diff options
author | Miloslav Trmač <mitr@redhat.com> | 2022-08-24 19:48:26 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2022-08-25 01:50:43 +0200 |
commit | ff3f574fc0db5e442adfac54b86af7c462595ffc (patch) | |
tree | 4e9bafeb916dd200d1a120657e1e9e5afa558483 /pkg/trust/policy.go | |
parent | 9828bc44534d6527d44351470d5f943281b7dfba (diff) | |
download | podman-ff3f574fc0db5e442adfac54b86af7c462595ffc.tar.gz podman-ff3f574fc0db5e442adfac54b86af7c462595ffc.tar.bz2 podman-ff3f574fc0db5e442adfac54b86af7c462595ffc.zip |
Add support for sigstoreSigned in (podman image trust set)
NOTE: This does not edit the use-sigstore-attachments value
in registries.d, similarly to how (podman image trust set) didn't
set the lookaside paths for simple signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'pkg/trust/policy.go')
-rw-r--r-- | pkg/trust/policy.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go index 77e02a05c..3a31b9338 100644 --- a/pkg/trust/policy.go +++ b/pkg/trust/policy.go @@ -161,6 +161,14 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error { newReposContent = append(newReposContent, RepoContent{Type: trustType, KeyType: "GPGKeys", KeyPath: filepath}) } + case "sigstoreSigned": + if len(pubkeysfile) == 0 { + return errors.New("at least one public key must be defined for type 'sigstoreSigned'") + } + for _, filepath := range pubkeysfile { + newReposContent = append(newReposContent, RepoContent{Type: trustType, KeyPath: filepath}) + } + default: return fmt.Errorf("unknown trust type %q", input.Type) } |