Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
podman-image-sign(1)	    General Commands Manual	  podman-image-sign(1)

NAME
       podman-image-sign - Create a signature for an image

SYNOPSIS
       podman image sign [options] image [image	...]

DESCRIPTION
       podman  image  sign creates a local signature for one or	more local im-
       ages that have been pulled from a registry. The signature is written to
       a  directory  derived  from  the	 registry   configuration   files   in
       $HOME/.config/containers/registries.d if	it exists, otherwise /etc/con-
       tainers/registries.d  (unless overridden	at compile-time), see contain-
       ers-registries.d(5) for more information.  By default, the signature is
       written	into  /var/lib/containers/sigstore  for	 root  and  $HOME/.lo-
       cal/share/containers/sigstore for non-root users

OPTIONS
   --all, -a
       Sign all	the manifests of the multi-architecture	image (default false).

   --authfile=path
       Path of the authentication file.	Default	is ${XDG_RUNTIME_DIR}/contain-
       ers/auth.json  on Linux,	and $HOME/.config/containers/auth.json on Win-
       dows/macOS.  The	file is	created	by podman login. If the	 authorization
       state  is  not found there, $HOME/.docker/config.json is	checked, which
       is set using docker login.

       Note: There is also the option to override the default path of the  au-
       thentication  file  by setting the REGISTRY_AUTH_FILE environment vari-
       able. This can be done with export REGISTRY_AUTH_FILE=path.

   --cert-dir=path
       Use certificates	at path	(*.crt,	*.cert,	*.key) to connect to the  reg-
       istry.  (Default: /etc/containers/certs.d) For details, see containers-
       certs.d(5).  (This option is  not  available  with  the	remote	Podman
       client, including Mac and Windows (excluding WSL2) machines)

   --directory,	-d=dir
       Store   the   signatures	  in   the   specified	 directory.   Default:
       /var/lib/containers/sigstore

   --help, -h
       Print usage statement.

   --sign-by=identity
       Override	the default identity of	the signature.

EXAMPLES
       Sign the	busybox	image with the identity	of foo@bar.com with  a	user's
       keyring and save	the signature in /tmp/signatures/.

	  $ sudo podman	image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar

	  $ sudo podman	image sign --authfile=/tmp/foobar.json --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar

RELATED	CONFIGURATION
       The  write  (and	read) location for signatures is defined in YAML-based
       configuration  files  in	 /etc/containers/registries.d/	for  root,  or
       $HOME/.config/containers/registries.d for non-root users.  When signing
       an  image,  Podman uses those configuration files to determine where to
       write the signature based on the	name of	the originating	registry or  a
       default	storage	 value	unless overridden with the --directory option.
       For example, consider the following configuration file.

       docker:
	 privateregistry.example.com:
	   sigstore: file:///var/lib/containers/sigstore

       When signing an image preceded  with  the  registry  name  'privatereg-
       istry.example.com',  the	 signature  is written into sub-directories of
       /var/lib/containers/sigstore/privateregistry.example.com.  The  use  of
       'sigstore'  also	 means the signature is	'read' from that same location
       on a pull-related function.

SEE ALSO
       containers-certs.d(5), containers-registries.d(5)

HISTORY
       November	2018, Originally compiled by Qi	Wang (qiwan at redhat dot com)

							  podman-image-sign(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=podman-image-sign&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help