Create a directory for your Notary server. In the code snippets below we will use notarybox
.
Create a dockerfile with the following content:
FROM ubuntu RUN apt-get update \ && apt-get install -y \ tree \ vim \ git \ ca-certificates \ curl \ --no-install-recommends RUN install -m 0755 -d /etc/apt/keyrings \ && curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc \ && chmod a+r /etc/apt/keyrings/docker.asc RUN echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ tee /etc/apt/sources.list.d/docker.list > /dev/null RUN apt-get update && apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin WORKDIR /root RUN git clone https://github.com/docker/notary.git && \ cp /root/notary/fixtures/root-ca.crt /usr/local/share/ca-certificates/root-ca.crt && \ update-ca-certificates ENTRYPOINT ["bash”]
Use a private certificate
This configuration runs with a public certificate. Any Docker client running with the same public certificate may be able to access your Notary server.
For a secure setup, we recommend replacing it with your organization's private certificate by replacing the public root-ca.crt
certificate file with your private certificate under /root/notary/fixtures
on your Notary server, and under/usr/local/share/ca-certificates
on the machine running your Docker client.
Build the test image:
docker build -t [image name] [path to dockerfile]
If you are running the build in your dockerfile directory, you can just use "."
as the path to the Docker file.
Start the Notary server:
To start the Notary server, you first need to have Docker Compose installed.
Then execute the following steps:
cd notarybox git clone -b trust-sandbox https://github.com/docker/notary.git cd notary docker-compose build docker-compose up -d