diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-01-09 09:09:10 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-09 09:09:10 -0800 |
| commit | c37f73159609b203545ca6fe54c86b9deacfca21 (patch) | |
| tree | f62b1f897d54bc084137b7889cd04afb59798cc6 /docs/podman-image-sign.1.md | |
| parent | 7b9d4f1c92a644df612b142183023b265256bdff (diff) | |
| parent | bce22dc6210cfdbf045bb14cdd12e0b8f409c6c9 (diff) | |
| download | podman-c37f73159609b203545ca6fe54c86b9deacfca21.tar.gz podman-c37f73159609b203545ca6fe54c86b9deacfca21.tar.bz2 podman-c37f73159609b203545ca6fe54c86b9deacfca21.zip | |
Merge pull request #2040 from QiWang19/signimg
Support podman image sign
Diffstat (limited to 'docs/podman-image-sign.1.md')
| -rw-r--r-- | docs/podman-image-sign.1.md | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/docs/podman-image-sign.1.md b/docs/podman-image-sign.1.md new file mode 100644 index 000000000..c4f3c6676 --- /dev/null +++ b/docs/podman-image-sign.1.md @@ -0,0 +1,52 @@ +% podman-image-sign(1) + +# NAME +podman-image-sign- Create a signature for an image + +# SYNOPSIS +**podman image sign** +[**-h**|**--help**] +[**-d**, **--directory**] +[**--sign-by**] +[ IMAGE... ] + +# DESCRIPTION +**podmain image sign** will create a local signature for one or more local images that have +been pulled from a registry. The signature will be written to a directory +derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory. + +# OPTIONS +**-h** **--help** + Print usage statement. + +**-d** **--directory** + Store the signatures in the specified directory. Default: /var/lib/containers/sigstore + +**--sign-by** + Override the default identity of the signature. + +# EXAMPLES +Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/. + + sudo podman image sign --sign-by foo@bar.com -d /tmp/signatures transport://privateregistry.example.com/foobar + +# RELATED CONFIGURATION + +The write (and read) location for signatures is defined in YAML-based +configuration files in /etc/containers/registries.d/. When you sign +an image, podman will use those configuration files to determine +where to write the signature based on the the name of the originating +registry or a default storage value unless overriden with the -d +option. For example, consider the following configuration file. + +docker: + privateregistry.example.com: + sigstore: file:///var/lib/containers/sigstore + +When signing an image preceeded with the registry name 'privateregistry.example.com', +the signature will be written into subdirectories of +/var/lib/containers/sigstore/privateregistry.example.com. The use of 'sigstore' also means +the signature will be 'read' from that same location on a pull-related function. + +# HISTORY +November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com) |