Enable Content Trust checking when pulling lambci/lambda images #6992
Conversation
This ensures that the images are signed correctly: https://docs.docker.com/v17.09/engine/security/trust/content_trust/
Codecov Report
@@ Coverage Diff @@
## master #6992 +/- ##
=======================================
Coverage 88.43% 88.43%
=======================================
Files 229 229
Lines 8420 8420
=======================================
Hits 7446 7446
Misses 974 974
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Hey @mhart thanks for working on this! 👍
I just tested it and it works fine. I'm not all too familiar with Docker internals. Would this be a breaking change or will this flag be ignored if old Docker versions don't support this (if that's an option)? Just want to make sure that this is non-breaking for anyone.
Other than that I'd say it's GTM 
There was a problem hiding this comment.
Just looked into this again. Apparently content trust was introduced in Docker Engine 1.8 which was released in 2015, long before we added Docker support for invoke local, so we should be fine here.
Merging...
What did you implement
Added the
--disable-content-trust=falseflag to thedocker pullcommand to ensure that images are signed correctly (lambci/lambdaimages are now signed):https://docs.docker.com/v17.09/engine/security/trust/content_trust/
How can we verify it
Run invoke local with the docker option
Todos
You could potentially add an option for this in case people don't want to check signed images...? Not sure why they'd want that.
The other way to implement it would be to set
DOCKER_CONTENT_TRUST=1in the environment that you spawn the Docker command with. Not sure if you'd prefer that eitherIs this ready for review?: YES
Is it a breaking change?: NO