From c2c7308e8815ab7c22742d0e883a86be03d524cf Mon Sep 17 00:00:00 2001 From: Michael Burke Date: Wed, 15 Nov 2017 13:28:22 -0500 Subject: [PATCH] [enterprise-3.9] follow-up edit (cherry picked from commit f32085c3f6731cc455d1f29bda689df2f7d87115) xref:https://github.com/openshift/openshift-docs/pull/6381 --- admin_guide/image_signatures.adoc | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/admin_guide/image_signatures.adoc b/admin_guide/image_signatures.adoc index 14b554601963..99efbbbf809d 100644 --- a/admin_guide/image_signatures.adoc +++ b/admin_guide/image_signatures.adoc @@ -252,10 +252,17 @@ link:https://github.com/containers/image/blob/master/docs/atomic-signature.md#th === Importing Image Signatures Automatically from Signature Stores {product-title} can automatically import image signatures if a signature -store is configured on all {product-title} master nodes through the _registries -configuration directory_ located in the *_/etc/containers/registries.d_*. +store is configured on all {product-title} master nodes through the registries +configuration directory. -The default registries configuration directory is the *_/etc/containers/registries.d/default.yaml_* file. +The registries configuration directory contains the configuration +for various registries (servers storing remote container images) +and for the content stored in them. The single directory ensures that the configuration +does not have to be provided in command-line options for each command, +so that it can be shared by all the users of the containers/image. + +The default registries configuration directory is +located in the *_/etc/containers/registries.d/default.yaml_* file. A sample configuration that will cause image signatures to be imported automatically for all Red Hat images: @@ -263,12 +270,16 @@ automatically for all Red Hat images: ---- docker: registry.access.redhat.com: - sigstore: https://access.redhat.com/webassets/docker/content/sigstore + sigstore: https://access.redhat.com/webassets/docker/content/sigstore <1> ---- -Note that all signatures imported automatically by {{product-title}} will be +<1> Defines the URL of a signature store. This URL is used for reading existing signatures. + +[NOTE] +==== +Signatures imported automatically by {product-title} will be _unverified_ by default and will have to be verified by image administrators. +==== For more details about the registries configuration directory, see -link:https://github.com/containers/image/blob/master/docs/registries.d.md[Registries Configuration Directory] -in the *containers/image* library documentation. +link:https://github.com/containers/image/blob/master/docs/registries.d.md[Registries Configuration Directory].