diff options
author | Qi Wang <qiwan@redhat.com> | 2019-09-11 16:27:28 -0400 |
---|---|---|
committer | Qi Wang <qiwan@redhat.com> | 2019-09-11 16:27:42 -0400 |
commit | 569c2e523dcddd3a0c3a3dc1b92632a07d2eda51 (patch) | |
tree | fc9f80c7d3454dfa04edc1b20f8d4244f5a62986 | |
parent | 79ebb5f254d6f3498500f823cf1b856fed2e6149 (diff) | |
download | podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.gz podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.bz2 podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.zip |
fix podman sign signature store for rootless
Store the the signature under graphroot when using rootless podman image sign.
Signed-off-by: Qi Wang <qiwan@redhat.com>
-rw-r--r-- | cmd/podman/sign.go | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go index 63ba9b904..79bc3f02b 100644 --- a/cmd/podman/sign.go +++ b/cmd/podman/sign.go @@ -14,6 +14,7 @@ import ( "github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/libpod/image" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/trust" "github.com/containers/libpod/pkg/util" "github.com/pkg/errors" @@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error { return errors.Wrapf(err, "error pulling image %s", signimage) } - registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) - if registryInfo != nil { + if rootless.IsRootless() { if sigStoreDir == "" { - sigStoreDir = registryInfo.SigStoreStaging + runtimeConfig, err := runtime.GetConfig() + if err != nil { + return err + } + + sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore") + } + } else { + registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) + if registryInfo != nil { if sigStoreDir == "" { - sigStoreDir = registryInfo.SigStore + sigStoreDir = registryInfo.SigStoreStaging + if sigStoreDir == "" { + sigStoreDir = registryInfo.SigStore + } + } + sigStoreDir, err = isValidSigStoreDir(sigStoreDir) + if err != nil { + return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir) } } - sigStoreDir, err = isValidSigStoreDir(sigStoreDir) - if err != nil { - return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir) + if sigStoreDir == "" { + sigStoreDir = SignatureStoreDir } } - if sigStoreDir == "" { - sigStoreDir = SignatureStoreDir - } repos, err := newImage.RepoDigests() if err != nil { |