aweiteka/trust-show.md

Last active September 18, 2016 11:05

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/aweiteka/9027d8c999290f1c2a9ea88ca06cc202.js"></script>
Save aweiteka/9027d8c999290f1c2a9ea88ca06cc202 to your computer and use it in GitHub Desktop.

Trust policy show output

Raw

$ atomic trust show
REPO                        ACTION             SIGSTORE
----                        ------             --------
docker.io                   accept
docker.io/centos            require signature  https://s3.amazonaws.com/centos-sigstore/
registry.access.redhat.com  require signature  https://cdn.redhat.com/containers/sigstore
*                           reject

$ atomic trust show --raw
{
   ... # Raw policy.json file
}
$ atomic trust show docker.io/fedora
accept
$ atomic trust show docker.io/centos
Requires signature: /etc/pki/containers/[email protected]
$ atomic trust show registry.private-registry.example.com
reject

rhatdan commented Sep 17, 2016

It might be good to show in hierarchy order.
Looking at your display I am not sure if Centos images would or would not requie signatures if pulled from docker.io?

rhatdan commented Sep 17, 2016

But I like this and we really need it. Since we do not tell the user anything about the policy.conf right now, they have no idea how to review their policy.

aweiteka/trust-show.md

rhatdan commented Sep 17, 2016

Uh oh!

rhatdan commented Sep 17, 2016

Uh oh!