image:

> docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures jeff
> echo $?
0

Checking any number of signers

> docker trust inspect --pretty dtr.example.com/admin/demo:1
Signatures for dtr.example.com/admin/demo:1

SIGNED TAG          DIGEST                                                             SIGNERS
1                   3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   jeff
2                   1111182b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e   Joan

List of signers and their keys for dtr.example.com/admin/demo:1

SIGNER              KEYS
jeff                8ae710e3ba82
Joan                8ae710e3bXXX

Administrative keys for dtr.example.com/admin/demo:1

  Repository Key:	10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27
  Root Key:	84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fc

Checking that signatures of 'jeff' and 'Joan' are included:

> docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures jeff Joan
> echo $?
0 
NOTE: **docker-signatures** also works with JSON output of **docker trust inspect** command.

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
2
Latest release
First release
Stars
1
Forks
0
Watchers
1
Contributors
1
Repository size
11.7 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

1.0.1
1.0.0

Contributors

cr0hn


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-08-28 13:50:17 UTC

Login to resync this project