Le lun. 12 mai 2025 à 18:09, Enrico Zini <enr...@enricozini.org> a écrit :
> Hello, > > I would like to try out podman in Debian, but I would like it to be > configured to only use officially built Debian images[1]. > > By default podman in Debian will not access remote repositories. > > Following the podman page in the Debian wiki[2], I set up `docker.io` as > a registry, so it can find the images: > > mkdir -p ~/.config/containers > echo 'unqualified-search-registries=["docker.io"]' > > ~/.config/containers/registries.conf > > Now the question is, how do I configure podman to only download trusted > images? > I know it's not what you ask, but I had the same concern, and it ended up like this: mmdebstrap bookworm bookworm.tar podman import bookworm.tar bookworm podman run -it bookworm:latest /bin/bash voilà ! > I have a thing that I don't want to accidentally run untrusted random > stuff from the internet: it's great that Debian provides official podman > images, and I would like to tell podman to not download anything else > that I do not trust. > > I'm used to apt having a trusted keyring it uses to validate downloaded > packages, and I like it. It seems like podman can do something like > that, but I'm failing to find the runes to configure it that way. > > Can anyone help me on the way there? In exchange, if it works I'll turn > my experience into an HOWTO others can use. > > > Thanks, > > Enrico > > [1] https://hub.docker.com/_/debian/ > [2] https://wiki.debian.org/Podman > -- > GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini < > enr...@enricozini.org> >
