diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-05-12 09:02:30 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-12 09:02:30 -0700 |
commit | d6d94cfdd7104c036e7def993f22abb962c5762a (patch) | |
tree | 5682f1efd379a9107e92616413496b066cbaaa7f /cmd/podman | |
parent | 46cf421ed73315436aab4aba8ca47ba6a50339d3 (diff) | |
parent | fbd0fccf89f994a90fbc8d63e9c90942acdbc201 (diff) | |
download | podman-d6d94cfdd7104c036e7def993f22abb962c5762a.tar.gz podman-d6d94cfdd7104c036e7def993f22abb962c5762a.tar.bz2 podman-d6d94cfdd7104c036e7def993f22abb962c5762a.zip |
Merge pull request #6154 from baude/v2sign
v2podman image sign
Diffstat (limited to 'cmd/podman')
-rw-r--r-- | cmd/podman/images/sign.go | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/cmd/podman/images/sign.go b/cmd/podman/images/sign.go new file mode 100644 index 000000000..bd9cf2ea7 --- /dev/null +++ b/cmd/podman/images/sign.go @@ -0,0 +1,55 @@ +package images + +import ( + "os" + + "github.com/containers/libpod/cmd/podman/registry" + "github.com/containers/libpod/pkg/domain/entities" + "github.com/pkg/errors" + "github.com/spf13/cobra" +) + +var ( + signDescription = "Create a signature file that can be used later to verify the image." + signCommand = &cobra.Command{ + Use: "sign [flags] IMAGE [IMAGE...]", + Short: "Sign an image", + Long: signDescription, + RunE: sign, + Args: cobra.MinimumNArgs(1), + Example: `podman image sign --sign-by mykey imageID + podman image sign --sign-by mykey --directory ./mykeydir imageID`, + } +) + +var ( + signOptions entities.SignOptions +) + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: signCommand, + Parent: imageCmd, + }) + flags := signCommand.Flags() + flags.StringVarP(&signOptions.Directory, "directory", "d", "", "Define an alternate directory to store signatures") + flags.StringVar(&signOptions.SignBy, "sign-by", "", "Name of the signing key") + flags.StringVar(&signOptions.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") +} + +func sign(cmd *cobra.Command, args []string) error { + if signOptions.SignBy == "" { + return errors.Errorf("please provide an identity") + } + + var sigStoreDir string + if len(signOptions.Directory) > 0 { + sigStoreDir = signOptions.Directory + if _, err := os.Stat(sigStoreDir); err != nil { + return errors.Wrapf(err, "invalid directory %s", sigStoreDir) + } + } + _, err := registry.ImageEngine().Sign(registry.Context(), args, signOptions) + return err +} |