From 53a7e096dd6d50b383cf31a3577b94b651197f8e Mon Sep 17 00:00:00 2001
From: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Date: Mon, 3 Apr 2017 11:09:04 -0700
Subject: [PATCH] Sign and verify kernel image on make push

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
---
 kernel/Makefile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/kernel/Makefile b/kernel/Makefile
index fea4fdcde..110c0b2dd 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -71,6 +71,15 @@ push: image
 	docker rmi $(IMAGE):build
 	rm -f hash
 
+sign: image
+	DOCKER_CONTENT_TRUST=1 docker pull mobylinux/$(IMAGE):$(IMAGE_VERSION) || \
+		(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(IMAGE_VERSION) && \
+		 DOCKER_CONTENT_TRUST=1 docker push mobylinux/$(IMAGE):$(IMAGE_VERSION) && \
+		 docker tag $(IMAGE):build mobylinux/$(IMAGE):$(IMAGE_MAJOR_VERSION) && \
+		 DOCKER_CONTENT_TRUST=1 docker push mobylinux/$(IMAGE):$(IMAGE_MAJOR_VERSION))
+	docker rmi $(IMAGE):build
+	rm -f hash
+
 tag: image
 	(docker tag $(IMAGE):build mobylinux/$(IMAGE):$(IMAGE_VERSION) && \
 	docker tag $(IMAGE):build mobylinux/$(IMAGE):$(IMAGE_MAJOR_VERSION))