Docker has tackled the problem of secure application container distribution with a new system that supports signing container images using public key cryptography.
The new feature, known as Docker Content Trust, is the main attraction of Docker 1.8, the latest version of the tool suite that was announced on Wednesday.
"Before a publisher pushes an image to a remote registry, Docker Engine signs the image locally with the publisher's private key," Docker security boss Diogo Mónica said in a blog post outlining the process. "When you later pull this image, Docker Engine uses the publisher's public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with and is up to date."
Docker is basing its code-signing capabilities on Notary, a standalone piece of software that it first unveiled at the DockerCon 2015 conference in June. Notary, in turn, is based on The Update Framework (TUF), a project that offers both a specification and a code library for generic software update systems.
At DockerCon, Docker CTO Solomon Hykes explained that he likes the TUF design because it not only offers protection against content forgery and various forms of man-in-the-middle attacks, but it also offers what the TUF project calls "survivable key compromise."
"Basically it means if one of the keys in the system gets lost or stolen, you're in trouble, but you're not completely, impossibly screwed," Hykes said. "It means you can apply regular policies to deal with the issue, depending on the magnitude, instead of going out of business."
Docker believes in shipping code early and often – and often it puts it out before it's fully baked – and so for the 1.8 release, Docker Content Trust is an optional feature that must be enabled by setting an environment variable.
If your interest is piqued, however, there's a detailed description of the new trust model available here.
In addition to Docker Content Trust, the Docker 1.8 release includes the customary upgrades to the Docker Engine, Registry, and related tools. Plugins to support various types of storage volumes, which were experimental in the previous version, are considered stable in Engine 1.8. Docker Registry, meanwhile, has been upped to version 2.1 and is faster and supports new cloud storage drivers for Aliyun OSS, Ceph Rados, and OpenStack Swift. The Compose, Machine, and Swarm orchestration tools have also been improved.
Full release notes for Docker 1.8, including download links, are available on the project's public GitHub repo, here. ®