summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorQi Wang <qiwan@redhat.com>2019-09-11 16:27:28 -0400
committerQi Wang <qiwan@redhat.com>2019-09-11 16:27:42 -0400
commit569c2e523dcddd3a0c3a3dc1b92632a07d2eda51 (patch)
treefc9f80c7d3454dfa04edc1b20f8d4244f5a62986 /cmd/podman
parent79ebb5f254d6f3498500f823cf1b856fed2e6149 (diff)
downloadpodman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.gz
podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.bz2
podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.zip
fix podman sign signature store for rootless
Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/sign.go32
1 files changed, 22 insertions, 10 deletions
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index 63ba9b904..79bc3f02b 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod/image"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/trust"
"github.com/containers/libpod/pkg/util"
"github.com/pkg/errors"
@@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error {
return errors.Wrapf(err, "error pulling image %s", signimage)
}
- registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
- if registryInfo != nil {
+ if rootless.IsRootless() {
if sigStoreDir == "" {
- sigStoreDir = registryInfo.SigStoreStaging
+ runtimeConfig, err := runtime.GetConfig()
+ if err != nil {
+ return err
+ }
+
+ sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore")
+ }
+ } else {
+ registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
+ if registryInfo != nil {
if sigStoreDir == "" {
- sigStoreDir = registryInfo.SigStore
+ sigStoreDir = registryInfo.SigStoreStaging
+ if sigStoreDir == "" {
+ sigStoreDir = registryInfo.SigStore
+ }
+ }
+ sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
+ if err != nil {
+ return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
}
}
- sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
- if err != nil {
- return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
+ if sigStoreDir == "" {
+ sigStoreDir = SignatureStoreDir
}
}
- if sigStoreDir == "" {
- sigStoreDir = SignatureStoreDir
- }
repos, err := newImage.RepoDigests()
if err != nil {