From 5890231a47c765618f5fba5f707788c46cd100c9 Mon Sep 17 00:00:00 2001
From: Ina Panova <ipanova@redhat.com>
Date: Tue, 22 Oct 2024 21:56:11 +0200
Subject: [PATCH] Adjust docs mentioning auth.d directory with drop-in files.

Signed-off-by: Ina Panova <ipanova@redhat.com>
---
 docs/containers-auth.json.5.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docs/containers-auth.json.5.md b/docs/containers-auth.json.5.md
index 3eecc71a7..e4f292021 100644
--- a/docs/containers-auth.json.5.md
+++ b/docs/containers-auth.json.5.md
@@ -5,22 +5,24 @@ containers-auth.json - syntax for the registry authentication file
 
 # DESCRIPTION
 
-A credentials file in JSON format used to authenticate against container image registries.
+A file in JSON format controlling authentication against container image registries.
 The primary (read/write) per-user file is stored at `${XDG_RUNTIME_DIR}/containers/auth.json` on Linux;
 on Windows and macOS, at `$HOME/.config/containers/auth.json`.
 
-There is also a system-global `/etc/containers/auth.json` path.  When the current process is executing inside systemd as root, this path will be preferred.
+There is also a system-global `/etc/containers/auth.json` path and `/etc/containers/auth.d/` directory with drop-in per-repo files.
+When the current process is executing inside systemd as root, these paths will be preferred.
+Drop-ins always have higher precedence than the configuration file they refer to. Drop-ins are sorted in the lexicographic order. The drop-ins that are later in this order have higher precedence.
 
 When running as a user and searching for the credential for a registry, the following files will be read in sequence until the valid credential is found:
 first reading the primary (read/write) file, or the explicit override using an option of the calling application.
 If credentials are not present there,
 the search continues in `${XDG_CONFIG_HOME}/containers/auth.json` (usually `~/.config/containers/auth.json`), `$HOME/.docker/config.json`, `$HOME/.dockercfg`.
 
-If the current process is not running in systemd, but is running as root, the system-global `/etc/containers/auth.json` path will be read last.
+If the current process is not running in systemd, but is running as root, the system-global `/etc/containers/auth.json` path  and `/etc/containers/auth.d/` directory will be read last.
 
-Except the primary (read/write) file, other files are read-only, unless the user use an option of the calling application explicitly points at it as an override.
+Except for the primary (read/write) file, other files are read-only unless the user, using an option of the calling application, explicitly points at it as an override.
 
-Note that the `/etc/containers/auth.json` file must not be readable by group or world (i.e. mode `044`), or a fatal error will occur.
+Note that the `/etc/containers/auth.json` file and drop-in files from `/etc/containers/auth.d/` directory must not be readable by group or world (i.e. mode `044`), or a fatal error will occur.
 
 ## FORMAT