Although the SIF module includes functions to sign and verify in its integrity package, these are not exposed in the siftool CLI. This means that in order to sign/verify an image, a user must install SingularityCE, or write a custom tool.
In CI/CD workflows, it can be cumbersome to install SingularityCE purely for the purpose of signing an image. To simplify these workflows, we should add siftool sign/siftool verify commands.
Although the SIF module includes functions to sign and verify in its integrity package, these are not exposed in the
siftoolCLI. This means that in order to sign/verify an image, a user must install SingularityCE, or write a custom tool.In CI/CD workflows, it can be cumbersome to install SingularityCE purely for the purpose of signing an image. To simplify these workflows, we should add
siftool sign/siftool verifycommands.