Merge branch 'docker:main' into patch-3

Author: kristentr

content/get-started/docker-concepts/the-basics/what-is-an-image.md

@@ -32,9 +32,9 @@ These two principles let you to extend or add to existing images. For example, i
 
 Docker Hub provides a variety of Docker-supported and endorsed images known as Docker Trusted Content. These provide fully managed services or great starters for your own images. These include:
 
-- [Docker Official Images](https://hub.docker.com/search?q=&type=image&image_filter=official) - a curated set of Docker repositories, serve as the starting point for the majority of users, and are some of the most secure on Docker Hub
-- [Docker Verified Publishers](https://hub.docker.com/search?q=&image_filter=store) - high-quality images from commercial publishers verified by Docker
-- [Docker-Sponsored Open Source](https://hub.docker.com/search?q=&image_filter=open_source) - images published and maintained by open-source projects sponsored by Docker through Docker's open source program
+- [Docker Official Images](https://hub.docker.com/search?badges=official) - a curated set of Docker repositories, serve as the starting point for the majority of users, and are some of the most secure on Docker Hub
+- [Docker Verified Publishers](https://hub.docker.com/search?badges=verified_publisher) - high-quality images from commercial publishers verified by Docker
+- [Docker-Sponsored Open Source](https://hub.docker.com/search?badges=open_source) - images published and maintained by open-source projects sponsored by Docker through Docker's open source program
 
 For example, [Redis](https://hub.docker.com/_/redis) and [Memcached](https://hub.docker.com/_/memcached) are a few popular ready-to-go Docker Official Images. You can download these images and have these services up and running in a matter of seconds. There are also base images, like the [Node.js](https://hub.docker.com/_/node) Docker image, that you can use as a starting point and add your own files and configurations.
 

content/get-started/introduction/build-and-push-first-image.md

@@ -40,7 +40,7 @@ In [Develop with containers](develop-with-containers.md), you used the following
 - [phpmyadmin](https://hub.docker.com/_/phpmyadmin) - provides phpMyAdmin, a web-based interface to the MySQL database
 - [traefik](https://hub.docker.com/_/traefik) - provides Traefik, a modern HTTP reverse proxy and load balancer that routes requests to the appropriate container based on routing rules
 
-Explore the full catalog of [Docker Official Images](https://hub.docker.com/search?image_filter=official&q=), [Docker Verified Publishers](https://hub.docker.com/search?q=&image_filter=store), and [Docker Sponsored Open Source Software](https://hub.docker.com/search?q=&image_filter=open_source) images to see more of what there is to run and build on.
+Explore the full catalog of [Docker Official Images](https://hub.docker.com/search?badges=official), [Docker Verified Publishers](https://hub.docker.com/search?badges=verified_publisher), and [Docker Sponsored Open Source Software](https://hub.docker.com/search?badges=open_source) images to see more of what there is to run and build on.
 
 ## Try it out
 

content/manuals/build/building/best-practices.md

@@ -45,17 +45,17 @@ The first step towards achieving a secure image is to choose the right base
 image. When choosing an image, ensure it's built from a trusted source and keep
 it small.
 
-- [Docker Official Images](https://hub.docker.com/search?image_filter=official)
+- [Docker Official Images](https://hub.docker.com/search?badges=official)
   are a curated collection that have clear documentation, promote best
   practices, and are regularly updated. They provide a trusted starting point
   for many applications.
 
-- [Verified Publisher](https://hub.docker.com/search?image_filter=store) images
+- [Verified Publisher](https://hub.docker.com/search?badges=verified_publisher) images
   are high-quality images published and maintained by the organizations
   partnering with Docker, with Docker verifying the authenticity of the content
   in their repositories.
 
-- [Docker-Sponsored Open Source](https://hub.docker.com/search?image_filter=open_source)
+- [Docker-Sponsored Open Source](https://hub.docker.com/search?badges=open_source)
   are published and maintained by open source projects sponsored by Docker
   through an [open source program](../../docker-hub/image-library/trusted-content.md#docker-sponsored-open-source-software-images).
 

content/manuals/build/concepts/dockerfile.md

@@ -148,7 +148,7 @@ use this notation to name your images. There are many public images you can
 leverage in your projects, by importing them into your build steps using the
 Dockerfile `FROM` instruction.
 
-[Docker Hub](https://hub.docker.com/search?image_filter=official&q=&type=image)
+[Docker Hub](https://hub.docker.com/search?badges=official)
 contains a large set of official images that you can use for this purpose.
 
 ### Environment setup

content/manuals/docker-hub/release-notes.md

@@ -47,13 +47,13 @@ known issues for each Docker Hub release.
 
 ## 2023-08-28
 
-- Organizations with SSO enabled can assign members to roles, organizations, and teams with [SCIM role mapping](scim.md#set-up-role-mapping). 
+- Organizations with SSO enabled can assign members to roles, organizations, and teams with [SCIM role mapping](scim.md#set-up-role-mapping).
 
 ## 2023-07-26
 
 ### New
 
-- Organizations can assign the [editor role](roles-and-permissions.md) to members to grant additional permissions without full administrative access.
+- Organizations can assign the [editor role](/manuals/enterprise/security/roles-and-permissions/_index.md) to members to grant additional permissions without full administrative access.
 
 ## 2023-05-09
 

content/manuals/docker-hub/repos/manage/trusted-content/dsos-program.md

@@ -7,7 +7,7 @@ aliases:
   - /trusted-content/dsos-program/
 ---
 
-[Docker-Sponsored Open Source images](https://hub.docker.com/search?q=&image_filter=open_source) are published and maintained by open-source projects sponsored by Docker through the program.
+[Docker-Sponsored Open Source images](https://hub.docker.com/search?badges=open_source) are published and maintained by open-source projects sponsored by Docker through the program.
 
 Images that are part of this program have a special badge on Docker Hub making it easier for users to identify projects that Docker has verified as trusted, secure, and active open-source projects.
 

content/manuals/docker-hub/repos/manage/trusted-content/dvp-program.md

@@ -18,7 +18,7 @@ toc_max: 2
 ---
 
 [The Docker Verified Publisher
-Program](https://hub.docker.com/search?q=&image_filter=store) provides
+Program](https://hub.docker.com/search?badges=verified_publisher) provides
 high-quality images from commercial publishers verified by Docker.
 
 These images help development teams build secure software supply chains,

content/manuals/engine/install/debian.md

@@ -116,10 +116,14 @@ Docker from the repository.
    sudo chmod a+r /etc/apt/keyrings/docker.asc
 
    # Add the repository to Apt sources:
-   echo \
-     "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] {{% param "download-url-base" %}} \
-     $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
-     sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+   sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
+   Types: deb
+   URIs: {{% param "download-url-base" %}}
+   Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
+   Components: stable
+   Signed-By: /etc/apt/keyrings/docker.asc
+   EOF
+
    sudo apt-get update
    ```
 

content/manuals/enterprise/security/roles-and-permissions/_index.md

@@ -0,0 +1,74 @@
+---
+title: Roles and permissions
+linkTitle: Roles and permissions
+description: Control access to content, registry, and organization management with Docker's role system
+keywords: roles, permissions, custom roles, core roles, access control, organization management, docker hub, admin console, security
+tags: [admin]
+aliases:
+  - /admin/organization/roles/
+  - /security/for-admins/roles-and-permissions/
+grid:
+  - title: "Core roles"
+    description: Learn about Docker's built-in Member, Editor, and Owner roles with predefined permissions.
+    icon: "admin_panel_settings"
+    link: /enterprise/security/roles-and-permissions/core-roles/
+  - title: "Custom roles"
+    description: Create tailored permission sets that match your organization's specific needs.
+    icon: "tune"
+    link: /enterprise/security/roles-and-permissions/custom-roles/
+weight: 40
+---
+
+{{< summary-bar feature_name="General admin" >}}
+
+Roles control what users can do in your Docker organization. When you invite users or create teams, you assign them roles that determine their permissions for repositories, teams, and organization settings.
+
+Docker provides two types of roles to meet different organizational needs:
+
+- [Core roles](/manuals/enterprise/security/roles-and-permissions/core-roles.md) with predefined permissions
+- [Custom roles](/manuals/enterprise/security/roles-and-permissions/custom-roles.md) that you can tailor to your specific requirements
+
+## Docker roles
+
+### Core roles
+
+Core roles are Docker's built-in roles with predefined permission sets:
+
+- **Member**: Non-administrative role with basic access. Members can view other organization members and pull images from repositories they have access to.
+- **Editor**: Partial administrative access. Editors can create, edit, and delete repositories, and manage team permissions for repositories.
+- **Owner**: Full administrative access. Owners can manage all organization settings, including repositories, teams, members, billing, and security features.
+
+### Custom roles
+
+Custom roles allow you to create tailored permission sets by selecting specific permissions from categories like user management, team management, billing, and Hub permissions. Use custom roles when Docker's core roles don't fit your needs.
+
+## When to use each role
+
+Use core roles when:
+
+- Docker's predefined permission sets match your organizational structure
+- You want simple, straightforward role assignments
+- You're getting started with Docker organization management
+- Your access control needs are standard and don't require fine-grained permissions
+
+Use custom roles when:
+
+- You need specific permission combinations not available in core roles
+- You want to create specialized roles like billing administrators, security auditors, or repository managers
+- You need department-specific access control
+- You want to implement the principle of least privilege with precise permission grants
+
+## How roles work together
+
+Users and teams can be assigned either a core role or a custom role, but not both. However, roles work in combination with team permissions:
+
+1. **Role permissions**: Applied organization-wide (core or custom role). Custom roles can grant permissions to both organization-wide settings and repository access.
+2. **Team permissions**: Additional repository-specific permissions when users are added to teams. This is a separate permission system from role-based permissions.
+
+This layered approach gives you flexibility to provide broad organizational access through roles and specific repository access through team memberships.
+
+## Next steps
+
+Choose the role type that best fits your organization's needs:
+
+{{< grid >}}