Sign images

Based on my understanding, we can use your [signing key](https://github.com/swiftlang/swift-docker/blame/be302a8084a4a20e2fa3afd36c023f34ae607ef5/6.1/ubuntu/24.04/Dockerfile#L31), which allows us to verify the [integrity of the tarballs](https://github.com/swiftlang/swift-docker/blame/be302a8084a4a20e2fa3afd36c023f34ae607ef5/6.1/ubuntu/24.04/Dockerfile#L65).

However, I as far I know, the docker images themselves are not signed  because [the source code](https://github.com/swiftlang/swift-docker/blame/main/6.1/ubuntu/24.04/Dockerfile#L31) does not appear to indicate that the images are being signed

Can we please sign the images with tools like [cosign](https://github.com/sigstore/cosign)? 

If there is any supported method to verify the images, please direct me as needed

Additional context:  https://forums.swift.org/t/how-to-validate-the-integrity-of-the-docker-images/82916

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Sign images #512

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Sign images #512

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions