Update man pages

containers-auth.json.5.md

@@ -5,15 +5,16 @@ containers-auth.json - syntax for the registry authentication file
 
 # DESCRIPTION
 
-A credentials file stored at `${XDG_RUNTIME_DIR}/containers/auth.json` in
+A credentials file in JSON format used to authenticate against container image registries.
-json format used to authenticate against container image registries.
+On Linux it is stored at `${XDG_RUNTIME_DIR}/containers/auth.json`;
+on Windows and macOS, at `$HOME/.config/containers/auth.json`
 
 ## FORMAT
 
 The auth.json file stores encrypted authentication information for the
 user to container image registries.  The file can have zero to many entries and
-is created by a `login` command from a container tool such as `podman login` or
+is created by a `login` command from a container tool such as `podman login`,
-`buildah login`.  Each entry includes the name of the registry and then an auth
+`buildah login` or `skopeo login`.  Each entry includes the name of the registry and then an auth
 token in the form of a base64 encoded string from the concatenation of the
 username, a colon, and the password.
 
@@ -36,8 +37,28 @@ their accounts on quay.io and docker.io:
 An entry can be removed by using a `logout` command from a container
 tool such as `podman logout` or `buildah logout`.
 
+In addition, credential helpers can be configured for specific registries and the credentials-helper
+software can be used to manage the credentials in a more secure way than depending on the base64 encoded authentication
+provided by `login`.  If the credential helpers are configured for specific registries, the base64 encoded authentication will not be used
+for operations concerning credentials of the specified registries.
+
+When the credential helper is in use on a Linux platform, the auth.json file would contain keys that specify the registry domain, and values that specify the suffix of the program to use (i.e. everything after docker-credential-).  For example:
+
+```
+{
+    "auths": {
+        "localhost:5001": {}
+    },
+    "credHelpers": {
+		"registry.example.com": "secretservice"
+	}
+}
+```
+
+For more information on credential helpers, please reference the [GitHub docker-credential-helpers project](https://github.com/docker/docker-credential-helpers/releases).
+
 # SEE ALSO
-    buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1)
+    buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1), skopeo-login(1), skopeo-logout(1)
 
 # HISTORY
 Feb 2020, Originally compiled by Tom Sweeney <tsweeney@redhat.com>

containers-policy.json.5.md

@@ -10,8 +10,7 @@ containers-policy.json - syntax for the signature verification policy file
 Signature verification policy files are used to specify policy, e.g. trusted keys,
 applicable when deciding whether to accept an image, or individual signatures of that image, as valid.
 
-The default policy is stored (unless overridden at compile-time) at `/etc/containers/policy.json`;
+By default, the policy is read from `$HOME/.config/containers/policy.json`, if it exists, otherwise from `/etc/containers/policy.json`;  applications performing verification may allow using a different policy instead.
-applications performing verification may allow using a different policy instead.
 
 ## FORMAT
 

containers-storage.conf.5.md

@@ -198,6 +198,9 @@ The `storage.options.zfs` table supports the following options:
 **mountopt**=""
   Comma separated list of default options to be used to mount container images.  Suggested value "nodev". Mount options are documented in the mount(8) man page.
 
+**skip_mount_home=""**
+  Tell storage drivers to not create a PRIVATE bind mount on their home directory.
+
 **size**=""
   Maximum size of a container image.   This flag can be used to set quota on the size of container images. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
 

containers.conf

@@ -92,7 +92,7 @@
 # Ulimits has limits for non privileged container engines.
 #
 # default_ulimits = [
-#  “nofile”=”1280:2560”,
+#  "nofile"="1280:2560",
 # ]
 
 # List of default DNS options to be added to /etc/resolv.conf inside of the container.
@@ -105,7 +105,7 @@
 
 # Set default DNS servers.
 # This option can be used to override the DNS configuration passed to the
-# container. The special value “none” can be specified to disable creation of
+# container. The special value "none" can be specified to disable creation of
 # /etc/resolv.conf in the container.
 # The /etc/resolv.conf file in the image will be used without changes.
 #
@@ -125,7 +125,7 @@
 # Path to OCI hooks directories for automatically executed hooks.
 #
 # hooks_dir = [
-# “/usr/share/containers/oci/hooks.d”,
+#     "/usr/share/containers/oci/hooks.d",
 # ]
 
 # Default proxy environment variables passed into the container.
@@ -220,7 +220,7 @@
 # userns = "host"
 
 # Number of UIDs to allocate for the automatic container creation.
-# UIDs are allocated from the “container” UIDs listed in
+# UIDs are allocated from the "container" UIDs listed in
 # /etc/subuid & /etc/subgid
 #
 # userns_size=65536
@@ -241,7 +241,7 @@
 [engine]
 
 # Cgroup management implementation used for the runtime.
-# Valid options “systemd” or “cgroupfs”
+# Valid options "systemd" or "cgroupfs"
 #
 # cgroup_manager = "systemd"
 

containers.conf.5.md

@@ -66,6 +66,13 @@ The default profile name is "container-default".
     `private` Create private Cgroup Namespace for the container.
     `host`    Share host Cgroup Namespace with the container.
 
+**cgroups**="enabled"
+  Determines  whether  the  container will create CGroups.
+  Options are:
+    `enabled`   Enable cgroup support within container
+    `disabled`  Disable cgroup support, will inherit cgroups from parent
+    `no-conmon` Container engine runs run without conmon
+
 **default_capabilities**=[]
   List of default capabilities for containers.
 

skopeo.spec

@@ -46,7 +46,7 @@ Epoch: 1
 Epoch: 2
 %endif
 Version: 1.0.1
-Release: 10.dev.git%{shortcommit0}%{?dist}
+Release: 11.dev.git%{shortcommit0}%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: %{git0}
@@ -436,6 +436,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 
 %changelog
+* Thu Jun 11 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.0.1-11.dev.git161ef5a
+- Update man pages
+
 * Wed Jun 10 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.0.1-10.dev.git161ef5a
 - autobuilt 161ef5a