Signing the Container
The Singularity 3.0 family introduced the ability to create (and manage) PGP keys to sign and verify containers. This provides a trusted method for Singularity users to share containers and ensures a bit-for-bit reproduction of the original container as the author intended.
For security purposes, it is important that private keys remain private. Singularity Container Services only stores your public key information. In this example, pull the TensorFlow container previously created, sign it, then store the signed container in the SCS Library.
Generating and managing PGP keys
To sign your containers you first need to generate one or more keys with Singularity CLI, which can then be pushed to the SCS Keystore.
Create a new keypair by entering the email address associated with our Singularity Container Services account.
We’ll then enter our account details, add a comment and passphrase (which will not be displayed) and have the Singularity client push it to the keystore.