1podman-image-sign(1) General Commands Manual podman-image-sign(1)
2
6 podman-image-sign - Create a signature for an image
7
11 podman image sign [--help|-h] [--directory|-d] [--sign-by] [ IMAGE... ]
12
16 podmain image sign will create a local signature for one or more local
17 images that have been pulled from a registry. The signature will be
18 written to a directory derived from the registry configuration files in
19 /etc/containers/registries.d. By default, the signature will be written
20 into /var/lib/containers/sigstore directory.
21
25 --help -h
26 Print usage statement.
27 --directory -d
30 Store the signatures in the specified directory. Default:
31 /var/lib/containers/sigstore
32 --sign-by
35 Override the default identity of the signature.
36
40 Sign the busybox image with the identify of foo@bar.com with a user's
41 keyring and save the signature in /tmp/signatures/.
42 sudo podman image sign --sign-by foo@bar.com --directory
45 /tmp/signatures docker://privateregistry.example.com/foobar
46
50 The write (and read) location for signatures is defined in YAML-based
51 configuration files in /etc/containers/registries.d/. When you sign an
52 image, podman will use those configuration files to determine where to
53 write the signature based on the the name of the originating registry
54 or a default storage value unless overriden with the --directory
55 option. For example, consider the following configuration file.
56 docker:
59 privateregistry.example.com:
60 sigstore: file:///var/lib/containers/sigstore
61 When signing an image preceeded with the registry name
64 'privateregistry.example.com', the signature will be written into
65 subdirectories of
66 /var/lib/containers/sigstore/privateregistry.example.com. The use of
67 'sigstore' also means the signature will be 'read' from that same
68 location on a pull-related function.
69
73 November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)
74 podman-image-sign(1)