diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2022-02-16 06:44:45 -0500 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2022-02-22 15:08:58 -0500 |
commit | 6f7a803d06e1fe5e760fcd87959f3290b7c460d2 (patch) | |
tree | c632ab7fbd856cde677657030567e936d5440e70 /docs | |
parent | d3903a85910979d8212028cf814574047015db58 (diff) | |
download | podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.gz podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.bz2 podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.zip |
Cleanup display of trust with transports
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/source/markdown/podman-image-trust.1.md | 114 |
1 files changed, 107 insertions, 7 deletions
diff --git a/docs/source/markdown/podman-image-trust.1.md b/docs/source/markdown/podman-image-trust.1.md index ba8d7fc2f..66d492922 100644 --- a/docs/source/markdown/podman-image-trust.1.md +++ b/docs/source/markdown/podman-image-trust.1.md @@ -40,6 +40,8 @@ Trust may be updated using the command **podman image trust set** for an existin #### **--help**, **-h** Print usage statement. +### set OPTIONS + #### **--pubkeysfile**=*KEY1*, **-f** A path to an exported public key on the local system. Key paths will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to @@ -54,14 +56,17 @@ Trust may be updated using the command **podman image trust set** for an existin registry scope **reject**: do not accept images for this registry scope -## show OPTIONS - -#### **--raw** - Output trust policy file as raw JSON +### show OPTIONS #### **--json**, **-j** Output trust as JSON for machine parsing +#### **--noheading**, **-n** + Omit the table headings from the trust listings + +#### **--raw** + Output trust policy file as raw JSON + ## EXAMPLES Accept all unsigned images from a registry @@ -74,15 +79,110 @@ Modify default trust policy Display system trust policy - sudo podman image trust show + podman image trust show +``` +TRANSPORT NAME TYPE ID STORE +all default reject +repository docker.io/library accept +repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore +repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore +repository docker.io reject +docker-daemon accept +``` Display trust policy file - sudo podman image trust show --raw + podman image trust show --raw +``` +{ + "default": [ + { + "type": "reject" + } + ], + "transports": { + "docker": { + "docker.io": [ + { + "type": "reject" + } + ], + "docker.io/library": [ + { + "type": "insecureAcceptAnything" + } + ], + "registry.access.redhat.com": [ + { + "type": "signedBy", + "keyType": "GPGKeys", + "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" + } + ], + "registry.redhat.io": [ + { + "type": "signedBy", + "keyType": "GPGKeys", + "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" + } + ] + }, + "docker-daemon": { + "": [ + { + "type": "insecureAcceptAnything" + } + ] + } + } +} +``` Display trust as JSON - sudo podman image trust show --json + podman image trust show --json +``` +[ + { + "transport": "all", + "name": "* (default)", + "repo_name": "default", + "type": "reject" + }, + { + "transport": "repository", + "name": "docker.io", + "repo_name": "docker.io", + "type": "reject" + }, + { + "transport": "repository", + "name": "docker.io/library", + "repo_name": "docker.io/library", + "type": "accept" + }, + { + "transport": "repository", + "name": "registry.access.redhat.com", + "repo_name": "registry.access.redhat.com", + "sigstore": "https://access.redhat.com/webassets/docker/content/sigstore", + "type": "signed", + "gpg_id": "security@redhat.com" + }, + { + "transport": "repository", + "name": "registry.redhat.io", + "repo_name": "registry.redhat.io", + "sigstore": "https://registry.redhat.io/containers/sigstore", + "type": "signed", + "gpg_id": "security@redhat.com" + }, + { + "transport": "docker-daemon", + "type": "accept" + } +] +``` ## SEE ALSO **[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)** |