summaryrefslogtreecommitdiff
path: root/pkg/trust
diff options
context:
space:
mode:
authorQi Wang <qiwan@redhat.com>2019-01-11 11:38:44 -0500
committerQi Wang <qiwan@redhat.com>2019-01-15 12:25:10 -0500
commite24167eef9d55f11b21b487678f79b5a70d3c4dd (patch)
tree98014036b58ea6a9823e0ae3d541a40958d05ef3 /pkg/trust
parent264d0821068c26daae9b2e57bb8ea34dac79e62a (diff)
downloadpodman-e24167eef9d55f11b21b487678f79b5a70d3c4dd.tar.gz
podman-e24167eef9d55f11b21b487678f79b5a70d3c4dd.tar.bz2
podman-e24167eef9d55f11b21b487678f79b5a70d3c4dd.zip
Fix up `image sign` in PR 2108
Signed-off-by: Qi Wang <qiwan@redhat.com>
Diffstat (limited to 'pkg/trust')
-rw-r--r--pkg/trust/trust.go122
1 files changed, 28 insertions, 94 deletions
diff --git a/pkg/trust/trust.go b/pkg/trust/trust.go
index 31e41903e..9a75474ae 100644
--- a/pkg/trust/trust.go
+++ b/pkg/trust/trust.go
@@ -175,43 +175,30 @@ func CreateTmpFile(dir, pattern string, content []byte) (string, error) {
return tmpfile.Name(), nil
}
-func getGPGIdFromKeyPath(path []string) []string {
- var uids []string
- for _, k := range path {
- cmd := exec.Command("gpg2", "--with-colons", k)
- results, err := cmd.Output()
- if err != nil {
- logrus.Warnf("error get key identity: %s", err)
- continue
- }
- uids = append(uids, parseUids(results)...)
+// GetGPGIdFromKeyPath return user keyring from key path
+func GetGPGIdFromKeyPath(path string) []string {
+ cmd := exec.Command("gpg2", "--with-colons", path)
+ results, err := cmd.Output()
+ if err != nil {
+ logrus.Errorf("error getting key identity: %s", err)
+ return nil
}
- return uids
+ return parseUids(results)
}
-func getGPGIdFromKeyData(keys []string) []string {
- var uids []string
- for _, k := range keys {
- decodeKey, err := base64.StdEncoding.DecodeString(k)
- if err != nil {
- logrus.Warnf("error decoding key data")
- continue
- }
- tmpfileName, err := CreateTmpFile("", "", decodeKey)
- if err != nil {
- logrus.Warnf("error creating key date temp file %s", err)
- }
- defer os.Remove(tmpfileName)
- k = tmpfileName
- cmd := exec.Command("gpg2", "--with-colons", k)
- results, err := cmd.Output()
- if err != nil {
- logrus.Warnf("error get key identity: %s", err)
- continue
- }
- uids = append(uids, parseUids(results)...)
+// GetGPGIdFromKeyData return user keyring from keydata
+func GetGPGIdFromKeyData(key string) []string {
+ decodeKey, err := base64.StdEncoding.DecodeString(key)
+ if err != nil {
+ logrus.Errorf("%s, error decoding key data", err)
+ return nil
}
- return uids
+ tmpfileName, err := CreateTmpFile("", "", decodeKey)
+ if err != nil {
+ logrus.Errorf("error creating key date temp file %s", err)
+ }
+ defer os.Remove(tmpfileName)
+ return GetGPGIdFromKeyPath(tmpfileName)
}
func parseUids(colonDelimitKeys []byte) []string {
@@ -234,68 +221,15 @@ func parseUids(colonDelimitKeys []byte) []string {
return parseduids
}
-var typeDescription = map[string]string{"insecureAcceptAnything": "accept", "signedBy": "signed", "reject": "reject"}
-
-func trustTypeDescription(trustType string) string {
- trustDescription, exist := typeDescription[trustType]
- if !exist {
- logrus.Warnf("invalid trust type %s", trustType)
- }
- return trustDescription
-}
-
-// GetPolicy return the struct to show policy.json in json format and a map (reponame, ShowOutput) pair for image trust show command
-func GetPolicy(policyContentStruct PolicyContent, systemRegistriesDirPath string) (map[string]map[string]interface{}, map[string]ShowOutput, error) {
- registryConfigs, err := LoadAndMergeConfig(systemRegistriesDirPath)
+// GetPolicy parse policy.json into PolicyContent struct
+func GetPolicy(policyPath string) (PolicyContent, error) {
+ var policyContentStruct PolicyContent
+ policyContent, err := ioutil.ReadFile(policyPath)
if err != nil {
- return nil, nil, err
+ return policyContentStruct, errors.Wrapf(err, "unable to read policy file %s", policyPath)
}
-
- trustShowOutputMap := make(map[string]ShowOutput)
- policyJSON := make(map[string]map[string]interface{})
- if len(policyContentStruct.Default) > 0 {
- policyJSON["* (default)"] = make(map[string]interface{})
- policyJSON["* (default)"]["type"] = policyContentStruct.Default[0].Type
-
- var defaultPolicyStruct ShowOutput
- defaultPolicyStruct.Repo = "default"
- defaultPolicyStruct.Trusttype = trustTypeDescription(policyContentStruct.Default[0].Type)
- trustShowOutputMap["* (default)"] = defaultPolicyStruct
- }
- for transname, transval := range policyContentStruct.Transports {
- for repo, repoval := range transval {
- tempTrustShowOutput := ShowOutput{
- Repo: repo,
- Trusttype: repoval[0].Type,
- }
- policyJSON[repo] = make(map[string]interface{})
- policyJSON[repo]["type"] = repoval[0].Type
- policyJSON[repo]["transport"] = transname
- keyDataArr := []string{}
- keyPathArr := []string{}
- keyarr := []string{}
- for _, repoele := range repoval {
- if len(repoele.KeyPath) > 0 {
- keyarr = append(keyarr, repoele.KeyPath)
- keyPathArr = append(keyPathArr, repoele.KeyPath)
- }
- if len(repoele.KeyData) > 0 {
- keyarr = append(keyarr, string(repoele.KeyData))
- keyDataArr = append(keyDataArr, string(repoele.KeyData))
- }
- }
- policyJSON[repo]["keys"] = keyarr
- uids := append(getGPGIdFromKeyPath(keyPathArr), getGPGIdFromKeyData(keyDataArr)...)
- tempTrustShowOutput.GPGid = strings.Join(uids, ",")
-
- policyJSON[repo]["sigstore"] = ""
- registryNamespace := HaveMatchRegistry(repo, registryConfigs)
- if registryNamespace != nil {
- policyJSON[repo]["sigstore"] = registryNamespace.SigStore
- tempTrustShowOutput.Sigstore = registryNamespace.SigStore
- }
- trustShowOutputMap[repo] = tempTrustShowOutput
- }
+ if err := json.Unmarshal(policyContent, &policyContentStruct); err != nil {
+ return policyContentStruct, errors.Wrapf(err, "could not parse trust policies")
}
- return policyJSON, trustShowOutputMap, nil
+ return policyContentStruct, nil
}