The nf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands. usr/share/containers/nf and optionally /etc/containers/nf # in order, and use the first one that exists. example-mirror-1.local/mirrors/foo/image:latest example-mirror-0.local/mirror-for-foo/image:latest # Given the above, a pull of /foo/image:latest will try: # location = "example-mirror-1.local/mirrors/foo" # location = "example-mirror-0.local/mirror-for-foo" # as if specified in the ] TOML table directly:
# Each TOML table in the "mirror" array can contain the following fields, with the same semantics # user-specified reference, is tried last). # the primary location specified by the "registry.location" field, or using the unmodified # contacted and contains the image will be used (and if none of the mirrors contains the image, # The mirrors are attempted in the specified order the first one that can be # (Possibly-partial) mirrors for the "prefix"-rooted namespace. # requests for the image /foo/myimage:latest will actually work with the # and the ] TOML table can only specify "location"). # By default, this equal to "prefix" (in which case "prefix" can be omitted # The physical location of the "prefix"-rooted namespace. # If true, pulling images with matching names is forbidden. # If true, unencrypted HTTP as well as TLS connections with untrusted # If the prefix field is missing, it defaults to be the same as the "location" field. # (taking into account namespace/repo/tag/digest separators) is used. # (only) the TOML table with the longest match for the input image name # The "prefix" field is used to choose the relevant ] TOML table # An array of host registries to try when pulling an unqualified image, in order. # of these registries, it should be added at the end of the list. # spoofed, squatted or otherwise made insecure. # trusted (i.e., registries which don't allow unknown or anonymous users to We recommend only adding registries which are completely # would accidentally pull and run the attacker's image and code rather than the # different `foobar` image at a registry earlier in the search list. # is not first in the search list, an attacker could place a
# `foobar` from a registry and expects it to come from. For example, a user wants to pull an image named # When using short names, there is always an inherent risk that the image being # further eliminates the ambiguity of tags. # server (full dns name), namespace, image name, and tag # We recommend always using fully qualified image names including the registry # NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES # For more information on this configuration file, see nf(5). | sudo tee /etc/apt//devel:kubic:libcontainers:unstable.list > /dev/null | sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/nullĮcho \ "deb \
0 kommentar(er)
