NAME¶ 名称
podman-image-sign - Create a signature for an image
podman-image-sign - 为镜像创建签名
SYNOPSIS¶ 概要
podman image sign [options] image [image …]
podman image sign [选项] 镜像 [镜像 …]
DESCRIPTION¶ 描述
podman image sign creates a local signature for one or more local images that have
been pulled from a registry. The signature is written to a directory
derived from the registry configuration files in $HOME/.config/containers/registries.d if it exists,
otherwise /etc/containers/registries.d (unless overridden at compile-time), see containers-registries.d(5) for more information.
By default, the signature is written into /var/lib/containers/sigstore for root and $HOME/.local/share/containers/sigstore for non-root users
podman image sign 为从注册表中拉取的一个或多个本地镜像创建本地签名。如果存在,则将签名写入从注册表配置文件派生的目录 $HOME/.config/containers/registries.d ,否则 /etc/containers/registries.d (除非在编译时被覆盖),有关更多信息,请参阅 containers-registries.d(5)。默认情况下,签名会被写入 /var/lib/containers/sigstore (对于 root 用户)和 $HOME/.local/share/containers/sigstore (对于非 root 用户)。
OPTIONS¶ 选项
--all, -a¶
Sign all the manifests of the multi-architecture image (default false).
签署多架构镜像的所有清单(默认为 false)。
--authfile=path¶
Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json on Linux, and $HOME/.config/containers/auth.json on Windows/macOS.
The file is created by podman login. If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using docker login.
认证文件的路径。在 Linux 上默认为 ${XDG_RUNTIME_DIR}/containers/auth.json ,在 Windows/macOS 上默认为 $HOME/.config/containers/auth.json 。该文件由 podman login 创建。如果授权状态未在那里找到,则会检查 $HOME/.docker/config.json ,该值是使用 docker login 设置的。
Note: There is also the option to override the default path of the authentication file by setting the REGISTRY_AUTH_FILE environment variable. This can be done with export REGISTRY_AUTH_FILE=path.
注意:还有一种选择,可以通过设置 REGISTRY_AUTH_FILE 环境变量来覆盖认证文件的默认路径。可以通过 export REGISTRY_AUTH_FILE=path 来实现。
--cert-dir=path¶
Use certificates at path (*.crt, *.cert, *.key) to connect to the registry. (Default: /etc/containers/certs.d)
For details, see containers-certs.d(5).
(This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines)
使用证书路径(*.crt, *.cert, *.key)连接到注册表。 (默认值:/etc/containers/certs.d)有关详细信息,请参阅 containers-certs.d(5)。 (此选项不适用于远程 Podman 客户端,包括 Mac 和 Windows(不包括 WSL2)机器)
--directory, -d=dir¶ --directory,-d=dir ¶
Store the signatures in the specified directory. Default: /var/lib/containers/sigstore
将签名存储在指定目录中。默认值:/var/lib/containers/sigstore
--help, -h¶ --help,-h ¶
Print usage statement. 打印使用说明。
--sign-by=identity¶
Override the default identity of the signature.
覆盖签名的默认身份。
EXAMPLES¶ 示例
Sign the busybox image with the identity of foo@bar.com with a user’s keyring and save the signature in /tmp/signatures/.
使用 foo@bar.com 的身份对 busybox 镜像进行签名,并使用用户的密钥环保存签名到 /tmp/signatures/。
$ sudo podman image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar
$ sudo podman image sign --authfile=/tmp/foobar.json --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar
SEE ALSO¶ 参见 ¶
containers-certs.d(5), containers-registries.d(5)
容器证书.d(5), 容器注册表.d(5)
HISTORY¶ 历史 ¶
November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)
2018 年 11 月, 最初由王琦 (qiwan at redhat dot com) 编译