Fix whitespace that caused short-format in generated YAML

If the markdown contains trailing spaces, or has tabs included,
the YAML generator uses a compact format for the text (using `\n`
and `\t`, instead of plain newlines).

The compact format makes it difficult to review changes in the
yaml docs when vendoring in the documentation repository.

This patch:

- removes trailing whitespace
- replaces tabs for spaces
- fixes some minor formatting and markdown issues

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f912deeec7)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-03-15 15:11:43 +01:00
parent c936ea9693
commit 9fd323afdc
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
23 changed files with 260 additions and 227 deletions

View File

@ -49,7 +49,7 @@ Options:
--no-cache Do not use cache when building the image --no-cache Do not use cache when building the image
-o, --output Output destination (format: type=local,dest=path) -o, --output Output destination (format: type=local,dest=path)
--pull Always attempt to pull a newer version of the image --pull Always attempt to pull a newer version of the image
--progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty). --progress Set type of progress output (only if BuildKit enabled) (auto, plain, tty).
Use plain to show container output Use plain to show container output
-q, --quiet Suppress the build output and print image ID on success -q, --quiet Suppress the build output and print image ID on success
--rm Remove intermediate containers after a successful build (default true) --rm Remove intermediate containers after a successful build (default true)
@ -431,7 +431,7 @@ $ docker build --build-arg HTTP_PROXY=http://10.20.30.2:1234 --build-arg FTP_PRO
This flag allows you to pass the build-time variables that are This flag allows you to pass the build-time variables that are
accessed like regular environment variables in the `RUN` instruction of the accessed like regular environment variables in the `RUN` instruction of the
Dockerfile. Also, these values don't persist in the intermediate or final images Dockerfile. Also, these values don't persist in the intermediate or final images
like `ENV` values do. You must add `--build-arg` for each build argument. like `ENV` values do. You must add `--build-arg` for each build argument.
Using this flag will not alter the output you see when the `ARG` lines from the Using this flag will not alter the output you see when the `ARG` lines from the
Dockerfile are echoed during the build process. Dockerfile are echoed during the build process.
@ -533,7 +533,7 @@ path):
$ docker build --output type=local,dest=out . $ docker build --output type=local,dest=out .
``` ```
Use the `tar` type to export the files as a `.tar` archive: Use the `tar` type to export the files as a `.tar` archive:
```bash ```bash
$ docker build --output type=tar,dest=out.tar . $ docker build --output type=tar,dest=out.tar .

View File

@ -821,7 +821,7 @@ C:\> dockerd --storage-opt size=40G
##### `lcow.globalmode` ##### `lcow.globalmode`
Specifies whether the daemon instantiates utility VM instances as required Specifies whether the daemon instantiates utility VM instances as required
(recommended and default if omitted), or uses single global utility VM (better (recommended and default if omitted), or uses single global utility VM (better
performance, but has security implications and not recommended for production performance, but has security implications and not recommended for production
deployments). deployments).
@ -1071,7 +1071,7 @@ system's list of trusted CAs instead of enabling `--insecure-registry`.
#### Legacy Registries #### Legacy Registries
Starting with Docker 17.12, operations against registries supporting only the Starting with Docker 17.12, operations against registries supporting only the
legacy v1 protocol are no longer supported. Specifically, the daemon will not legacy v1 protocol are no longer supported. Specifically, the daemon will not
attempt `push`, `pull` and `login` to v1 registries. The exception to this is attempt `push`, `pull` and `login` to v1 registries. The exception to this is
`search` which can still be performed on v1 registries. `search` which can still be performed on v1 registries.
@ -1446,8 +1446,8 @@ This is a full example of the allowed configuration options on Windows:
``` ```
#### Feature options #### Feature options
The optional field `features` in `daemon.json` allows users to enable or disable specific The optional field `features` in `daemon.json` allows users to enable or disable specific
daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the daemon features. For example, `{"features":{"buildkit": true}}` enables `buildkit` as the
default docker image builder. default docker image builder.
The list of currently supported feature options: The list of currently supported feature options:

View File

@ -31,11 +31,11 @@ Options:
## Description ## Description
Use `docker events` to get real-time events from the server. These events differ Use `docker events` to get real-time events from the server. These events differ
per Docker object type. Different event types have different scopes. Local per Docker object type. Different event types have different scopes. Local
scoped events are only seen on the node they take place on, and swarm scoped scoped events are only seen on the node they take place on, and swarm scoped
events are seen on all managers. events are seen on all managers.
Only the last 1000 log events are returned. You can use filters to further limit Only the last 1000 log events are returned. You can use filters to further limit
the number of events returned. the number of events returned.
### Object types ### Object types
@ -165,7 +165,7 @@ that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap
seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a seconds (aka Unix epoch or Unix time), and the optional .nanoseconds field is a
fraction of a second no more than nine digits long. fraction of a second no more than nine digits long.
Only the last 1000 log events are returned. You can use filters to further limit Only the last 1000 log events are returned. You can use filters to further limit
the number of events returned. the number of events returned.
#### Filtering #### Filtering
@ -207,7 +207,7 @@ format. Go's [text/template](http://golang.org/pkg/text/template/) package
describes all the details of the format. describes all the details of the format.
If a format is set to `{{json .}}`, the events are streamed as valid JSON If a format is set to `{{json .}}`, the events are streamed as valid JSON
Lines. For information about JSON Lines, please refer to http://jsonlines.org/ . Lines. For information about JSON Lines, please refer to http://jsonlines.org/.
## Examples ## Examples
@ -410,12 +410,12 @@ Type=container Status=destroy ID=2ee349dac409e97974ce8d01b70d250b85e0ba8189299
#### Format as JSON #### Format as JSON
```none ```bash
$ docker events --format '{{json .}}' $ docker events --format '{{json .}}'
{"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. {"status":"create","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
{"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. {"status":"attach","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
{"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e.. {"Type":"network","Action":"connect","Actor":{"ID":"1b50a5bf755f6021dfa78e..
{"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42.. {"status":"start","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f42..
{"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4.. {"status":"resize","id":"196016a57679bf42424484918746a9474cd905dd993c4d0f4..
``` ```

View File

@ -29,7 +29,7 @@ Options:
--privileged Give extended privileges to the command --privileged Give extended privileges to the command
-t, --tty Allocate a pseudo-TTY -t, --tty Allocate a pseudo-TTY
-u, --user Username or UID (format: <name|uid>[:<group|gid>]) -u, --user Username or UID (format: <name|uid>[:<group|gid>])
-w, --workdir Working directory inside the container -w, --workdir Working directory inside the container
``` ```
## Description ## Description
@ -83,8 +83,8 @@ Next, set an environment variable in the current bash session.
$ docker exec -it -e VAR=1 ubuntu_bash bash $ docker exec -it -e VAR=1 ubuntu_bash bash
``` ```
This will create a new Bash session in the container `ubuntu_bash` with environment This will create a new Bash session in the container `ubuntu_bash` with environment
variable `$VAR` set to "1". Note that this environment variable will only be valid variable `$VAR` set to "1". Note that this environment variable will only be valid
on the current Bash session. on the current Bash session.
By default `docker exec` command runs in the same working directory set when container was created. By default `docker exec` command runs in the same working directory set when container was created.

View File

@ -106,7 +106,7 @@ Server:
myinsecurehost:5000 myinsecurehost:5000
127.0.0.0/8 127.0.0.0/8
``` ```
### Show debugging output ### Show debugging output
Here is a sample output for a daemon running on Ubuntu, using the overlay2 Here is a sample output for a daemon running on Ubuntu, using the overlay2

View File

@ -32,6 +32,8 @@ Options:
Login to a registry. Login to a registry.
## Examples
### Login to a self-hosted registry ### Login to a self-hosted registry
If you want to login to a self-hosted registry you can specify this by If you want to login to a self-hosted registry you can specify this by
@ -94,7 +96,7 @@ For example, to use `docker-credential-osxkeychain`:
```json ```json
{ {
"credsStore": "osxkeychain" "credsStore": "osxkeychain"
} }
``` ```
@ -124,9 +126,9 @@ or an identity token.
```json ```json
{ {
"ServerURL": "https://index.docker.io/v1", "ServerURL": "https://index.docker.io/v1",
"Username": "david", "Username": "david",
"Secret": "passw0rd1" "Secret": "passw0rd1"
} }
``` ```
@ -145,8 +147,8 @@ and password from this payload:
```json ```json
{ {
"Username": "david", "Username": "david",
"Secret": "passw0rd1" "Secret": "passw0rd1"
} }
``` ```

View File

@ -43,8 +43,8 @@ more (ideally more than one) image names. It can then be used in the same way as
an image name in `docker pull` and `docker run` commands, for example. an image name in `docker pull` and `docker run` commands, for example.
Ideally a manifest list is created from images that are identical in function for Ideally a manifest list is created from images that are identical in function for
different os/arch combinations. For this reason, manifest lists are often referred to as different os/arch combinations. For this reason, manifest lists are often referred
"multi-arch images". However, a user could create a manifest list that points to as "multi-arch images". However, a user could create a manifest list that points
to two images -- one for windows on amd64, and one for darwin on amd64. to two images -- one for windows on amd64, and one for darwin on amd64.
### manifest inspect ### manifest inspect
@ -62,7 +62,7 @@ Options:
-v, --verbose Output additional info including layers and platform -v, --verbose Output additional info including layers and platform
``` ```
### manifest create ### manifest create
```bash ```bash
Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...] Usage: docker manifest create MANIFEST_LIST MANIFEST [MANIFEST...]
@ -76,6 +76,7 @@ Options:
``` ```
### manifest annotate ### manifest annotate
```bash ```bash
Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST Usage: docker manifest annotate [OPTIONS] MANIFEST_LIST MANIFEST
@ -91,6 +92,7 @@ Options:
``` ```
### manifest push ### manifest push
```bash ```bash
Usage: docker manifest push [OPTIONS] MANIFEST_LIST Usage: docker manifest push [OPTIONS] MANIFEST_LIST
@ -104,12 +106,21 @@ Options:
### Working with insecure registries ### Working with insecure registries
The manifest command interacts solely with a Docker registry. Because of this, it has no way to query the engine for the list of allowed insecure registries. To allow the CLI to interact with an insecure registry, some `docker manifest` commands have an `--insecure` flag. For each transaction, such as a `create`, which queries a registry, the `--insecure` flag must be specified. This flag tells the CLI that this registry call may ignore security concerns like missing or self-signed certificates. Likewise, on a `manifest push` to an insecure registry, the `--insecure` flag must be specified. If this is not used with an insecure registry, the manifest command fails to find a registry that meets the default requirements. The manifest command interacts solely with a Docker registry. Because of this,
it has no way to query the engine for the list of allowed insecure registries.
To allow the CLI to interact with an insecure registry, some `docker manifest`
commands have an `--insecure` flag. For each transaction, such as a `create`,
which queries a registry, the `--insecure` flag must be specified. This flag
tells the CLI that this registry call may ignore security concerns like missing
or self-signed certificates. Likewise, on a `manifest push` to an insecure
registry, the `--insecure` flag must be specified. If this is not used with an
insecure registry, the manifest command fails to find a registry that meets the
default requirements.
## Examples ## Examples
### Inspect an image's manifest object ### Inspect an image's manifest object
```bash ```bash
$ docker manifest inspect hello-world $ docker manifest inspect hello-world
{ {
@ -136,7 +147,7 @@ The `docker manifest inspect` command takes an optional `--verbose` flag
that gives you the image's name (Ref), and architecture and os (Platform). that gives you the image's name (Ref), and architecture and os (Platform).
Just as with other docker commands that take image names, you can refer to an image with or Just as with other docker commands that take image names, you can refer to an image with or
without a tag, or by digest (e.g. hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f). without a tag, or by digest (e.g. `hello-world@sha256:f3b3b28a45160805bb16542c9531888519430e9e6d6ffc09d72261b0d26ff74f`).
Here is an example of inspecting an image's manifest with the `--verbose` flag: Here is an example of inspecting an image's manifest with the `--verbose` flag:
@ -170,17 +181,19 @@ $ docker manifest inspect --verbose hello-world
### Create and push a manifest list ### Create and push a manifest list
To create a manifest list, you first `create` the manifest list locally by specifying the constituent images you would To create a manifest list, you first `create` the manifest list locally by
like to have included in your manifest list. Keep in mind that this is pushed to a registry, so if you want to push specifying the constituent images you would like to have included in your
to a registry other than the docker registry, you need to create your manifest list with the registry name or IP and port. manifest list. Keep in mind that this is pushed to a registry, so if you want to
push to a registry other than the docker registry, you need to create your
manifest list with the registry name or IP and port.
This is similar to tagging an image and pushing it to a foreign registry. This is similar to tagging an image and pushing it to a foreign registry.
After you have created your local copy of the manifest list, you may optionally After you have created your local copy of the manifest list, you may optionally
`annotate` it. Annotations allowed are the architecture and operating system (overriding the image's current values), `annotate` it. Annotations allowed are the architecture and operating system
os features, and an architecture variant. (overriding the image's current values), os features, and an architecture variant.
Finally, you need to `push` your manifest list to the desired registry. Below are descriptions of these three commands, Finally, you need to `push` your manifest list to the desired registry. Below are
and an example putting them all together. descriptions of these three commands, and an example putting them all together.
```bash ```bash
$ docker manifest create 45.55.81.106:5000/coolapp:v1 \ $ docker manifest create 45.55.81.106:5000/coolapp:v1 \
@ -188,6 +201,7 @@ $ docker manifest create 45.55.81.106:5000/coolapp:v1 \
45.55.81.106:5000/coolapp-arm-linux:v1 \ 45.55.81.106:5000/coolapp-arm-linux:v1 \
45.55.81.106:5000/coolapp-amd64-linux:v1 \ 45.55.81.106:5000/coolapp-amd64-linux:v1 \
45.55.81.106:5000/coolapp-amd64-windows:v1 45.55.81.106:5000/coolapp-amd64-windows:v1
Created manifest list 45.55.81.106:5000/coolapp:v1 Created manifest list 45.55.81.106:5000/coolapp:v1
``` ```
@ -255,9 +269,10 @@ $ docker manifest inspect coolapp:v1
### Push to an insecure registry ### Push to an insecure registry
Here is an example of creating and pushing a manifest list using a known insecure registry. Here is an example of creating and pushing a manifest list using a known
insecure registry.
``` ```bash
$ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \ $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1.0 \
myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \ myprivateregistry.mycompany.com/repo/image-linux-ppc64le:1.0 \
myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \ myprivateregistry.mycompany.com/repo/image-linux-s390x:1.0 \
@ -265,10 +280,13 @@ $ docker manifest create --insecure myprivateregistry.mycompany.com/repo/image:1
myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \ myprivateregistry.mycompany.com/repo/image-linux-armhf:1.0 \
myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \ myprivateregistry.mycompany.com/repo/image-windows-amd64:1.0 \
myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0 myprivateregistry.mycompany.com/repo/image-linux-amd64:1.0
```
```
$ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag $ docker manifest push --insecure myprivateregistry.mycompany.com/repo/image:tag
``` ```
Note that the `--insecure` flag is not required to annotate a manifest list, since annotations are to a locally-stored copy of a manifest list. You may also skip the `--insecure` flag if you are performing a `docker manifest inspect` on a locally-stored manifest list. Be sure to keep in mind that locally-stored manifest lists are never used by the engine on a `docker pull`. > **Note**: the `--insecure` flag is not required to annotate a manifest list,
> since annotations are to a locally-stored copy of a manifest list. You may also
> skip the `--insecure` flag if you are performing a `docker manifest inspect`
> on a locally-stored manifest list. Be sure to keep in mind that locally-stored
> manifest lists are never used by the engine on a `docker pull`.

View File

@ -192,7 +192,7 @@ The following filter matches all user defined networks:
```bash ```bash
$ docker network ls --filter type=custom $ docker network ls --filter type=custom
NETWORK ID NAME DRIVER SCOPE NETWORK ID NAME DRIVER SCOPE
95e74588f40d foo bridge local 95e74588f40d foo bridge local
63d1ff1f77b0 dev bridge local 63d1ff1f77b0 dev bridge local
``` ```

View File

@ -42,87 +42,94 @@ details of the format.
### Inspect a node ### Inspect a node
```none ```bash
$ docker node inspect swarm-manager $ docker node inspect swarm-manager
```
```json
[ [
{ {
"ID": "e216jshn25ckzbvmwlnh5jr3g", "ID": "e216jshn25ckzbvmwlnh5jr3g",
"Version": { "Version": {
"Index": 10 "Index": 10
}, },
"CreatedAt": "2017-05-16T22:52:44.9910662Z", "CreatedAt": "2017-05-16T22:52:44.9910662Z",
"UpdatedAt": "2017-05-16T22:52:45.230878043Z", "UpdatedAt": "2017-05-16T22:52:45.230878043Z",
"Spec": { "Spec": {
"Role": "manager", "Role": "manager",
"Availability": "active" "Availability": "active"
}, },
"Description": { "Description": {
"Hostname": "swarm-manager", "Hostname": "swarm-manager",
"Platform": { "Platform": {
"Architecture": "x86_64", "Architecture": "x86_64",
"OS": "linux" "OS": "linux"
}, },
"Resources": { "Resources": {
"NanoCPUs": 1000000000, "NanoCPUs": 1000000000,
"MemoryBytes": 1039843328 "MemoryBytes": 1039843328
}, },
"Engine": { "Engine": {
"EngineVersion": "17.06.0-ce", "EngineVersion": "17.06.0-ce",
"Plugins": [ "Plugins": [
{ {
"Type": "Volume", "Type": "Volume",
"Name": "local" "Name": "local"
}, },
{ {
"Type": "Network", "Type": "Network",
"Name": "overlay" "Name": "overlay"
}, },
{ {
"Type": "Network", "Type": "Network",
"Name": "null" "Name": "null"
}, },
{ {
"Type": "Network", "Type": "Network",
"Name": "host" "Name": "host"
}, },
{ {
"Type": "Network", "Type": "Network",
"Name": "bridge" "Name": "bridge"
}, },
{ {
"Type": "Network", "Type": "Network",
"Name": "overlay" "Name": "overlay"
} }
] ]
}, },
"TLSInfo": { "TLSInfo": {
"TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n", "TrustRoot": "-----BEGIN CERTIFICATE-----\nMIIBazCCARCgAwIBAgIUOzgqU4tA2q5Yv1HnkzhSIwGyIBswCgYIKoZIzj0EAwIw\nEzERMA8GA1UEAxMIc3dhcm0tY2EwHhcNMTcwNTAyMDAyNDAwWhcNMzcwNDI3MDAy\nNDAwWjATMREwDwYDVQQDEwhzd2FybS1jYTBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABMbiAmET+HZyve35ujrnL2kOLBEQhFDZ5MhxAuYs96n796sFlfxTxC1lM/2g\nAh8DI34pm3JmHgZxeBPKUURJHKWjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MB0GA1UdDgQWBBS3sjTJOcXdkls6WSY2rTx1KIJueTAKBggqhkjO\nPQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3\nzONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==\n-----END CERTIFICATE-----\n",
"CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh", "CertIssuerSubject": "MBMxETAPBgNVBAMTCHN3YXJtLWNh",
"CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==" "CertIssuerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ=="
} }
}, },
"Status": { "Status": {
"State": "ready", "State": "ready",
"Addr": "168.0.32.137" "Addr": "168.0.32.137"
}, },
"ManagerStatus": { "ManagerStatus": {
"Leader": true, "Leader": true,
"Reachability": "reachable", "Reachability": "reachable",
"Addr": "168.0.32.137:2377" "Addr": "168.0.32.137:2377"
} }
} }
] ]
``` ```
### Specify an output format ### Specify an output format
```none ```bash
$ docker node inspect --format '{{ .ManagerStatus.Leader }}' self $ docker node inspect --format '{{ .ManagerStatus.Leader }}' self
false false
```
Use `--format=pretty` or the `--pretty` shorthand to pretty-print the output:
```bash
$ docker node inspect --format=pretty self
$ docker node inspect --pretty self
ID: e216jshn25ckzbvmwlnh5jr3g ID: e216jshn25ckzbvmwlnh5jr3g
Hostname: swarm-manager Hostname: swarm-manager
Joined at: 2017-05-16 22:52:44.9910662 +0000 utc Joined at: 2017-05-16 22:52:44.9910662 +0000 utc
@ -157,8 +164,8 @@ PQQDAgNJADBGAiEAoeVWkaXgSUAucQmZ3Yhmx22N/cq1EPBgYHOBZmHt0NkCIQC3
zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ== zONcJ/+WA21OXtb+vcijpUOXtNjyHfcox0N8wsLDqQ==
-----END CERTIFICATE----- -----END CERTIFICATE-----
Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ== Issuer Public Key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExuICYRP4dnK97fm6OucvaQ4sERCEUNnkyHEC5iz3qfv3qwWV/FPELWUz/aACHwMjfimbcmYeBnF4E8pRREkcpQ==
Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh Issuer Subject: MBMxETAPBgNVBAMTCHN3YXJtLWNh
``` ```
## Related commands ## Related commands

View File

@ -162,7 +162,7 @@ The following example uses a template without headers and outputs the
```bash ```bash
$ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}" $ docker node ls --format "{{.ID}}: {{.Hostname}} {{.TLSStatus}}"
e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready
35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation 35o6tiywb700jesrt3dmllaza: swarm-worker1 Needs Rotation
``` ```

View File

@ -87,7 +87,7 @@ e90b8831a4b8 nginx "/bin/bash -c 'mkdir " 11 weeks ago Up 4 hours
``` ```
* The "size" information shows the amount of data (on disk) that is used for the _writable_ layer of each container * The "size" information shows the amount of data (on disk) that is used for the _writable_ layer of each container
* The "virtual size" is the total amount of disk-space used for the read-only _image_ data used by the container and the writable layer. * The "virtual size" is the total amount of disk-space used for the read-only _image_ data used by the container and the writable layer.
For more information, refer to the [container size on disk](https://docs.docker.com/storage/storagedriver/#container-size-on-disk) section. For more information, refer to the [container size on disk](https://docs.docker.com/storage/storagedriver/#container-size-on-disk) section.

View File

@ -36,9 +36,9 @@ image and tag names.
Killing the `docker push` process, for example by pressing `CTRL-c` while it is Killing the `docker push` process, for example by pressing `CTRL-c` while it is
running in a terminal, terminates the push operation. running in a terminal, terminates the push operation.
Progress bars are shown during docker push, which show the uncompressed size. The Progress bars are shown during docker push, which show the uncompressed size.
actual amount of data that's pushed will be compressed before sending, so the uploaded The actual amount of data that's pushed will be compressed before sending, so
size will not be reflected by the progress bar. the uploaded size will not be reflected by the progress bar.
Registry credentials are managed by [docker login](login.md). Registry credentials are managed by [docker login](login.md).

View File

@ -50,7 +50,7 @@ This example displays images with a name containing 'busybox':
$ docker search busybox $ docker search busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 316 [OK] busybox Busybox base image. 316 [OK]
progrium/busybox 50 [OK] progrium/busybox 50 [OK]
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
odise/busybox-python 2 [OK] odise/busybox-python 2 [OK]
@ -85,7 +85,7 @@ at least 3 stars and the description isn't truncated in the output:
```bash ```bash
$ docker search --filter=stars=3 --no-trunc busybox $ docker search --filter=stars=3 --no-trunc busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 325 [OK] busybox Busybox base image. 325 [OK]
progrium/busybox 50 [OK] progrium/busybox 50 [OK]
radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made from scratch. Comes in git and cURL flavors. 8 [OK]
``` ```
@ -115,7 +115,7 @@ least 3 stars:
$ docker search --filter stars=3 busybox $ docker search --filter stars=3 busybox
NAME DESCRIPTION STARS OFFICIAL AUTOMATED NAME DESCRIPTION STARS OFFICIAL AUTOMATED
busybox Busybox base image. 325 [OK] busybox Busybox base image. 325 [OK]
progrium/busybox 50 [OK] progrium/busybox 50 [OK]
radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK] radial/busyboxplus Full-chain, Internet enabled, busybox made... 8 [OK]
``` ```
@ -193,10 +193,10 @@ $ docker search --format "table {{.Name}}\t{{.IsAutomated}}\t{{.IsOfficial}}" ng
NAME AUTOMATED OFFICIAL NAME AUTOMATED OFFICIAL
nginx [OK] nginx [OK]
jwilder/nginx-proxy [OK] jwilder/nginx-proxy [OK]
richarvey/nginx-php-fpm [OK] richarvey/nginx-php-fpm [OK]
jrcs/letsencrypt-nginx-proxy-companion [OK] jrcs/letsencrypt-nginx-proxy-companion [OK]
million12/nginx-php [OK] million12/nginx-php [OK]
webdevops/php-nginx [OK] webdevops/php-nginx [OK]
{% endraw %} {% endraw %}
``` ```

View File

@ -724,7 +724,7 @@ After adding the `region=east` label to a node in the cluster, the service
reconciles, and the desired number of replicas are deployed: reconciles, and the desired number of replicas are deployed:
```bash ```bash
$ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l $ docker node update --label-add region=east yswe2dm4c5fdgtsrli1e8ya5l
yswe2dm4c5fdgtsrli1e8ya5l yswe2dm4c5fdgtsrli1e8ya5l
$ docker service ls $ docker service ls
@ -925,7 +925,7 @@ The swarm extends my-network to each node running the service.
Containers on the same network can access each other using Containers on the same network can access each other using
[service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery). [service discovery](https://docs.docker.com/engine/swarm/networking/#use-swarm-mode-service-discovery).
Long form syntax of `--network` allows to specify list of aliases and driver options: Long form syntax of `--network` allows to specify list of aliases and driver options:
`--network name=my-network,alias=web1,driver-opt=field1=value1` `--network name=my-network,alias=web1,driver-opt=field1=value1`
### Publish service ports externally to the swarm (-p, --publish) ### Publish service ports externally to the swarm (-p, --publish)

View File

@ -123,21 +123,21 @@ JSON output, by using the `--pretty` option:
```bash ```bash
$ docker service inspect --pretty frontend $ docker service inspect --pretty frontend
ID: c8wgl7q4ndfd52ni6qftkvnnp ID: c8wgl7q4ndfd52ni6qftkvnnp
Name: frontend Name: frontend
Labels: Labels:
- org.example.projectname=demo-app - org.example.projectname=demo-app
Service Mode: REPLICATED Service Mode: REPLICATED
Replicas: 5 Replicas: 5
Placement: Placement:
UpdateConfig: UpdateConfig:
Parallelism: 0 Parallelism: 0
On failure: pause On failure: pause
Max failure ratio: 0 Max failure ratio: 0
ContainerSpec: ContainerSpec:
Image: nginx:alpine Image: nginx:alpine
Resources: Resources:
Networks: net1 Networks: net1
Endpoint Mode: vip Endpoint Mode: vip
Ports: Ports:
PublishedPort = 4443 PublishedPort = 4443

View File

@ -149,12 +149,12 @@ the port is configured:
```bash ```bash
docker info docker info
... ...
ClusterID: 9vs5ygs0gguyyec4iqf2314c0 ClusterID: 9vs5ygs0gguyyec4iqf2314c0
Managers: 1 Managers: 1
Nodes: 1 Nodes: 1
Data Path Port: 7777 Data Path Port: 7777
... ...
``` ```
### `--default-addr-pool` ### `--default-addr-pool`

View File

@ -378,8 +378,8 @@ SIGNED TAG DIGEST
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin) latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
Administrative keys for alpine:latest: Administrative keys for alpine:latest:
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
``` ```
The `SIGNED TAG` is the signed image tag with a unique content-addressable The `SIGNED TAG` is the signed image tag with a unique content-addressable
@ -406,8 +406,8 @@ bob 034370bcbd77, 82a66673242c
carol b6f9f8e1aab0 carol b6f9f8e1aab0
Administrative keys for my-image: Administrative keys for my-image:
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
``` ```
However, if other tags are signed in the same image repository, However, if other tags are signed in the same image repository,
@ -420,8 +420,8 @@ No signatures for alpine:unsigned
Administrative keys for alpine:unsigned: Administrative keys for alpine:unsigned:
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
``` ```
### Get details about signatures for all image tags in a repository ### Get details about signatures for all image tags in a repository
@ -441,8 +441,8 @@ edge 79d50d15bd7ea48ea00cf3dd343b0e740c1afaa8e899bee475236ef338e1
latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin) latest 1072e499f3f655a032e88542330cf75b02e7bdf673278f701d7ba61629ee3ebe (Repo Admin)
Administrative keys for alpine: Administrative keys for alpine:
Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd Repository Key: 5a46c9aaa82ff150bb7305a2d17d0c521c2d784246807b2dc611f436a69041fd
Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce Root Key: a2489bcac7a79aa67b19b96c4a3bf0c675ffdf00c6d2fabe1a5df1115e80adce
``` ```
Here's an example with signers that are set up by `docker trust` commands: Here's an example with signers that are set up by `docker trust` commands:
@ -465,6 +465,6 @@ bob 034370bcbd77, 82a66673242c
carol b6f9f8e1aab0 carol b6f9f8e1aab0
Administrative keys for my-image: Administrative keys for my-image:
Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44 Repository Key: 27df2c8187e7543345c2e0bf3a1262e0bc63a72754e9a7395eac3f747ec23a44
Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f Root Key: 40b66ccc8b176be8c7d365a17f3e046d1c3494e053dd57cfeacfe2e19c4f8e8f
``` ```

View File

@ -43,7 +43,6 @@ Repeat passphrase for new alice key with ID 17acf3c:
Successfully generated and loaded private key. Corresponding public key available: alice.pub Successfully generated and loaded private key. Corresponding public key available: alice.pub
$ ls $ ls
alice.pub alice.pub
``` ```
The private signing key is encrypted by the passphrase and loaded into the docker trust keystore. The private signing key is encrypted by the passphrase and loaded into the docker trust keystore.
@ -63,5 +62,4 @@ Repeat passphrase for new alice key with ID 17acf3c:
Successfully generated and loaded private key. Corresponding public key available: alice.pub Successfully generated and loaded private key. Corresponding public key available: alice.pub
$ ls /foo $ ls /foo
alice.pub alice.pub
``` ```

View File

@ -27,7 +27,9 @@ Options:
## Description ## Description
`docker trust key load` adds private keys to the local docker trust keystore. To add a signer to a repository use `docker trust signer add`. `docker trust key load` adds private keys to the local docker trust keystore.
To add a signer to a repository use `docker trust signer add`.
## Examples ## Examples
@ -39,19 +41,18 @@ For a private key `alice.pem` with permissions `-rw-------`
$ docker trust key load alice.pem $ docker trust key load alice.pem
Loading key from "alice.pem"... Loading key from "alice.pem"...
Enter passphrase for new signer key with ID f8097df: Enter passphrase for new signer key with ID f8097df:
Repeat passphrase for new signer key with ID f8097df: Repeat passphrase for new signer key with ID f8097df:
Successfully imported key from alice.pem Successfully imported key from alice.pem
``` ```
to specify a name use the `--name` flag
To specify a name use the `--name` flag:
```bash ```bash
$ docker trust key load --name alice-key alice.pem $ docker trust key load --name alice-key alice.pem
Loading key from "alice.pem"... Loading key from "alice.pem"...
Enter passphrase for new alice-key key with ID f8097df: Enter passphrase for new alice-key key with ID f8097df:
Repeat passphrase for new alice-key key with ID f8097df: Repeat passphrase for new alice-key key with ID f8097df:
Successfully imported key from alice.pem Successfully imported key from alice.pem
``` ```

View File

@ -49,8 +49,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
When `alice`, one of the signers, runs `docker trust revoke`: When `alice`, one of the signers, runs `docker trust revoke`:
@ -75,8 +75,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
### Revoke signatures on all tags in a repository ### Revoke signatures on all tags in a repository
@ -96,8 +96,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
When `alice`, one of the signers, runs `docker trust revoke`: When `alice`, one of the signers, runs `docker trust revoke`:
@ -124,7 +124,7 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```

View File

@ -42,8 +42,8 @@ SIGNED TAG DIGEST
v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin) v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c83570a41 (Repo Admin)
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942 Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
``` ```
Sign a new tag with `docker trust sign`: Sign a new tag with `docker trust sign`:
@ -65,7 +65,7 @@ Enter passphrase for repository key with ID 36d4c36:
Successfully signed docker.io/example/trust-demo:v2 Successfully signed docker.io/example/trust-demo:v2
``` ```
`docker trust view` lists the new signature: Use `docker trust view` to list the new signature:
```bash ```bash
$ docker trust view example/trust-demo $ docker trust view example/trust-demo
@ -74,8 +74,8 @@ v1 c24134c079c35e698060beabe110bb83ab285d0d978de7d92fed2c8c8357
v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin) v2 8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 (Repo Admin)
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942 Repository Key: 36d4c3601102fa7c5712a343c03b94469e5835fb27c191b529c06fd19c14a942
Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b Root Key: 246d360f7c53a9021ee7d4259e3c5692f3f1f7ad4737b1ea8c7b8da741ad980b
``` ```
### Sign a tag as a signer ### Sign a tag as a signer
@ -95,8 +95,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
Sign a new tag with `docker trust sign`: Sign a new tag with `docker trust sign`:
@ -130,8 +130,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
## Initialize a new repo and sign a tag ## Initialize a new repo and sign a tag
@ -178,7 +178,6 @@ SIGNER KEYS
alice 6d52b29d940f alice 6d52b29d940f
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb Repository Key: 731396b65eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 Root Key: 70d174714bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
``` ```

View File

@ -33,7 +33,7 @@ Options:
### Add a signer to a repo ### Add a signer to a repo
To add a new signer, `alice`, to this repository: To add a new signer, `alice`, to this repository:
```bash ```bash
$ docker trust view example/trust-demo $ docker trust view example/trust-demo
@ -47,8 +47,8 @@ SIGNER KEYS
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
Add `alice` with `docker trust signer add`: Add `alice` with `docker trust signer add`:
@ -56,8 +56,8 @@ Add `alice` with `docker trust signer add`:
```bash ```bash
$ docker trust signer add alice example/trust-demo --key alice.crt $ docker trust signer add alice example/trust-demo --key alice.crt
Adding signer "alice" to example/trust-demo... Adding signer "alice" to example/trust-demo...
Enter passphrase for repository key with ID 642692c: Enter passphrase for repository key with ID 642692c:
Successfully added signer: alice to example/trust-demo Successfully added signer: alice to example/trust-demo
``` ```
`docker trust view` now lists `alice` as a valid signer: `docker trust view` now lists `alice` as a valid signer:
@ -75,8 +75,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: 642692c14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
## Initialize a new repo and add a signer ## Initialize a new repo and add a signer
@ -91,12 +91,12 @@ No signatures or cannot access example/trust-demo
```bash ```bash
$ docker trust signer add alice example/trust-demo --key alice.crt $ docker trust signer add alice example/trust-demo --key alice.crt
Initializing signed repository for example/trust-demo... Initializing signed repository for example/trust-demo...
Enter passphrase for root key with ID 748121c: Enter passphrase for root key with ID 748121c:
Enter passphrase for new repository key with ID 95b9e55: Enter passphrase for new repository key with ID 95b9e55:
Repeat passphrase for new repository key with ID 95b9e55: Repeat passphrase for new repository key with ID 95b9e55:
Successfully initialized "example/trust-demo" Successfully initialized "example/trust-demo"
Adding signer "alice" to example/trust-demo... Adding signer "alice" to example/trust-demo...
Successfully added signer: alice to example/trust-demo Successfully added signer: alice to example/trust-demo
``` ```
@ -114,13 +114,12 @@ SIGNER KEYS
alice 6d52b29d940f alice 6d52b29d940f
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb Repository Key: 95b9e5565eac3ef5ec01406801bdfb70feb40c17808d2222427c18046eb63beb
Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103 Root Key: 748121c14bd1461f6c58cb3ef39087c8fdc7633bb11a98af844fd9a04e208103
``` ```
## Add a signer to multiple repos ## Add a signer to multiple repos
To add a signer, `alice`, to multiple repositories: To add a signer, `alice`, to multiple repositories:
```bash ```bash
$ docker trust view example/trust-demo $ docker trust view example/trust-demo
SIGNED TAG DIGEST SIGNERS SIGNED TAG DIGEST SIGNERS
@ -132,8 +131,8 @@ SIGNER KEYS
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
```bash ```bash
$ docker trust view example/trust-demo2 $ docker trust view example/trust-demo2
@ -146,19 +145,19 @@ SIGNER KEYS
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo2: Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
Add `alice` to both repositories with a single `docker trust signer add` command: Add `alice` to both repositories with a single `docker trust signer add` command:
```bash ```bash
$ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt $ docker trust signer add alice example/trust-demo example/trust-demo2 --key alice.crt
Adding signer "alice" to example/trust-demo... Adding signer "alice" to example/trust-demo...
Enter passphrase for repository key with ID 95b9e55: Enter passphrase for repository key with ID 95b9e55:
Successfully added signer: alice to example/trust-demo Successfully added signer: alice to example/trust-demo
Adding signer "alice" to example/trust-demo2... Adding signer "alice" to example/trust-demo2...
Enter passphrase for repository key with ID ece554f: Enter passphrase for repository key with ID ece554f:
Successfully added signer: alice to example/trust-demo2 Successfully added signer: alice to example/trust-demo2
``` ```
`docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`: `docker trust view` now lists `alice` as a valid signer of both `example/trust-demo` and `example/trust-demo2`:
@ -176,8 +175,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
```bash ```bash
$ docker trust view example/trust-demo2 $ docker trust view example/trust-demo2
@ -191,8 +190,8 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo2: Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
@ -204,7 +203,7 @@ Adding signer "alice" to example/unauthorized...
you are not authorized to perform this operation: server returned 401. you are not authorized to perform this operation: server returned 401.
Adding signer "alice" to example/authorized... Adding signer "alice" to example/authorized...
Enter passphrase for repository key with ID c6772a0: Enter passphrase for repository key with ID c6772a0:
Successfully added signer: alice to example/authorized Successfully added signer: alice to example/authorized
Failed to add signer to: example/unauthorized Failed to add signer to: example/unauthorized

View File

@ -33,8 +33,7 @@ Options:
### Remove a signer from a repo ### Remove a signer from a repo
To remove an existing signer, `alice`, from this repository: To remove an existing signer, `alice`, from this repository:
```bash ```bash
$ docker trust view example/trust-demo $ docker trust view example/trust-demo
@ -48,18 +47,18 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
Remove `alice` with `docker trust signer remove`: Remove `alice` with `docker trust signer remove`:
```bash ```bash
$ docker trust signer remove alice example/trust-demo $ docker trust signer remove alice example/trust-demo
Removing signer "alice" from image example/trust-demo...
Enter passphrase for repository key with ID 642692c:
Successfully removed alice from example/trust-demo
Removing signer "alice" from image example/trust-demo...
Enter passphrase for repository key with ID 642692c:
Successfully removed alice from example/trust-demo
``` ```
`docker trust view` now does not list `alice` as a valid signer: `docker trust view` now does not list `alice` as a valid signer:
@ -76,13 +75,13 @@ SIGNER KEYS
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
### Remove a signer from multiple repos ### Remove a signer from multiple repos
To remove an existing signer, `alice`, from multiple repositories: To remove an existing signer, `alice`, from multiple repositories:
```bash ```bash
$ docker trust view example/trust-demo $ docker trust view example/trust-demo
@ -96,9 +95,10 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
```bash ```bash
$ docker trust view example/trust-demo2 $ docker trust view example/trust-demo2
SIGNED TAG DIGEST SIGNERS SIGNED TAG DIGEST SIGNERS
@ -111,22 +111,27 @@ alice 05e87edcaecb
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo2: Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
Remove `alice` from both images with a single `docker trust signer remove` command: Remove `alice` from both images with a single `docker trust signer remove` command:
```bash ```bash
$ docker trust signer remove alice example/trust-demo example/trust-demo2 $ docker trust signer remove alice example/trust-demo example/trust-demo2
Removing signer "alice" from image example/trust-demo... Removing signer "alice" from image example/trust-demo...
Enter passphrase for repository key with ID 95b9e55: Enter passphrase for repository key with ID 95b9e55:
Successfully removed alice from example/trust-demo Successfully removed alice from example/trust-demo
Removing signer "alice" from image example/trust-demo2... Removing signer "alice" from image example/trust-demo2...
Enter passphrase for repository key with ID ece554f: Enter passphrase for repository key with ID ece554f:
Successfully removed alice from example/trust-demo2 Successfully removed alice from example/trust-demo2
``` ```
`docker trust view` no longer lists `alice` as a valid signer of either `example/trust-demo` or `example/trust-demo2`:
Run `docker trust view` to confirm that `alice` is no longer listed as a valid
signer of either `example/trust-demo` or `example/trust-demo2`:
```bash ```bash
$ docker trust view example/trust-demo $ docker trust view example/trust-demo
SIGNED TAG DIGEST SIGNERS SIGNED TAG DIGEST SIGNERS
@ -138,9 +143,10 @@ SIGNER KEYS
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo: Administrative keys for example/trust-demo:
Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
```bash ```bash
$ docker trust view example/trust-demo2 $ docker trust view example/trust-demo2
SIGNED TAG DIGEST SIGNERS SIGNED TAG DIGEST SIGNERS
@ -152,19 +158,22 @@ SIGNER KEYS
bob 5600f5ab76a2 bob 5600f5ab76a2
Administrative keys for example/trust-demo2: Administrative keys for example/trust-demo2:
Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268
Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
``` ```
`docker trust signer remove` removes signers to repositories on a best effort basis, so it will continue to remove the signer from subsequent repositories if one attempt fails: `docker trust signer remove` removes signers to repositories on a best effort
basis, so it will continue to remove the signer from subsequent repositories if
one attempt fails:
```bash ```bash
$ docker trust signer remove alice example/unauthorized example/authorized $ docker trust signer remove alice example/unauthorized example/authorized
Removing signer "alice" from image example/unauthorized... Removing signer "alice" from image example/unauthorized...
No signer alice for image example/unauthorized No signer alice for image example/unauthorized
Removing signer "alice" from image example/authorized... Removing signer "alice" from image example/authorized...
Enter passphrase for repository key with ID c6772a0: Enter passphrase for repository key with ID c6772a0:
Successfully removed alice from example/authorized Successfully removed alice from example/authorized
Error removing signer from: example/unauthorized Error removing signer from: example/unauthorized