From 754bbf7a25a8dda49b5d08ef0d0443bbf5af0e36 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Sun, 7 Apr 2024 13:41:34 -0500 Subject: new repository --- ...ference%2Fcommandline%2Ftrust_sign%2Findex.html | 80 ++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html (limited to 'devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html') diff --git a/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html new file mode 100644 index 00000000..fd8a5b81 --- /dev/null +++ b/devdocs/docker/engine%2Freference%2Fcommandline%2Ftrust_sign%2Findex.html @@ -0,0 +1,80 @@ +

docker trust sign


Sign an image

Usage

$ docker trust sign IMAGE:TAG
+

Refer to the options section for an overview of available OPTIONS for this command.

Description

docker trust sign adds signatures to tags to create signed repositories.

For example uses of this command, refer to the examples section below.

Options

Name, shorthand Default Description
--local Sign a locally tagged image

Examples

Sign a tag as a repo admin

Given an image:

$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41   (Repo Admin)
+
+Administrative keys for example/trust-demo:
+Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
+Root Key:       246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
+

Sign a new tag with docker trust sign:

$ docker trust sign example/trust-demo:v2
+
+Signing and pushing trust metadata for example/trust-demo:v2
+The push refers to a repository [docker.io/example/trust-demo]
+eed4e566104a: Layer already exists
+77edfb6d1e3c: Layer already exists
+c69f806905c2: Layer already exists
+582f327616f1: Layer already exists
+a3fbb648f0bd: Layer already exists
+5eac2de68a97: Layer already exists
+8d4d1ab5ff74: Layer already exists
+v2: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 size: 1787
+Signing and pushing trust metadata
+Enter passphrase for repository key with ID 36d4c36:
+Successfully signed docker.io/example/trust-demo:v2
+

Use docker trust inspect --pretty to list the new signature:

$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41   (Repo Admin)
+v2                  8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56   (Repo Admin)
+
+Administrative keys for example/trust-demo:
+Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
+Root Key:       246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
+

Sign a tag as a signer

Given an image:

$ docker trust inspect --pretty example/trust-demo
+
+No signatures for example/trust-demo
+
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+

Sign a new tag with docker trust sign:

$ docker trust sign example/trust-demo:v1
+
+Signing and pushing trust metadata for example/trust-demo:v1
+The push refers to a repository [docker.io/example/trust-demo]
+26b126eb8632: Layer already exists
+220d34b5f6c9: Layer already exists
+8a5132998025: Layer already exists
+aca233ed29c3: Layer already exists
+e5d2f035d7a4: Layer already exists
+v1: digest: sha256:74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 size: 1357
+Signing and pushing trust metadata
+Enter passphrase for delegation key with ID 27d42a8:
+Successfully signed docker.io/example/trust-demo:v1
+

docker trust inspect --pretty lists the new signature:

$ docker trust inspect --pretty example/trust-demo
+
+SIGNED TAG          DIGEST                                                             SIGNERS
+v1                  74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4   alice
+
+List of signers and their keys for example/trust-demo:
+
+SIGNER              KEYS
+alice               05e87edcaecb
+bob                 5600f5ab76a2
+
+Administrative keys for example/trust-demo:
+Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
+Root Key:       3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
+

Parent command

Command Description
docker trust Manage trust on Docker images
Command Description
docker trust inspect Return low-level information about keys and signatures
docker trust key Manage keys for signing Docker images
docker trust revoke Remove trust for an image
docker trust sign Sign an image
docker trust signer Manage entities who can sign Docker images
+

+ © 2019 Docker, Inc.
Licensed under the Apache License, Version 2.0.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.
Docker, Inc. and other parties may also have trademark rights in other terms used herein.
+ https://docs.docker.com/engine/reference/commandline/trust_sign/ +

+
-- cgit v1.2.3