diff --git a/cmd/skopeo/main.go b/cmd/skopeo/main.go index 0b714b31..6761fd93 100644 --- a/cmd/skopeo/main.go +++ b/cmd/skopeo/main.go @@ -56,6 +56,11 @@ func createApp() *cli.App { Value: "", Usage: "Path to a trust policy file", }, + cli.StringFlag{ + Name: "registries.d", + Value: "", + Usage: "use registry configuration files in `DIR` (e.g. for docker signature storage)", + }, } app.Before = func(c *cli.Context) error { if c.GlobalBool("debug") { diff --git a/cmd/skopeo/utils.go b/cmd/skopeo/utils.go index 93f9e331..c5535853 100644 --- a/cmd/skopeo/utils.go +++ b/cmd/skopeo/utils.go @@ -8,10 +8,10 @@ import ( // contextFromGlobalOptions returns a types.SystemContext depending on c. func contextFromGlobalOptions(c *cli.Context) *types.SystemContext { - certPath := c.GlobalString("cert-path") tlsVerify := c.GlobalBool("tls-verify") // FIXME!! defaults to false return &types.SystemContext{ - DockerCertPath: certPath, + RegistriesDirPath: c.GlobalString("registries.d"), + DockerCertPath: c.GlobalString("cert-path"), DockerInsecureSkipTLSVerify: !tlsVerify, } } diff --git a/docs/skopeo.1.md b/docs/skopeo.1.md index 9dbce05c..ac0644f9 100644 --- a/docs/skopeo.1.md +++ b/docs/skopeo.1.md @@ -45,6 +45,8 @@ Most commands refer to container images, using a _transport_`:`_details_ format. **--policy** _path-to-policy_ Path to a policy.json file to use for verifying signatures and deciding whether an image is trusted, overriding the default trust policy file. + **--registries.d** _dir_ use registry configuration files in _dir_ (e.g. for docker signature storage), overriding the default path. + **--tls-verify** _bool-value_ Verify certificates **--help**|**-h** Show help @@ -64,7 +66,7 @@ Uses the system's trust policy to validate images, rejects images not trusted by _destination-image_ use the "image name" format described above - **--remove-signatures** do not copy signatures, if any, from _source-image_. Necessary when copying a signed image to a destination which does not support signatures. + **--remove-signatures** do not copy signatures, if any, from _source-image_. Necessary when copying a signed image to a destination which does not support signatures. **--sign-by=**_key-id_ add a signature using that key ID for an image name corresponding to _destination-image_ @@ -100,7 +102,7 @@ Get image layers of _image-name_ ## skopeo manifest-digest **skopeo manifest-digest** _manifest-file_ -Compute a manifest digest of _manifest-file_ and write it to standard output. +Compute a manifest digest of _manifest-file_ and write it to standard output. ## skopeo standalone-sign **skopeo standalone-sign** _manifest docker-reference key-fingerprint_ **--output**|**-o** _signature_ @@ -139,6 +141,10 @@ show help for `skopeo` Default trust policy file, if **--policy** is not specified. The policy format is documented in https://github.com/containers/image/blob/master/docs/policy.json.md . + **/etc/containers/registries.d** + Default directory containing registry configuration, if **--registries.d** is not specified. + The contents of this directory are documented in https://github.com/containers/image/blob/master/docs/registries.d.md . + # EXAMPLES ## skopeo copy