diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-01-09 13:23:01 -0500 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-01-09 15:19:46 -0500 |
commit | 55583bdfa684d9c10ee5b9f2d88c24101a12ef17 (patch) | |
tree | 80b7e8cd9ee4c57a076a528ebc1ec2b49432a60a | |
parent | c37f73159609b203545ca6fe54c86b9deacfca21 (diff) | |
download | podman-55583bdfa684d9c10ee5b9f2d88c24101a12ef17.tar.gz podman-55583bdfa684d9c10ee5b9f2d88c24101a12ef17.tar.bz2 podman-55583bdfa684d9c10ee5b9f2d88c24101a12ef17.zip |
Fix up image sign and trust
Add completions
Fix man pages
fix code in sign to answer PR Comments.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r-- | cmd/podman/sign.go | 6 | ||||
-rw-r--r-- | completions/bash/podman | 107 | ||||
-rw-r--r-- | docs/podman-image-sign.1.md | 12 |
3 files changed, 116 insertions, 9 deletions
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go index 790b6031d..aa3e0cab7 100644 --- a/cmd/podman/sign.go +++ b/cmd/podman/sign.go @@ -1,10 +1,10 @@ package main import ( - "fmt" "io/ioutil" "net/url" "os" + "path/filepath" "strconv" "strings" @@ -138,7 +138,7 @@ func signCmd(c *cli.Context) error { return errors.Wrapf(err, "error creating new signature") } - sigStoreDir = fmt.Sprintf("%s/%s", sigStoreDir, strings.Replace(repos[0][strings.Index(repos[0], "/")+1:len(repos[0])], ":", "=", 1)) + sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(repos[0][strings.Index(repos[0], "/")+1:len(repos[0])], ":", "=", 1)) if err := os.MkdirAll(sigStoreDir, 0751); err != nil { // The directory is allowed to exist if !os.IsExist(err) { @@ -151,7 +151,7 @@ func signCmd(c *cli.Context) error { logrus.Errorf("error creating sigstore file: %v", err) continue } - err = ioutil.WriteFile(sigStoreDir+"/"+sigFilename, newSig, 0644) + err = ioutil.WriteFile(filepath.Join(sigStoreDir, sigFilename), newSig, 0644) if err != nil { logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String()) continue diff --git a/completions/bash/podman b/completions/bash/podman index e23615d52..6333dfdf2 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -32,6 +32,9 @@ __podman_containers() { __podman_q ps --format "$format" "$@" } +__podman_list_registries() { + sed -n -e '/registries.*=/ {s/.*\[\([^]]*\).*/\1/p;q}' /etc/containers/registries.conf | sed -e "s/[,']//g" +} # __podman_pods returns a list of pods. Additional options to # `podman pod ps` may be specified in order to filter the list, e.g. @@ -365,6 +368,7 @@ __podman_subcommands() { local subcommands="$1" local counter=$(($command_pos + 1)) + while [ $counter -lt $cword ]; do case "${words[$counter]}" in $(__podman_to_extglob "$subcommands") ) @@ -1296,7 +1300,9 @@ _podman_image() { push rm save + sign tag + trust " local aliases=" list @@ -2356,6 +2362,92 @@ _podman_container_runlabel() { esac } +_podman_image_sign() { + local options_with_args=" + -d + --directory + --sign-by + " + local boolean_options=" + --help + -h + " + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images + ;; + esac +} + +_podman_image_trust_set() { + echo hello + local options_with_args=" + -f + --type + --pubkeysfile + " + local boolean_options=" + --help + -h + " + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + COMPREPLY=($(compgen -W "default $( __podman_list_registries )" -- "$cur")) + ;; + esac +} + +_podman_image_trust_show() { + local options_with_args=" + " + local boolean_options=" + --help + -h + -j + --json + --raw + " + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images + ;; + esac +} + +_podman_image_trust() { + local boolean_options=" + --help + -h + " + subcommands=" + set + show + " + local aliases=" + list + " + command=image_trust + __podman_subcommands "$subcommands $aliases" && return + + case "$cur" in + -*) + COMPREPLY=( $( compgen -W "--help" -- "$cur" ) ) + ;; + *) + COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) ) + ;; + esac +} + _podman_images_prune() { local options_with_args=" " @@ -2364,6 +2456,11 @@ _podman_images_prune() { -h --help " + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + esac } _podman_container_prune() { @@ -2382,6 +2479,15 @@ _podman_container_exists() { local boolean_options=" " + case "$cur" in + -*) + COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur")) + ;; + *) + __podman_complete_images + ;; + esac + } _podman_pod_exists() { @@ -2813,6 +2919,7 @@ _podman_podman() { export generate history + image images import info diff --git a/docs/podman-image-sign.1.md b/docs/podman-image-sign.1.md index c4f3c6676..232bc87fe 100644 --- a/docs/podman-image-sign.1.md +++ b/docs/podman-image-sign.1.md @@ -5,8 +5,8 @@ podman-image-sign- Create a signature for an image # SYNOPSIS **podman image sign** -[**-h**|**--help**] -[**-d**, **--directory**] +[**--help**|**-h**] +[**--directory**|**-d**] [**--sign-by**] [ IMAGE... ] @@ -16,10 +16,10 @@ been pulled from a registry. The signature will be written to a directory derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory. # OPTIONS -**-h** **--help** +**--help** **-h** Print usage statement. -**-d** **--directory** +**--directory** **-d** Store the signatures in the specified directory. Default: /var/lib/containers/sigstore **--sign-by** @@ -28,7 +28,7 @@ derived from the registry configuration files in /etc/containers/registries.d. B # EXAMPLES Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/. - sudo podman image sign --sign-by foo@bar.com -d /tmp/signatures transport://privateregistry.example.com/foobar + sudo podman image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar # RELATED CONFIGURATION @@ -36,7 +36,7 @@ The write (and read) location for signatures is defined in YAML-based configuration files in /etc/containers/registries.d/. When you sign an image, podman will use those configuration files to determine where to write the signature based on the the name of the originating -registry or a default storage value unless overriden with the -d +registry or a default storage value unless overriden with the --directory option. For example, consider the following configuration file. docker: |