summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2019-09-12 22:23:29 +0200
committerGitHub <noreply@github.com>2019-09-12 22:23:29 +0200
commit3acfc3b7df593aaf4838b0eb4e8f24e9e54d998c (patch)
tree9f8e6e59e8dc30695e3131645f87c92350d7c4fd
parent42332a3ea268399fa2bf192d100db808ca4efcf8 (diff)
parent569c2e523dcddd3a0c3a3dc1b92632a07d2eda51 (diff)
downloadpodman-3acfc3b7df593aaf4838b0eb4e8f24e9e54d998c.tar.gz
podman-3acfc3b7df593aaf4838b0eb4e8f24e9e54d998c.tar.bz2
podman-3acfc3b7df593aaf4838b0eb4e8f24e9e54d998c.zip
Merge pull request #3997 from QiWang19/sigpath
fix podman sign signature store for rootless
-rw-r--r--cmd/podman/sign.go32
1 files changed, 22 insertions, 10 deletions
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index 63ba9b904..79bc3f02b 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod/image"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/trust"
"github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
@@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error {
return errors.Wrapf(err, "error pulling image %s", signimage)
}
- registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
- if registryInfo != nil {
+ if rootless.IsRootless() {
if sigStoreDir == "" {
- sigStoreDir = registryInfo.SigStoreStaging
+ runtimeConfig, err := runtime.GetConfig()
+ if err != nil {
+ return err
+ }
+
+ sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore")
+ }
+ } else {
+ registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
+ if registryInfo != nil {
if sigStoreDir == "" {
- sigStoreDir = registryInfo.SigStore
+ sigStoreDir = registryInfo.SigStoreStaging
+ if sigStoreDir == "" {
+ sigStoreDir = registryInfo.SigStore
+ }
+ }
+ sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
+ if err != nil {
+ return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
}
}
- sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
- if err != nil {
- return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
+ if sigStoreDir == "" {
+ sigStoreDir = SignatureStoreDir
}
}
- if sigStoreDir == "" {
- sigStoreDir = SignatureStoreDir
- }
repos, err := newImage.RepoDigests()
if err != nil {