Cleanup display of trust with transports

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: Daniel J Walsh <dwalsh@redhat.com> 2022-02-16 06:44:45 -0500
committer: Daniel J Walsh <dwalsh@redhat.com> 2022-02-22 15:08:58 -0500
commit: 6f7a803d06e1fe5e760fcd87959f3290b7c460d2 (patch)
tree: c632ab7fbd856cde677657030567e936d5440e70 /docs/source
parent: d3903a85910979d8212028cf814574047015db58 (diff)
download: podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.gz
podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.bz2
podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.zip
1 files changed, 107 insertions, 7 deletions
diff --git a/docs/source/markdown/podman-image-trust.1.md b/docs/source/markdown/podman-image-trust.1.md
index ba8d7fc2f..66d492922 100644
--- a/docs/source/markdown/podman-image-trust.1.md
+++ b/docs/source/markdown/podman-image-trust.1.md
@@ -40,6 +40,8 @@ Trust may be updated using the command **podman image trust set** for an existin
 #### **--help**, **-h**
   Print usage statement.
 
+### set OPTIONS
+
 #### **--pubkeysfile**=*KEY1*, **-f**
   A path to an exported public key on the local system. Key paths
   will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to
@@ -54,14 +56,17 @@ Trust may be updated using the command **podman image trust set** for an existin
             registry scope
     **reject**: do not accept images for this registry scope
 
-## show OPTIONS
-
-#### **--raw**
-  Output trust policy file as raw JSON
+### show OPTIONS
 
 #### **--json**, **-j**
   Output trust as JSON for machine parsing
 
+#### **--noheading**, **-n**
+  Omit the table headings from the trust listings
+
+#### **--raw**
+  Output trust policy file as raw JSON
+
 ## EXAMPLES
 
 Accept all unsigned images from a registry
@@ -74,15 +79,110 @@ Modify default trust policy
 
 Display system trust policy
 
-    sudo podman image trust show
+    podman image trust show
+```
+TRANSPORT      NAME                        TYPE        ID                   STORE
+all            default                     reject
+repository     docker.io/library           accept
+repository     registry.access.redhat.com  signed      security@redhat.com  https://access.redhat.com/webassets/docker/content/sigstore
+repository     registry.redhat.io          signed      security@redhat.com  https://registry.redhat.io/containers/sigstore
+repository     docker.io                   reject
+docker-daemon                              accept
+```
 
 Display trust policy file
 
-   sudo podman image trust show --raw
+	podman image trust show --raw
+```
+{
+    "default": [
+        {
+            "type": "reject"
+        }
+    ],
+    "transports": {
+        "docker": {
+            "docker.io": [
+                {
+                    "type": "reject"
+                }
+            ],
+            "docker.io/library": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ],
+            "registry.access.redhat.com": [
+                {
+                    "type": "signedBy",
+                    "keyType": "GPGKeys",
+                    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+                }
+            ],
+            "registry.redhat.io": [
+                {
+                    "type": "signedBy",
+                    "keyType": "GPGKeys",
+                    "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+                }
+            ]
+        },
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        }
+    }
+}
+```
 
 Display trust as JSON
 
-   sudo podman image trust show --json
+	podman image trust show --json
+```
+[
+  {
+    "transport": "all",
+    "name": "* (default)",
+    "repo_name": "default",
+    "type": "reject"
+  },
+  {
+    "transport": "repository",
+    "name": "docker.io",
+    "repo_name": "docker.io",
+    "type": "reject"
+  },
+  {
+    "transport": "repository",
+    "name": "docker.io/library",
+    "repo_name": "docker.io/library",
+    "type": "accept"
+  },
+  {
+    "transport": "repository",
+    "name": "registry.access.redhat.com",
+    "repo_name": "registry.access.redhat.com",
+    "sigstore": "https://access.redhat.com/webassets/docker/content/sigstore",
+    "type": "signed",
+    "gpg_id": "security@redhat.com"
+  },
+  {
+    "transport": "repository",
+    "name": "registry.redhat.io",
+    "repo_name": "registry.redhat.io",
+    "sigstore": "https://registry.redhat.io/containers/sigstore",
+    "type": "signed",
+    "gpg_id": "security@redhat.com"
+  },
+  {
+    "transport": "docker-daemon",
+    "type": "accept"
+  }
+]
+```
 
 ## SEE ALSO
 **[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)**
author	Daniel J Walsh <dwalsh@redhat.com>	2022-02-16 06:44:45 -0500
committer	Daniel J Walsh <dwalsh@redhat.com>	2022-02-22 15:08:58 -0500
commit	6f7a803d06e1fe5e760fcd87959f3290b7c460d2 (patch)
tree	c632ab7fbd856cde677657030567e936d5440e70 /docs/source
parent	d3903a85910979d8212028cf814574047015db58 (diff)
download	podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.gz podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.bz2 podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.zip