github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 01:59:07 +00:00
Code Issues Projects Releases Wiki Activity

trust: add yaml docs

Browse Source 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy 2017-04-08 17:25:33 -07:00
parent 7f79de1b6f
commit b1475d33bc
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/yaml.md
View File

@ -35,6 +35,18 @@ These containers are started with `containerd` and are expected to remain runnin
is not guaranteed, so containers should wait on any resources, such as networking, that they need.
For details of the config for each container, see below.
## `trust`
This section specifies which build components are to be cryptographically verified with
[Docker Content Trust](https://docs.docker.com/engine/security/trust/content_trust/) prior to pulling.
Trust is a central concern in any build system, and Moby's is no exception: Docker Content Trust provides authenticity,
integrity, and freshness guarantees for the components it verifies. The Moby maintainers are responsible for signing
`mobylinux` components, though collaborators can sign their own images with Docker Content Trust or [Notary](https://github.com/docker/notary).
- `image` lists which individual images to enforce pulling with Docker Content Trust.
The image name may include tag or digest, but the matching also succeeds if the base image name is the same.
- `org` lists which organizations for which Docker Content Trust is to be enforced across all images (ex: `mobylinux` is the org for `mobylinux/kernel`)
## `output`
This section specifies the output formats that are created. Files are created with the base name of