summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2021-09-23 13:35:57 +0200
committerValentin Rothberg <rothberg@redhat.com>2021-09-23 13:50:49 +0200
commit01bf8a66872df7dc6f93b7156371fa8fce3d84df (patch)
tree335df18349c3c95c8f227eb5e89e7f90cb38c776
parentb0d1c0fe22da27c88a0e5de11de08d63ef861347 (diff)
downloadpodman-01bf8a66872df7dc6f93b7156371fa8fce3d84df.tar.gz
podman-01bf8a66872df7dc6f93b7156371fa8fce3d84df.tar.bz2
podman-01bf8a66872df7dc6f93b7156371fa8fce3d84df.zip
podman save: enforce signature removal
Enforce the removal of signatures in `podman save` to restore behavior prior to the migration to libimage. We may consider improving on that in the future. For details, please refer to the excellent summary by @mtrmac [1]. [NO TESTS NEEDED] - manually verified but exisiting tests need some further investigation (see [1]). [1] https://github.com/containers/podman/pull/11669#issuecomment-925250264 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
-rw-r--r--pkg/api/handlers/libpod/images.go1
-rw-r--r--pkg/domain/entities/images.go2
-rw-r--r--pkg/domain/infra/abi/images.go5
3 files changed, 4 insertions, 4 deletions
diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go
index 51157d204..0023479ea 100644
--- a/pkg/api/handlers/libpod/images.go
+++ b/pkg/api/handlers/libpod/images.go
@@ -359,7 +359,6 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
MultiImageArchive: len(query.References) > 1,
OciAcceptUncompressedLayers: query.OciAcceptUncompressedLayers,
Output: output,
- RemoveSignatures: true,
}
imageEngine := abi.ImageEngine{Libpod: runtime}
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index edd23e662..80d570764 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -305,8 +305,6 @@ type ImageSaveOptions struct {
OciAcceptUncompressedLayers bool
// Output - write image to the specified path.
Output string
- // Do not save the signature from the source image
- RemoveSignatures bool
// Quiet - suppress output when copying images
Quiet bool
}
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 705ad7768..98d668434 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -368,7 +368,10 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
saveOptions := &libimage.SaveOptions{}
saveOptions.DirForceCompress = options.Compress
saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
- saveOptions.RemoveSignatures = options.RemoveSignatures
+
+ // Force signature removal to preserve backwards compat.
+ // See https://github.com/containers/podman/pull/11669#issuecomment-925250264
+ saveOptions.RemoveSignatures = true
if !options.Quiet {
saveOptions.Writer = os.Stderr