Skip to content

[enterprise-3.9] follow-up edit #6925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mburke5678 merged 1 commit into from
Dec 20, 2017
Merged

[enterprise-3.9] follow-up edit #6925

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 18 additions & 7 deletions admin_guide/image_signatures.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -252,23 +252,34 @@ link:https://github.com/containers/image/blob/master/docs/atomic-signature.md#th
=== Importing Image Signatures Automatically from Signature Stores

{product-title} can automatically import image signatures if a signature
store is configured on all {product-title} master nodes through the _registries
configuration directory_ located in the *_/etc/containers/registries.d_*.
store is configured on all {product-title} master nodes through the registries
configuration directory.

The default registries configuration directory is the *_/etc/containers/registries.d/default.yaml_* file.
The registries configuration directory contains the configuration
for various registries (servers storing remote container images)
and for the content stored in them. The single directory ensures that the configuration
does not have to be provided in command-line options for each command,
so that it can be shared by all the users of the containers/image.

The default registries configuration directory is
located in the *_/etc/containers/registries.d/default.yaml_* file.

A sample configuration that will cause image signatures to be imported
automatically for all Red Hat images:

----
docker:
registry.access.redhat.com:
sigstore: https://access.redhat.com/webassets/docker/content/sigstore
sigstore: https://access.redhat.com/webassets/docker/content/sigstore <1>
----

Note that all signatures imported automatically by {{product-title}} will be
<1> Defines the URL of a signature store. This URL is used for reading existing signatures.

[NOTE]
====
Signatures imported automatically by {product-title} will be
_unverified_ by default and will have to be verified by image administrators.
====

For more details about the registries configuration directory, see
link:https://github.com/containers/image/blob/master/docs/registries.d.md[Registries Configuration Directory]
in the *containers/image* library documentation.
link:https://github.com/containers/image/blob/master/docs/registries.d.md[Registries Configuration Directory].