▲ | westurner a day ago | |
Should it be set in both the local and remote envs? What does it do if there's no signature? Do images built and signed with podman and cosign work with docker; are the artifact signatures portable across container CLIs docker, nerdctl, and podman? | ||
▲ | westurner a day ago | parent [-] | |
From nerdctl/docs/cosign.md "Container Image Sign and Verify with cosign tool" https://github.com/containerd/nerdctl/blob/main/docs/cosign.... ; handily answering my own question aloud: Sign the container image while pushing, verify the signature on fetch/pull:
|