1、docker trust signer remove 简介
docker trust signer remove 命令用于从存储库中移除指定的签署者。
参考文档:https://docs.docker.com/engine/reference/commandline/trust_signer_remove/
2、docker trust signer remove 语法
docker trust signer remove [OPTIONS] NAME REPOSITORY [REPOSITORY...]
3、docker trust signer remove 命令
1)从仓库中移除签名者
要从这个存储库中删除现有的签名者alice:
docker trust inspect --pretty example/trust-demo No signatures for example/trust-demo List of signers and their keys: SIGNER KEYS alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
使用docker trust signer删除alice:
docker trust signer remove alice example/trust-demo Removing signer "alice" from image example/trust-demo... Enter passphrase for repository key with ID 642692c: Successfully removed alice from example/trust-demo
Docker trust inspect --pretty现在没有将Alice列为有效签名者:
docker trust inspect --pretty example/trust-demo No signatures for example/trust-demo List of signers and their keys: SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo: Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
2)从多个存储库中删除签名者
从多个存储库中删除现有的签名者alice:
docker trust inspect --pretty example/trust-demo SIGNED TAG DIGEST SIGNERS v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 alice, bob List of signers and their keys: SIGNER KEYS alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo: Repository Key: 95b9e5514c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
docker trust inspect --pretty example/trust-demo2 SIGNED TAG DIGEST SIGNERS v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 alice, bob List of signers and their keys: SIGNER KEYS alice 05e87edcaecb bob 5600f5ab76a2 Administrative keys for example/trust-demo2: Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
使用docker trust signer Remove命令将alice从两个镜像中删除:
docker trust signer remove alice example/trust-demo example/trust-demo2 Removing signer "alice" from image example/trust-demo... Enter passphrase for repository key with ID 95b9e55: Successfully removed alice from example/trust-demo Removing signer "alice" from image example/trust-demo2... Enter passphrase for repository key with ID ece554f: Successfully removed alice from example/trust-demo2
运行docker trust inspect --pretty确认alice不再被列为example/trust-demo或example/trust-demo2的有效签名者:
docker trust inspect --pretty example/trust-demo SIGNED TAG DIGEST SIGNERS v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob List of signers and their keys: SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo: Repository Key: ecc457614c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4555b3c6ab02f71e Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
docker trust inspect --pretty example/trust-demo2 SIGNED TAG DIGEST SIGNERS v1 74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 bob List of signers and their keys: SIGNER KEYS bob 5600f5ab76a2 Administrative keys for example/trust-demo2: Repository Key: ece554f14c9fc399da523a5f4e24fe306a0a6ee1cc79a10e4553d2ab20a8d9268 Root Key: 3cb2228f6561e58f46dbc4cda4fcaff9d5ef22e865a94636f82450d1d2234949
Docker trust signer remove会尽最大努力将签名者删除到仓库中,因此如果一次尝试失败,它会继续从后续的仓库中删除签名者:
docker trust signer remove alice example/unauthorized example/authorized Removing signer "alice" from image example/unauthorized... No signer alice for image example/unauthorized Removing signer "alice" from image example/authorized... Enter passphrase for repository key with ID c6772a0: Successfully removed alice from example/authorized Error removing signer from: example/unauthorized
4、命令选项
选项 | 描述 |
--force , -f | 在删除最近的签名者之前不提示确认 |
5、相关命令
命令 | 描述 |
docker trust inspect | 返回有关密钥和签名的低级信息 |
docker trust key | 管理用于签名 Docker 镜像的密钥 |
docker trust revoke | 取消对镜像的信任 |
docker trust sign | 对镜像进行签名 |
docker trust signer | 管理可以对 Docker 镜像进行签名的实体 |