Docker signatures ensure that a Docker Image has all required signatures.
This project helps you to parse "Docker trust inspect" command and checks if all the signatures you need are included in the Docker Image
> pip install docker-signatures> docker trust inspect --pretty dtr.example.com/admin/demo:1
Signatures for dtr.example.com/admin/demo:1
SIGNED TAG DIGEST SIGNERS
1 3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e jeff
List of signers and their keys for dtr.example.com/admin/demo:1
SIGNER KEYS
jeff 8ae710e3ba82
Administrative keys for dtr.example.com/admin/demo:1
Repository Key: 10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27
Root Key: 84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fcChecking if 'Paul' signature are included in Docker Image:
> docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures Paul
[!] Missing signer: 'Paul'
> echo $?
1Checking if 'jeff' signature are included in Docker Image:
> docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures jeff
> echo $?
0 > docker trust inspect --pretty dtr.example.com/admin/demo:1
Signatures for dtr.example.com/admin/demo:1
SIGNED TAG DIGEST SIGNERS
1 3d2e482b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e jeff
2 1111182b82608d153a374df3357c0291589a61cc194ec4a9ca2381073a17f58e Joan
List of signers and their keys for dtr.example.com/admin/demo:1
SIGNER KEYS
jeff 8ae710e3ba82
Joan 8ae710e3bXXX
Administrative keys for dtr.example.com/admin/demo:1
Repository Key: 10b5e94c916a0977471cc08fa56c1a5679819b2005ba6a257aa78ce76d3a1e27
Root Key: 84ca6e4416416d78c4597e754f38517bea95ab427e5f95871f90d460573071fcChecking that signatures of 'jeff' and 'Joan' are included:
> docker trust inspect --pretty dtr.example.com/admin/demo:1 | docker-signatures jeff Joan
> echo $?
0 NOTE: **docker-signatures** also works with JSON output of **docker trust inspect** command.