root
/
buildah
mirror of https://github.com/containers/buildah.git
1
0
Fork 0
Code Issues Actions 2 Packages Projects Releases Wiki Activity
buildah/docs/buildah-pull.1.md

150 lines
6.1 KiB
Markdown
Raw Normal View History

Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
# buildah-pull "1" "July 2018" "buildah"
## NAME
Fix typo in buildah-pull(1) 'buildah pull' doesn't create a working container. It only pulls an image from a registry. Fixes: 834a6c848ceae3c2 ("Create buildah pull command") Signed-off-by: Debarshi Ray <rishi@fedoraproject.org> Closes: #1545 Approved by: rhatdan
2019-04-24 19:51:03 +08:00
buildah\-pull - Pull an image from a registry.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
## SYNOPSIS
**buildah pull** [*options*] *image*
## DESCRIPTION
[CI:DOCS] push/pull: clarify supported transports As pointed out in containers/podman/issues/10730, the man pages of buildah/podman push/pull were incomplete in explaining all supported transports. To keep things simple, explain the defaults, refer to containers-transports(5). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-06-23 16:35:06 +08:00
Pulls an image based upon the specified input. It supports all transports from `containers-transports(5)` (see examples below). If no transport is specified, the input is subject to short-name resolution (see `containers-registries.conf(5)`) and the `docker` (i.e., container registry) transport is used.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
### DEPENDENCIES
Buildah resolves the path to the registry to pull from by using the /etc/containers/registries.conf
docs: fix references to containers-*.5 Fix man page instances of 'registries.conf(5)' et al. The correct man page is containers-registries.conf(5). Found via: $ for i in registries.conf storage.conf policy.json ; do grep $i.5 docs/*.md | grep -v containers-$i;done In buildah.md, I simply removed the storage.conf line from the 'Commands' table because it's not a command. Signed-off-by: Ed Santiago <santiago@redhat.com> Closes: #2068 Approved by: TomSweeneyRedHat
2020-01-08 01:23:23 +08:00
file, containers-registries.conf(5). If the `buildah pull` command fails with an "image not known" error,
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
first verify that the registries.conf file is installed and configured appropriately.
## RETURN VALUE
The image ID of the image that was pulled. On error 1 is returned.
## OPTIONS
New CI check: xref --help vs man pages Run 'buildah --help', recursively against all subcommands, then cross-reference the results against docs/buildah*.md. Report differences in subcommands and/or flags. The majority of the changes in this PR are trivial (see below) but a handful may be controversial and require careful review: * Making 'bud' the default output of 'buildah help', with 'build-using-dockerfile' as an alias. This is the inverse of the situation until now: buildah would list build-using-dockerfile as the primary name. The man page, OTOH, lists 'bud'. The source file name is 'bud'. I suspect that most people type 'bud'. So, for consistency, I choose to make 'bud' the default visible command. * add --encryption-key and --encrypt-layer documentation to buildah-commit.md, and --encrypt-layer to -push.md. Please double-check the wording here. * remove --notruncate from buildah-images.md. The option does not exist (although there is a TODO comment in the code). If it should exist, it is left to the reader to implement. I would humbly suggest that this is a good idea, for consistency with buildah containers. * remove --shm-size from buildah-pull.md. The option does not exist, and I suspect this was a copy-paste error. * remove --security-opt from run.go. It was unimplemented and undocumented. * remove --userns-[gu]id-map from buildah-bud.md. These are global options, not bud options, and are documented well enough in buildah.bud. Trivial (IMO) changes: * split options in man pages, from '**--foo, -f**' to '**--foo**, **-f**'. This conforms with the style used in podman man pages. * add missing one-letter aliases (usually "-q", "-a") * add missing man page entries for some easy options * sort out-of-order subcommand listings in man pages Finally, do note that this is a copy-and-alter duplicate of the original script in podman, and that is horrible. In an ideal world I would've been able to refactor the podman version into something usable on both repos (and then more). It turns out the differences in man page format and in special-case handling are too broad to let me do a clean refactor. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-09-21 22:51:19 +08:00
**--all-tags**, **-a**
pull: add all-tags option Add all-tags option to download all tagged images in the repository After change: ``` ➜ buildah git:(add-pull-all) ✗ ./buildah pull --all-tags busybox Pulling docker://busybox:1-glibc Getting image source signatures Skipping fetch of repeat blob sha256:68d65759a692b254073928cce9b3da459b59ee063f4aeb217cd6bcdfac5f838b Copying config sha256:755a2703667876f4259f24a3225ef503483953ef553fba8758406beefc2ce3f9 1.46 KiB / 1.46 KiB [======================================================] 0s Writing manifest to image destination Storing signatures 755a2703667876f4259f24a3225ef503483953ef553fba8758406beefc2ce3f9 Pulling docker://busybox:1-musl Getting image source signatures Skipping fetch of repeat blob sha256:d900fc804a8829d0ea4db613927f60a28a1ef933aa1dbafdaab43630579646c2 Copying config sha256:3cc47384c4cb779466fe40182420bd90ba761a5f26f8564580a114bcd0dfa911 1.46 KiB / 1.46 KiB [======================================================] 0s Writing manifest to image destination Storing signatures 3cc47384c4cb779466fe40182420bd90ba761a5f26f8564580a114bcd0dfa911 Pulling docker://busybox:1-ubuntu ``` Signed-off-by: Zhou Hao <zhouhao@cn.fujitsu.com> Closes: #1263 Approved by: rhatdan
2019-01-07 15:06:36 +08:00
All tagged images in the repository will be pulled.
Use --arch and --os and --variant options to select architecture and os Remove --override-os and --override-arch flags. Also use --platform option if specified when generating the SystemContext. Conflict --platform option with --os, --arch and --variant options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-23 05:12:38 +08:00
**--arch**="ARCH"
bud: teach --platform to take a list Add a pkg/parse.PlatformsFromOptions() which understands a "variant" value as an optional third value in an OS/ARCH[/VARIANT] argument value, which accepts a comma-separated list of them, and which returns a list of platforms. Teach "from" and "pull" about the --platform option and add integration tests for them, warning if --platform was given multiple values. Add a define.BuildOptions.JobSemaphore which an imagebuildah executor will use in preference to one that it might allocate for itself. In main(), allocate a JobSemaphore if the number of jobs is not 0 (which we treat as "unlimited", and continue to allow executors to do). In addManifest(), take a lock on the manifest list's image ID so that we don't overwrite changes that another thread might be making while we're attempting to make changes to it. In main(), create an empty list if the list doesn't already exist before we start down this path, so that we don't get two threads trying to create that manifest list at the same time later on. Two processes could still try to create the same list twice, but it's an incremental improvement. Finally, if we've been given multiple platforms to build for, run their builds concurrently and gather up their results. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2021-06-22 22:52:49 +08:00
Set the ARCH of the image to be pulled to the provided value instead of using the architecture of the host. (Examples: arm, arm64, 386, amd64, ppc64le, s390x)
Use --arch and --os and --variant options to select architecture and os Remove --override-os and --override-arch flags. Also use --platform option if specified when generating the SystemContext. Conflict --platform option with --os, --arch and --variant options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-23 05:12:38 +08:00
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
**--authfile** *path*
Document location of auth.json file if XDG_RUNTIME_DIR is not set Fixes: https://github.com/containers/buildah/issues/3189 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-04-30 03:36:15 +08:00
Path of the authentication file. Default is ${XDG_\RUNTIME\_DIR}/containers/auth.json. If XDG_RUNTIME_DIR is not set, the default is /run/containers/$UID/auth.json. This file is created using using `buildah login`.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
Document location of auth.json file if XDG_RUNTIME_DIR is not set Fixes: https://github.com/containers/buildah/issues/3189 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2021-04-30 03:36:15 +08:00
Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
environment variable. `export REGISTRY_AUTH_FILE=path`
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
**--cert-dir** *path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
The default certificates directory is _/etc/containers/certs.d_.
**--creds** *creds*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and the
value can be entered. The password is entered without echo.
Ammended docs Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-05-20 03:12:29 +08:00
**--decryption-key** *key[:passphrase]*
implementation of encrypt/decrypt push/pull/bud/from Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-02 02:15:56 +08:00
Add --omit-timestamp flag to buildah bud Currently you can only do deterministic builds with commit command this change will cause the metadata in the container image to be epoch 0. Next step is to save the data in the tar balls as 0. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-08-11 17:28:41 +08:00
The [key[:passphrase]] to be used for decryption of images. Key can point to keys and/or certificates. Decryption will be tried with all keys. If the key is protected by a passphrase, it is required to be passed in the argument and omitted otherwise.
implementation of encrypt/decrypt push/pull/bud/from Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-04-02 02:15:56 +08:00
New CI check: xref --help vs man pages Run 'buildah --help', recursively against all subcommands, then cross-reference the results against docs/buildah*.md. Report differences in subcommands and/or flags. The majority of the changes in this PR are trivial (see below) but a handful may be controversial and require careful review: * Making 'bud' the default output of 'buildah help', with 'build-using-dockerfile' as an alias. This is the inverse of the situation until now: buildah would list build-using-dockerfile as the primary name. The man page, OTOH, lists 'bud'. The source file name is 'bud'. I suspect that most people type 'bud'. So, for consistency, I choose to make 'bud' the default visible command. * add --encryption-key and --encrypt-layer documentation to buildah-commit.md, and --encrypt-layer to -push.md. Please double-check the wording here. * remove --notruncate from buildah-images.md. The option does not exist (although there is a TODO comment in the code). If it should exist, it is left to the reader to implement. I would humbly suggest that this is a good idea, for consistency with buildah containers. * remove --shm-size from buildah-pull.md. The option does not exist, and I suspect this was a copy-paste error. * remove --security-opt from run.go. It was unimplemented and undocumented. * remove --userns-[gu]id-map from buildah-bud.md. These are global options, not bud options, and are documented well enough in buildah.bud. Trivial (IMO) changes: * split options in man pages, from '**--foo, -f**' to '**--foo**, **-f**'. This conforms with the style used in podman man pages. * add missing one-letter aliases (usually "-q", "-a") * add missing man page entries for some easy options * sort out-of-order subcommand listings in man pages Finally, do note that this is a copy-and-alter duplicate of the original script in podman, and that is horrible. In an ideal world I would've been able to refactor the podman version into something usable on both repos (and then more). It turns out the differences in man page format and in special-case handling are too broad to let me do a clean refactor. Signed-off-by: Ed Santiago <santiago@redhat.com>
2020-09-21 22:51:19 +08:00
**--quiet**, **-q**
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
If an image needs to be pulled from the registry, suppress progress output.
Use --arch and --os and --variant options to select architecture and os Remove --override-os and --override-arch flags. Also use --platform option if specified when generating the SystemContext. Conflict --platform option with --os, --arch and --variant options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-23 05:12:38 +08:00
**--os**="OS"
Set the OS of the image to be pulled instead of using the current operating system of the host.
bud: teach --platform to take a list Add a pkg/parse.PlatformsFromOptions() which understands a "variant" value as an optional third value in an OS/ARCH[/VARIANT] argument value, which accepts a comma-separated list of them, and which returns a list of platforms. Teach "from" and "pull" about the --platform option and add integration tests for them, warning if --platform was given multiple values. Add a define.BuildOptions.JobSemaphore which an imagebuildah executor will use in preference to one that it might allocate for itself. In main(), allocate a JobSemaphore if the number of jobs is not 0 (which we treat as "unlimited", and continue to allow executors to do). In addManifest(), take a lock on the manifest list's image ID so that we don't overwrite changes that another thread might be making while we're attempting to make changes to it. In main(), create an empty list if the list doesn't already exist before we start down this path, so that we don't get two threads trying to create that manifest list at the same time later on. Two processes could still try to create the same list twice, but it's an incremental improvement. Finally, if we've been given multiple platforms to build for, run their builds concurrently and gather up their results. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2021-06-22 22:52:49 +08:00
**--platform**="OS/ARCH[/VARIANT]"
Set the OS/ARCH of the image to be pulled
to the provided value instead of using the current operating system and
architecture of the host (for example `linux/arm`). If `--platform`
is set, then the values of the `--arch`, `--os`, and `--variant` options will
be overridden.
Add support for --manifest flags This patch allows users to build a multi arch image with simple commands using emulation software. ``` buildah bud --arch arm --manifest myimage /tmp/mysrc buildah bud --arch amd64 --manifest myimage /tmp/mysrc buildah bud --arch s390x --manifest myimage /tmp/mysrc ``` And something like this for buildah commit ``` build() { ctr=$(./bin/buildah from --arch $1 ubi8) ./bin/buildah run $ctr dnf install -y iputils ./bin/buildah commit --manifest ubi8ping $ctr } build arm build amd64 build s390x ``` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-30 20:16:24 +08:00
bud: teach --platform to take a list Add a pkg/parse.PlatformsFromOptions() which understands a "variant" value as an optional third value in an OS/ARCH[/VARIANT] argument value, which accepts a comma-separated list of them, and which returns a list of platforms. Teach "from" and "pull" about the --platform option and add integration tests for them, warning if --platform was given multiple values. Add a define.BuildOptions.JobSemaphore which an imagebuildah executor will use in preference to one that it might allocate for itself. In main(), allocate a JobSemaphore if the number of jobs is not 0 (which we treat as "unlimited", and continue to allow executors to do). In addManifest(), take a lock on the manifest list's image ID so that we don't overwrite changes that another thread might be making while we're attempting to make changes to it. In main(), create an empty list if the list doesn't already exist before we start down this path, so that we don't get two threads trying to create that manifest list at the same time later on. Two processes could still try to create the same list twice, but it's an incremental improvement. Finally, if we've been given multiple platforms to build for, run their builds concurrently and gather up their results. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2021-06-22 22:52:49 +08:00
OS/ARCH pairs are those used by the Go Programming Language. In several cases
the ARCH value for a platform differs from one produced by other tools such as
the `arch` command. Valid OS and architecture name combinations are listed as
values for $GOOS and $GOARCH at https://golang.org/doc/install/source#environment,
and can also be found by running `go tool dist list`.
Add support for --manifest flags This patch allows users to build a multi arch image with simple commands using emulation software. ``` buildah bud --arch arm --manifest myimage /tmp/mysrc buildah bud --arch amd64 --manifest myimage /tmp/mysrc buildah bud --arch s390x --manifest myimage /tmp/mysrc ``` And something like this for buildah commit ``` build() { ctr=$(./bin/buildah from --arch $1 ubi8) ./bin/buildah run $ctr dnf install -y iputils ./bin/buildah commit --manifest ubi8ping $ctr } build arm build amd64 build s390x ``` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-30 20:16:24 +08:00
Add --policy flag to buildah pull This allows the user to specify the pull policy for pulling images. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-11-10 19:58:31 +08:00
**--policy**=**always**|**missing**|**never**
Pull image policy. The default is **missing**.
- **missing**: attempt to pull the latest image from the registries listed in registries.conf if a local image does not exist. Raise an error if the image is not in any listed registry and is not present locally.
- **always**: Pull the image from the first registry it is found in as listed in registries.conf. Raise an error if not found in the registries, even if the image is present locally.
- **never**: do not pull the image from the registry, use only the local version. Raise an error if the image is not present locally.
add --sign-by to bud/commit/push, --remove-signatures for pull/push Add the --sign-by option to `buildah build-using-dockerfile`, `buildah commit`, `buildah push`, and `buildah manifest push`. Add the `--remove-signatures` option to `buildah pull`, `buildah push`, and `buildah manifest push`. We just pass them to the image library, which does all of the heavy lifting. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #2085 Approved by: rhatdan
2020-01-16 01:23:38 +08:00
**--remove-signatures**
Don't copy signatures when pulling images.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
**--tls-verify** *bool-value*
Add support for --manifest flags This patch allows users to build a multi arch image with simple commands using emulation software. ``` buildah bud --arch arm --manifest myimage /tmp/mysrc buildah bud --arch amd64 --manifest myimage /tmp/mysrc buildah bud --arch s390x --manifest myimage /tmp/mysrc ``` And something like this for buildah commit ``` build() { ctr=$(./bin/buildah from --arch $1 ubi8) ./bin/buildah run $ctr dnf install -y iputils ./bin/buildah commit --manifest ubi8ping $ctr } build arm build amd64 build s390x ``` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-30 20:16:24 +08:00
Require HTTPS and verification of certificates when talking to container registries (defaults to true). TLS verification cannot be used when talking to an insecure registry.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
Use --arch and --os and --variant options to select architecture and os Remove --override-os and --override-arch flags. Also use --platform option if specified when generating the SystemContext. Conflict --platform option with --os, --arch and --variant options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-23 05:12:38 +08:00
**--variant**=""
Set the architecture variant of the image to be pulled.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
## EXAMPLE
buildah pull imagename
buildah pull docker://myregistry.example.com/imagename
buildah pull docker-daemon:imagename:imagetag
buildah pull docker-archive:filename
buildah pull oci-archive:filename
buildah pull dir:directoryname
buildah pull --tls-verify=false myregistry/myrepository/imagename:imagetag
buildah pull --creds=myusername:mypassword --cert-dir ~/auth myregistry/myrepository/imagename:imagetag
buildah pull --authfile=/tmp/auths/myauths.json myregistry/myrepository/imagename:imagetag
Use --arch and --os and --variant options to select architecture and os Remove --override-os and --override-arch flags. Also use --platform option if specified when generating the SystemContext. Conflict --platform option with --os, --arch and --variant options. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2020-12-23 05:12:38 +08:00
buildah pull --arch=aarch64 myregistry/myrepository/imagename:imagetag
buildah pull --arch=arm --variant=v7 myregistry/myrepository/imagename:imagetag
pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES If $BUILD_REGISTRY_SOURCES is set, expect it to be a valid github.com/openshift/api/config/v1.Image, and parse its AllowedRegistries and BlockedRegistries lists when, pulling, committing, or pushing images. Override the local signature policy when committing or pushing an image to ensure that local storage is always allowed. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1787 Approved by: rhatdan
2019-08-13 12:23:28 +08:00
## ENVIRONMENT
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES If $BUILD_REGISTRY_SOURCES is set, expect it to be a valid github.com/openshift/api/config/v1.Image, and parse its AllowedRegistries and BlockedRegistries lists when, pulling, committing, or pushing images. Override the local signature policy when committing or pushing an image to ensure that local storage is always allowed. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1787 Approved by: rhatdan
2019-08-13 12:23:28 +08:00
**BUILD\_REGISTRY\_SOURCES**
BUILD\_REGISTRY\_SOURCES, if set, is treated as a JSON object which contains
lists of registry names under the keys `insecureRegistries`,
`blockedRegistries`, and `allowedRegistries`.
When pulling an image from a registry, if the name of the registry matches any
of the items in the `blockedRegistries` list, the image pull attempt is denied.
If there are registries in the `allowedRegistries` list, and the registry's
name is not in the list, the pull attempt is denied.
Set the TMPDIR for pulling/pushing image to $TMPDIR Or set it to /var/tmp if the user did not specify. Currently certain large workloads can not be handled because users are running out of space on pulls/ and pushes. Containers/image stores data temporarily in the file system. This allows the user to overide the location of the temporary storage. Also update containers/image to v5.0.1 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2019-12-18 00:01:52 +08:00
**TMPDIR**
The TMPDIR environment variable allows the user to specify where temporary files
are stored while pulling and pushing images. Defaults to '/var/tmp'.
pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES If $BUILD_REGISTRY_SOURCES is set, expect it to be a valid github.com/openshift/api/config/v1.Image, and parse its AllowedRegistries and BlockedRegistries lists when, pulling, committing, or pushing images. Override the local signature policy when committing or pushing an image to ensure that local storage is always allowed. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #1787 Approved by: rhatdan
2019-08-13 12:23:28 +08:00
## FILES
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
**registries.conf** (`/etc/containers/registries.conf`)
registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.
Hide from users command options that we don't want them to use. We really want users to use the registries.conf file specified by the administrator. We also don't want them overriding the signature-policy. Thes options are mainly their for CI/CD Systems, so they should be hidden from the user. Signed-off-by: Daniel J Walsh dwalsh@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1373 Approved by: TomSweeneyRedHat
2019-02-27 23:29:09 +08:00
**policy.json** (`/etc/containers/policy.json`)
Signature policy file. This defines the trust policy for container images. Controls which container registries can be used for image, and whether or not the tool should trust the images.
Create buildah pull command Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Closes: #889 Approved by: rhatdan
2018-07-28 05:51:37 +08:00
## SEE ALSO
[CI:DOCS] push/pull: clarify supported transports As pointed out in containers/podman/issues/10730, the man pages of buildah/podman push/pull were incomplete in explaining all supported transports. To keep things simple, explain the defaults, refer to containers-transports(5). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2021-06-23 16:35:06 +08:00
buildah(1), buildah-from(1), buildah-login(1), docker-login(1), containers-policy.json(5), containers-registries.conf(5), containers-transports(5)