fix podman sign signature store for rootless

Store the the signature under graphroot when using rootless podman image sign. Signed-off-by: Qi Wang <qiwan@redhat.com>
author: Qi Wang <qiwan@redhat.com> 2019-09-11 16:27:28 -0400
committer: Qi Wang <qiwan@redhat.com> 2019-09-11 16:27:42 -0400
commit: 569c2e523dcddd3a0c3a3dc1b92632a07d2eda51 (patch)
tree: fc9f80c7d3454dfa04edc1b20f8d4244f5a62986 /cmd/podman
parent: 79ebb5f254d6f3498500f823cf1b856fed2e6149 (diff)
download: podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.gz
podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.bz2
podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.zip
1 files changed, 22 insertions, 10 deletions
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index 63ba9b904..79bc3f02b 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -14,6 +14,7 @@ import (
 	"github.com/containers/libpod/cmd/podman/cliconfig"
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/libpod/image"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/containers/libpod/pkg/trust"
 	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
@@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error {
 			return errors.Wrapf(err, "error pulling image %s", signimage)
 		}
 
-		registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
-		if registryInfo != nil {
+		if rootless.IsRootless() {
 			if sigStoreDir == "" {
-				sigStoreDir = registryInfo.SigStoreStaging
+				runtimeConfig, err := runtime.GetConfig()
+				if err != nil {
+					return err
+				}
+
+				sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore")
+			}
+		} else {
+			registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
+			if registryInfo != nil {
 				if sigStoreDir == "" {
-					sigStoreDir = registryInfo.SigStore
+					sigStoreDir = registryInfo.SigStoreStaging
+					if sigStoreDir == "" {
+						sigStoreDir = registryInfo.SigStore
+					}
+				}
+				sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
+				if err != nil {
+					return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
 				}
 			}
-			sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
-			if err != nil {
-				return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
+			if sigStoreDir == "" {
+				sigStoreDir = SignatureStoreDir
 			}
 		}
-		if sigStoreDir == "" {
-			sigStoreDir = SignatureStoreDir
-		}
 
 		repos, err := newImage.RepoDigests()
 		if err != nil {
author	Qi Wang <qiwan@redhat.com>	2019-09-11 16:27:28 -0400
committer	Qi Wang <qiwan@redhat.com>	2019-09-11 16:27:42 -0400
commit	569c2e523dcddd3a0c3a3dc1b92632a07d2eda51 (patch)
tree	fc9f80c7d3454dfa04edc1b20f8d4244f5a62986 /cmd/podman
parent	79ebb5f254d6f3498500f823cf1b856fed2e6149 (diff)
download	podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.gz podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.tar.bz2 podman-569c2e523dcddd3a0c3a3dc1b92632a07d2eda51.zip