▲ | matt_kantor 2 days ago | |||||||
docker-pushmi-pullyu does a vanilla `docker pull`[1] on the remote side, so you should be able to set `DOCKER_CONTENT_TRUST` in the remote environment to get whatever behavior you want (though admittedly I have not tested this). If there's desire for an option to specify `--disable-content-trust` during push and/or pull I'll happily add it. Please file an issue if this is something you want. [1]: https://github.com/mkantor/docker-pushmi-pullyu/blob/12d2893... | ||||||||
▲ | westurner a day ago | parent [-] | |||||||
Should it be set in both the local and remote envs? What does it do if there's no signature? Do images built and signed with podman and cosign work with docker; are the artifact signatures portable across container CLIs docker, nerdctl, and podman? | ||||||||
|