diff options
| author | Qi Wang <qiwan@redhat.com> | 2018-12-12 15:48:21 -0500 |
|---|---|---|
| committer | Qi Wang <qiwan@redhat.com> | 2019-01-08 09:53:18 -0500 |
| commit | bce22dc6210cfdbf045bb14cdd12e0b8f409c6c9 (patch) | |
| tree | e6baf46f88b1c2af0dc460ca9c053f53bd892e3c /docs/podman-image-sign.1.md | |
| parent | faa24627bb19d67b0e7a681673deb58922a634c1 (diff) | |
| download | podman-bce22dc6210cfdbf045bb14cdd12e0b8f409c6c9.tar.gz podman-bce22dc6210cfdbf045bb14cdd12e0b8f409c6c9.tar.bz2 podman-bce22dc6210cfdbf045bb14cdd12e0b8f409c6c9.zip | |
[WIP]Support podman image sign
Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/).
Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'docs/podman-image-sign.1.md')
| -rw-r--r-- | docs/podman-image-sign.1.md | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/docs/podman-image-sign.1.md b/docs/podman-image-sign.1.md new file mode 100644 index 000000000..c4f3c6676 --- /dev/null +++ b/docs/podman-image-sign.1.md @@ -0,0 +1,52 @@ +% podman-image-sign(1) + +# NAME +podman-image-sign- Create a signature for an image + +# SYNOPSIS +**podman image sign** +[**-h**|**--help**] +[**-d**, **--directory**] +[**--sign-by**] +[ IMAGE... ] + +# DESCRIPTION +**podmain image sign** will create a local signature for one or more local images that have +been pulled from a registry. The signature will be written to a directory +derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory. + +# OPTIONS +**-h** **--help** + Print usage statement. + +**-d** **--directory** + Store the signatures in the specified directory. Default: /var/lib/containers/sigstore + +**--sign-by** + Override the default identity of the signature. + +# EXAMPLES +Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/. + + sudo podman image sign --sign-by foo@bar.com -d /tmp/signatures transport://privateregistry.example.com/foobar + +# RELATED CONFIGURATION + +The write (and read) location for signatures is defined in YAML-based +configuration files in /etc/containers/registries.d/. When you sign +an image, podman will use those configuration files to determine +where to write the signature based on the the name of the originating +registry or a default storage value unless overriden with the -d +option. For example, consider the following configuration file. + +docker: + privateregistry.example.com: + sigstore: file:///var/lib/containers/sigstore + +When signing an image preceeded with the registry name 'privateregistry.example.com', +the signature will be written into subdirectories of +/var/lib/containers/sigstore/privateregistry.example.com. The use of 'sigstore' also means +the signature will be 'read' from that same location on a pull-related function. + +# HISTORY +November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com) |