Provided by: podman_3.4.4+ds1-1ubuntu1_amd64 bug


       podman-image-sign - Create a signature for an image


       podman image sign [options] image [image ...]


       podman  image  sign  will  create a local signature for one or more local images that have
       been pulled from a registry. The signature will be written to a directory derived from the
       registry  configuration  files  in  $HOME/.config/containers/registries.d  if  it  exists,
       otherwise  /etc/containers/registries.d   (unless   overridden   at   compile-time),   see
       containers-registries.d(5)  for  more  information.   By  default,  the  signature will be
       written        into        /var/lib/containers/sigstore        for        root         and
       $HOME/.local/share/containers/sigstore for non-root users


   --help, -h
       Print usage statement.

   --all, -a
       Sign all the manifests of the multi-architecture image (default false).

       Use  certificates  at  path  (*.crt,  *.cert, *.key) to connect to the registry. (Default:
       /etc/containers/certs.d) Please refer to containers-certs.d(5) for details.  (This  option
       is not available with the remote Podman client)

   --directory, -d=dir
       Store the signatures in the specified directory.  Default: /var/lib/containers/sigstore

       Override the default identity of the signature.


       Sign the busybox image with the identity of with a user's keyring and save the
       signature in /tmp/signatures/.

       sudo   podman   image   sign    --sign-by    --directory    /tmp/signatures


       The  write (and read) location for signatures is defined in YAML-based configuration files
       in /etc/containers/registries.d/ for root,  or  $HOME/.config/containers/registries.d  for
       non-root  users.   When  you  sign  an image, Podman will use those configuration files to
       determine where to write the signature based on the the name of the  originating  registry
       or  a  default  storage  value unless overridden with the --directory option. For example,
       consider the following configuration file.

           sigstore: file:///var/lib/containers/sigstore

       When signing an image preceded with the registry name  '',  the
       signature        will        be        written        into        sub-directories       of
       /var/lib/containers/sigstore/ The use of 'sigstore' also means
       the signature will be 'read' from that same location on a pull-related function.


       containers-certs.d(5), containers-registries.d(5)


       November 2018, Originally compiled by Qi Wang (qiwan at redhat dot com)