Docker-py: Trusted pulls from notary server are not supported

Created on 9 Oct 2017  路  3Comments  路  Source: docker/docker-py

This is related to https://github.com/docker/compose/issues/4787.

There doesn't seem to be any way within the Python API to get the equivalent of what the Go CLI supports via the DOCKER_CONTENT_TRUST and DOCKER_CONTENT_TRUST_SERVER environment variables as described here:

https://docs.docker.com/engine/security/trust/trust_sandbox/

Since docker-compose is based on docker-py, that would seem it can't do trusted pulls. Is that right? If so, that's a fairly serious limitation.

Is there any plan or timeline to add support for notary servers? There is a Python library which implements tuf support (https://github.com/theupdateframework/tuf), so adding support for a notary server to docker-py would seem to be a matter of integrating it the same way the Go bindings are used in docker/cli.

kinfeature-request
Source
picture mbolivar
👍9

Most helpful comment

Any idea if this is going to be looked at? With the security breach with dockerhub this feature is more important than ever.

picture TOoSmOotH on 29 Apr 2019
👍3

All 3 comments

yeah went from using subprocess to docker sdk and now back to subprocess because I need this feature...

theo-walton picture theo-walton on 15 Nov 2018

Any idea if this is going to be looked at? With the security breach with dockerhub this feature is more important than ever.

TOoSmOotH picture TOoSmOotH on 29 Apr 2019
👍3

Any update on this?
DOCKER_CONTENT_TRUST is an important feature that forces all of us to use subprocess instead of docker-py.

bznein picture bznein on 29 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sureshsankaran picture sureshsankaran  路  4Comments
pavdmyt picture pavdmyt  路  3Comments
vickydgm picture vickydgm  路  4Comments
cizixs picture cizixs  路  3Comments
Lerring picture Lerring  路  3Comments