diff --git a/containers-auth.json.5.md b/containers-auth.json.5.md index 16e4d7b..4921f01 100644 --- a/containers-auth.json.5.md +++ b/containers-auth.json.5.md @@ -5,15 +5,16 @@ containers-auth.json - syntax for the registry authentication file # DESCRIPTION -A credentials file stored at `${XDG_RUNTIME_DIR}/containers/auth.json` in -json format used to authenticate against container image registries. +A credentials file in JSON format used to authenticate against container image registries. +On Linux it is stored at `${XDG_RUNTIME_DIR}/containers/auth.json`; +on Windows and macOS, at `$HOME/.config/containers/auth.json` ## FORMAT The auth.json file stores encrypted authentication information for the user to container image registries. The file can have zero to many entries and -is created by a `login` command from a container tool such as `podman login` or -`buildah login`. Each entry includes the name of the registry and then an auth +is created by a `login` command from a container tool such as `podman login`, +`buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth token in the form of a base64 encoded string from the concatenation of the username, a colon, and the password. @@ -36,8 +37,28 @@ their accounts on quay.io and docker.io: An entry can be removed by using a `logout` command from a container tool such as `podman logout` or `buildah logout`. +In addition, credential helpers can be configured for specific registries and the credentials-helper +software can be used to manage the credentials in a more secure way than depending on the base64 encoded authentication +provided by `login`. If the credential helpers are configured for specific registries, the base64 encoded authentication will not be used +for operations concerning credentials of the specified registries. + +When the credential helper is in use on a Linux platform, the auth.json file would contain keys that specify the registry domain, and values that specify the suffix of the program to use (i.e. everything after docker-credential-). For example: + +``` +{ + "auths": { + "localhost:5001": {} + }, + "credHelpers": { + "registry.example.com": "secretservice" + } +} +``` + +For more information on credential helpers, please reference the [GitHub docker-credential-helpers project](https://github.com/docker/docker-credential-helpers/releases). + # SEE ALSO - buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1) + buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1), skopeo-login(1), skopeo-logout(1) # HISTORY Feb 2020, Originally compiled by Tom Sweeney diff --git a/containers-policy.json.5.md b/containers-policy.json.5.md index 2859d81..9c6b43e 100644 --- a/containers-policy.json.5.md +++ b/containers-policy.json.5.md @@ -10,8 +10,7 @@ containers-policy.json - syntax for the signature verification policy file Signature verification policy files are used to specify policy, e.g. trusted keys, applicable when deciding whether to accept an image, or individual signatures of that image, as valid. -The default policy is stored (unless overridden at compile-time) at `/etc/containers/policy.json`; -applications performing verification may allow using a different policy instead. +By default, the policy is read from `$HOME/.config/containers/policy.json`, if it exists, otherwise from `/etc/containers/policy.json`; applications performing verification may allow using a different policy instead. ## FORMAT diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md index aa328a4..3917334 100644 --- a/containers-storage.conf.5.md +++ b/containers-storage.conf.5.md @@ -198,6 +198,9 @@ The `storage.options.zfs` table supports the following options: **mountopt**="" Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page. +**skip_mount_home=""** + Tell storage drivers to not create a PRIVATE bind mount on their home directory. + **size**="" Maximum size of a container image. This flag can be used to set quota on the size of container images. (format: [], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes)) diff --git a/containers.conf b/containers.conf index a029aed..389479f 100644 --- a/containers.conf +++ b/containers.conf @@ -92,7 +92,7 @@ # Ulimits has limits for non privileged container engines. # # default_ulimits = [ -# “nofile”=”1280:2560”, +# "nofile"="1280:2560", # ] # List of default DNS options to be added to /etc/resolv.conf inside of the container. @@ -105,7 +105,7 @@ # Set default DNS servers. # This option can be used to override the DNS configuration passed to the -# container. The special value “none” can be specified to disable creation of +# container. The special value "none" can be specified to disable creation of # /etc/resolv.conf in the container. # The /etc/resolv.conf file in the image will be used without changes. # @@ -125,7 +125,7 @@ # Path to OCI hooks directories for automatically executed hooks. # # hooks_dir = [ -# “/usr/share/containers/oci/hooks.d”, +# "/usr/share/containers/oci/hooks.d", # ] # Default proxy environment variables passed into the container. @@ -220,7 +220,7 @@ # userns = "host" # Number of UIDs to allocate for the automatic container creation. -# UIDs are allocated from the “container” UIDs listed in +# UIDs are allocated from the "container" UIDs listed in # /etc/subuid & /etc/subgid # # userns_size=65536 @@ -241,7 +241,7 @@ [engine] # Cgroup management implementation used for the runtime. -# Valid options “systemd” or “cgroupfs” +# Valid options "systemd" or "cgroupfs" # # cgroup_manager = "systemd" diff --git a/containers.conf.5.md b/containers.conf.5.md index eff1404..7b2051b 100644 --- a/containers.conf.5.md +++ b/containers.conf.5.md @@ -66,6 +66,13 @@ The default profile name is "container-default". `private` Create private Cgroup Namespace for the container. `host` Share host Cgroup Namespace with the container. +**cgroups**="enabled" + Determines whether the container will create CGroups. + Options are: + `enabled` Enable cgroup support within container + `disabled` Disable cgroup support, will inherit cgroups from parent + `no-conmon` Container engine runs run without conmon + **default_capabilities**=[] List of default capabilities for containers. diff --git a/skopeo.spec b/skopeo.spec index 1b4be7e..42059d7 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -46,7 +46,7 @@ Epoch: 1 Epoch: 2 %endif Version: 1.0.1 -Release: 10.dev.git%{shortcommit0}%{?dist} +Release: 11.dev.git%{shortcommit0}%{?dist} Summary: Inspect container images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -436,6 +436,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/%{name}/test %changelog +* Thu Jun 11 2020 Dan Walsh - 1:1.0.1-11.dev.git161ef5a +- Update man pages + * Wed Jun 10 2020 RH Container Bot - 1:1.0.1-10.dev.git161ef5a - autobuilt 161ef5a