Enable Content Trust checking when pulling lambci/lambda images

This ensures that the images are signed correctly: https://docs.docker.com/v17.09/engine/security/trust/content_trust/
serverless · Nov 21, 2019 · 5e2e09a · 5e2e09a
1 parent 05eec83
commit 5e2e09a
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/lib/plugins/aws/invokeLocal/index.js b/lib/plugins/aws/invokeLocal/index.js
@@ -243,7 +243,11 @@ class AwsInvokeLocal {
     this.serverless.cli.log('Downloading base Docker image...');
 
     return new BbPromise((resolve, reject) => {
-      const docker = spawn('docker', ['pull', `lambci/lambda:${runtime}`]);
+      const docker = spawn('docker', [
+        'pull',
+        '--disable-content-trust=false',
+        `lambci/lambda:${runtime}`,
+      ]);
       docker.on('exit', error => {
         return error ? reject(error) : resolve();
       });

diff --git a/lib/plugins/aws/invokeLocal/index.test.js b/lib/plugins/aws/invokeLocal/index.test.js
@@ -1219,7 +1219,7 @@ describe('AwsInvokeLocal', () => {
         ]);
         expect(spawnStub.getCall(2).args).to.deep.equal([
           'docker',
-          ['pull', 'lambci/lambda:nodejs12.x'],
+          ['pull', '--disable-content-trust=false', 'lambci/lambda:nodejs12.x'],
         ]);
         expect(spawnStub.getCall(3).args).to.deep.equal([
           'docker',