4

I am trying to build, sign, and push a multi-arch container image using a Harbor registry with Notary. Following the steps in https://www.cncf.io/blog/2021/07/28/enforcing-image-trust-on-docker-containers-using-notary/ I was able to get the simple example working with DOCKER_CONTENT_TRUST_SERVER pointing to the URL of my notary server.

However, when I try to build and push a multi-arch image, I do not get prompted about the trust metadata and it seems to completely skip the signing step. The command I'm running to build and push the multi-arch image is:

docker buildx build --file Dockerfile --push --platform linux/arm64,linux/amd64 --tag myharborregistry.com/myimage:latest .

Is there some extra step required to enable Docker Content Trust with buildx? Perhaps there is a flag that I am missing or some additional configuration needed for the builder?

Spencer Small
  • 91
  • 1
  • 1
  • 5
  • It's been a while and I was wondering if you ever resolved signing multi-platform images? I am trying the notary approach without success so far: https://stackoverflow.com/questions/75380323/docker-notary-client-for-multi-platform-image-publishing-succeeds-but-tag-is-not – J.R. Feb 08 '23 at 00:48

0 Answers0