Delete imagesEstimated reading time: 2 minutes
To delete an image, go to the DTR web UI, and navigate to the image repository you want to delete. In the Tags tab, select all the image tags you want to delete, and click the Delete button.
You can also delete all image versions, by deleting the repository. For that, in the image repository, navigate to the Settings tab, and click the Delete button.
Delete signed images
DTR only allows deleting images if that image hasn’t been signed. You first need to delete all the trust data associated with the image. Then you’ll be able to delete it.
There are three steps to delete a signed image:
- Find which roles signed the image.
- Remove the trust data for each role.
- The image is now unsigned, so you can delete it.
Find which roles signed an image
To find which roles signed an image, you first need to learn which roles are trusted to sign the image.
Set up your Notary client, and run:
notary delegation list dtr.example.org/library/wordpress
In this example, the repository owner delegated trust to the
ROLE PATHS KEY IDS THRESHOLD ---- ----- ------- --------- targets/releases "" <all paths> c3470c45cefde5447cf215d8b05832b0d0aceb6846dfa051db249d5a32ea9bc8 1 targets/qa "" <all paths> c3470c45cefde5447cf215d8b05832b0d0aceb6846dfa051db249d5a32ea9bc8 1
Now that you know which roles are allowed to sign images in this repository, you can learn which roles actually signed it:
# Check if the image was signed by the "targets" role notary list dtr.example.org/library/wordpress # Check if the image was signed by a specific role notary list dtr.example.org/library/wordpress --roles <role-name>
In this example the image was signed by three roles:
Remove trust data for a role
Once you know which roles signed an image, you’ll be able to remove trust data for those roles. Only users with private keys that have the roles are able to do this operation.
For each role that signed the image, run:
notary remove dtr.example.org/library/wordpress <tag> \ --roles <role-name> --publish
Once you’ve removed trust data for all roles, DTR shows the image as unsigned. Then you can delete it.