GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
podman-image-sign(1) FreeBSD General Commands Manual podman-image-sign(1)

podman-image-sign - Create a signature for an image

podman image sign [options] image [image ...]

podman image sign creates a local signature for one or more local images that have been pulled from a registry. The signature is written to a directory derived from the registry configuration files in $HOME/.config/containers/registries.d if it exists, otherwise /etc/containers/registries.d (unless overridden at compile-time), see containers-registries.d(5) for more information. By default, the signature is written into /var/lib/containers/sigstore for root and $HOME/.local/share/containers/sigstore for non-root users

--all, -a

Sign all the manifests of the multi-architecture image (default false).

--authfile=path

Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json on Linux, and $HOME/.config/containers/auth.json on Windows/macOS. The file is created by podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.

Note: There is also the option to override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. This can be done with export REGISTRY_AUTH_FILE=path.

--cert-dir=path

Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d) For details, see containers-certs.d(5). (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)

--directory, -d=dir

Store the signatures in the specified directory. Default: /var/lib/containers/sigstore

--help, -h

Print usage statement.

--sign-by=identity

Override the default identity of the signature.

Sign the busybox image with the identity of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/.



   $ sudo podman image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar


   $ sudo podman image sign --authfile=/tmp/foobar.json --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar

The write (and read) location for signatures is defined in YAML-based configuration files in /etc/containers/registries.d/ for root, or $HOME/.config/containers/registries.d for non-root users. When signing an image, Podman uses those configuration files to determine where to write the signature based on the name of the originating registry or a default storage value unless overridden with the --directory option. For example, consider the following configuration file.

docker:


  privateregistry.example.com:


    sigstore: file:///var/lib/containers/sigstore

When signing an image preceded with the registry name 'privateregistry.example.com', the signature is written into sub-directories of /var/lib/containers/sigstore/privateregistry.example.com. The use of 'sigstore' also means the signature is 'read' from that same location on a pull-related function.

containers-certs.d(5), containers-registries.d(5)

November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.