blob: fd8a5b81f92c3c333e3f5127b62d229238c52f63 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
<h1>docker trust sign</h1> <p><br></p> <p>Sign an image</p> <h2 id="usage">Usage</h2> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign IMAGE:TAG
</pre></div> <p>Refer to the <a href="#options">options section</a> for an overview of available <a href="#options"><code class="language-plaintext highlighter-rouge">OPTIONS</code></a> for this command.</p> <h2 id="description">Description</h2> <p name="extended-description"><code class="language-plaintext highlighter-rouge">docker trust sign</code> adds signatures to tags to create signed repositories.</p> <p>For example uses of this command, refer to the <a href="#examples">examples section</a> below.</p> <h2 id="options">Options</h2> <table> <thead> <tr> <td>Name, shorthand</td> <td>Default</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><code class="language-plaintext highlighter-rouge">--local</code></td> <td></td> <td>Sign a locally tagged image</td> </tr> </tbody> </table> <h2 id="examples">Examples</h2> <h3 id="sign-a-tag-as-a-repo-admin">Sign a tag as a repo admin</h3> <p>Given an image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
SIGNED TAG DIGEST SIGNERS
v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin)
Administrative keys for example/trust-demo:
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
</pre></div> <p>Sign a new tag with <code class="language-plaintext highlighter-rouge">docker trust sign</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign example/trust-demo:v2
Signing and pushing trust metadata for example/trust-demo:v2
The push refers to a repository [docker.io/example/trust-demo]
eed4e566104a: Layer already exists
77edfb6d1e3c: Layer already exists
c69f806905c2: Layer already exists
582f327616f1: Layer already exists
a3fbb648f0bd: Layer already exists
5eac2de68a97: Layer already exists
8d4d1ab5ff74: Layer already exists
v2: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 size: 1787
Signing and pushing trust metadata
Enter passphrase for repository key with ID 36d4c36:
Successfully signed docker.io/example/trust-demo:v2
</pre></div> <p>Use <code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> to list the new signature:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
SIGNED TAG DIGEST SIGNERS
v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin)
v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin)
Administrative keys for example/trust-demo:
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
</pre></div> <h3 id="sign-a-tag-as-a-signer">Sign a tag as a signer</h3> <p>Given an image:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
No signatures for example/trust-demo
List of signers and their keys for example/trust-demo:
SIGNER KEYS
alice 05e87edcaecb
bob 5600f5ab76a2
Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <p>Sign a new tag with <code class="language-plaintext highlighter-rouge">docker trust sign</code>:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust sign example/trust-demo:v1
Signing and pushing trust metadata for example/trust-demo:v1
The push refers to a repository [docker.io/example/trust-demo]
26b126eb8632: Layer already exists
220d34b5f6c9: Layer already exists
8a5132998025: Layer already exists
aca233ed29c3: Layer already exists
e5d2f035d7a4: Layer already exists
v1: digest: sha256:74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 size: 1357
Signing and pushing trust metadata
Enter passphrase for delegation key with ID 27d42a8:
Successfully signed docker.io/example/trust-demo:v1
</pre></div> <p><code class="language-plaintext highlighter-rouge">docker trust inspect --pretty</code> lists the new signature:</p> <div class="highlight"><pre class="highlight" data-language="">$ docker trust inspect --pretty example/trust-demo
SIGNED TAG DIGEST SIGNERS
v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 alice
List of signers and their keys for example/trust-demo:
SIGNER KEYS
alice 05e87edcaecb
bob 5600f5ab76a2
Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
</pre></div> <h2 id="parent-command">Parent command</h2> <table> <thead> <tr> <th style="text-align: left">Command</th> <th style="text-align: left">Description</th> </tr> </thead> <tbody> <tr> <td style="text-align: left"><a href="../trust/index">docker trust</a></td> <td style="text-align: left">Manage trust on Docker images</td> </tr> </tbody> </table> <h2 id="related-commands">Related commands</h2> <table> <thead> <tr> <td>Command</td> <td>Description</td> </tr> </thead> <tbody> <tr> <td><a href="../trust_inspect/index">docker trust inspect</a></td> <td>Return low-level information about keys and signatures</td> </tr> <tr> <td><a href="../trust_key/index">docker trust key</a></td> <td>Manage keys for signing Docker images</td> </tr> <tr> <td><a href="../trust_revoke/index">docker trust revoke</a></td> <td>Remove trust for an image</td> </tr> <tr> <td><a href="index">docker trust sign</a></td> <td>Sign an image</td> </tr> <tr> <td><a href="../trust_signer/index">docker trust signer</a></td> <td>Manage entities who can sign Docker images</td> </tr> </tbody> </table> <div class="_attribution">
<p class="_attribution-p">
© 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
<a href="https://docs.docker.com/engine/reference/commandline/trust_sign/" class="_attribution-link">https://docs.docker.com/engine/reference/commandline/trust_sign/</a>
</p>
</div>
|
