aboutsummaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2022-02-16 06:44:45 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2022-02-22 15:08:58 -0500
commit6f7a803d06e1fe5e760fcd87959f3290b7c460d2 (patch)
treec632ab7fbd856cde677657030567e936d5440e70 /docs
parentd3903a85910979d8212028cf814574047015db58 (diff)
downloadpodman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.gz
podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.tar.bz2
podman-6f7a803d06e1fe5e760fcd87959f3290b7c460d2.zip
Cleanup display of trust with transports
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'docs')
-rw-r--r--docs/source/markdown/podman-image-trust.1.md114
1 files changed, 107 insertions, 7 deletions
diff --git a/docs/source/markdown/podman-image-trust.1.md b/docs/source/markdown/podman-image-trust.1.md
index ba8d7fc2f..66d492922 100644
--- a/docs/source/markdown/podman-image-trust.1.md
+++ b/docs/source/markdown/podman-image-trust.1.md
@@ -40,6 +40,8 @@ Trust may be updated using the command **podman image trust set** for an existin
#### **--help**, **-h**
Print usage statement.
+### set OPTIONS
+
#### **--pubkeysfile**=*KEY1*, **-f**
A path to an exported public key on the local system. Key paths
will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to
@@ -54,14 +56,17 @@ Trust may be updated using the command **podman image trust set** for an existin
registry scope
**reject**: do not accept images for this registry scope
-## show OPTIONS
-
-#### **--raw**
- Output trust policy file as raw JSON
+### show OPTIONS
#### **--json**, **-j**
Output trust as JSON for machine parsing
+#### **--noheading**, **-n**
+ Omit the table headings from the trust listings
+
+#### **--raw**
+ Output trust policy file as raw JSON
+
## EXAMPLES
Accept all unsigned images from a registry
@@ -74,15 +79,110 @@ Modify default trust policy
Display system trust policy
- sudo podman image trust show
+ podman image trust show
+```
+TRANSPORT NAME TYPE ID STORE
+all default reject
+repository docker.io/library accept
+repository registry.access.redhat.com signed security@redhat.com https://access.redhat.com/webassets/docker/content/sigstore
+repository registry.redhat.io signed security@redhat.com https://registry.redhat.io/containers/sigstore
+repository docker.io reject
+docker-daemon accept
+```
Display trust policy file
- sudo podman image trust show --raw
+ podman image trust show --raw
+```
+{
+ "default": [
+ {
+ "type": "reject"
+ }
+ ],
+ "transports": {
+ "docker": {
+ "docker.io": [
+ {
+ "type": "reject"
+ }
+ ],
+ "docker.io/library": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ],
+ "registry.access.redhat.com": [
+ {
+ "type": "signedBy",
+ "keyType": "GPGKeys",
+ "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+ }
+ ],
+ "registry.redhat.io": [
+ {
+ "type": "signedBy",
+ "keyType": "GPGKeys",
+ "keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
+ }
+ ]
+ },
+ "docker-daemon": {
+ "": [
+ {
+ "type": "insecureAcceptAnything"
+ }
+ ]
+ }
+ }
+}
+```
Display trust as JSON
- sudo podman image trust show --json
+ podman image trust show --json
+```
+[
+ {
+ "transport": "all",
+ "name": "* (default)",
+ "repo_name": "default",
+ "type": "reject"
+ },
+ {
+ "transport": "repository",
+ "name": "docker.io",
+ "repo_name": "docker.io",
+ "type": "reject"
+ },
+ {
+ "transport": "repository",
+ "name": "docker.io/library",
+ "repo_name": "docker.io/library",
+ "type": "accept"
+ },
+ {
+ "transport": "repository",
+ "name": "registry.access.redhat.com",
+ "repo_name": "registry.access.redhat.com",
+ "sigstore": "https://access.redhat.com/webassets/docker/content/sigstore",
+ "type": "signed",
+ "gpg_id": "security@redhat.com"
+ },
+ {
+ "transport": "repository",
+ "name": "registry.redhat.io",
+ "repo_name": "registry.redhat.io",
+ "sigstore": "https://registry.redhat.io/containers/sigstore",
+ "type": "signed",
+ "gpg_id": "security@redhat.com"
+ },
+ {
+ "transport": "docker-daemon",
+ "type": "accept"
+ }
+]
+```
## SEE ALSO
**[containers-policy.json(5)](https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md)**