diff options
Diffstat (limited to 'docs/podman-image-trust.1.md')
-rw-r--r-- | docs/podman-image-trust.1.md | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/docs/podman-image-trust.1.md b/docs/podman-image-trust.1.md index f96a7996f..7c5b70833 100644 --- a/docs/podman-image-trust.1.md +++ b/docs/podman-image-trust.1.md @@ -1,19 +1,13 @@ -% podman-image-trust "1" +% podman-image-trust(1) -# NAME +## NAME podman\-image\-trust - Manage container registry image trust policy -# SYNOPSIS -**podman image trust** set|show -[**-h**|**--help**] -[**-j**|**--json**] -[**--raw**] -[**-f**|**--pubkeysfile** KEY1 [**-f**|**--pubkeysfile** KEY2,...]] -[**-t**|**--type** signedBy|accept|reject] -REGISTRY[/REPOSITORY] +## SYNOPSIS +**podman image trust** set|show [*options*] *REGISTRY[/REPOSITORY]* -# DESCRIPTION +## DESCRIPTION Manages which registries you trust as a source of container images based on its location. The location is determined by the transport and the registry host of the image. Using this container image `docker://docker.io/library/busybox` as an example, `docker` is the transport and `docker.io` is the registry host. @@ -40,32 +34,33 @@ Require signature (“signedBy”). Trust may be updated using the command **podman image trust set** for an existing trust scope. -# OPTIONS -**-h** **--help** +## OPTIONS +**-h**, **--help** Print usage statement. -**-f** **--pubkeysfile** +**-f**, **--pubkeysfile**=*KEY1* A path to an exported public key on the local system. Key paths will be referenced in policy.json. Any path to a file may be used but locating the file in **/etc/pki/containers** is recommended. Options may be used multiple times to require an image be signed by multiple keys. The **--pubkeysfile** option is required for the **signedBy** type. -**-t** **--type** - The trust type for this policy entry. Accepted values: +**-t**, **--type**=*value* + The trust type for this policy entry. + Accepted values: **signedBy** (default): Require signatures with corresponding list of public keys **accept**: do not require any signatures for this registry scope **reject**: do not accept images for this registry scope -# show OPTIONS +## show OPTIONS **--raw** Output trust policy file as raw JSON -**-j** **--json** +**-j**, **--json** Output trust as JSON for machine parsing -# EXAMPLES +## EXAMPLES Accept all unsigned images from a registry @@ -87,10 +82,10 @@ Display trust as JSON sudo podman image trust show --json -# SEE ALSO +## SEE ALSO policy-json(5) -# HISTORY +## HISTORY January 2019, updated by Tom Sweeney (tsweeney at redhat dot com) December 2018, originally compiled by Qi Wang (qiwan at redhat dot com) |