diff options
author | openshift-ci[bot] <75433959+openshift-ci[bot]@users.noreply.github.com> | 2022-08-02 20:09:10 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-02 20:09:10 +0000 |
commit | 49ae6cfed67dbc38408c85b3be52af69fa8f031d (patch) | |
tree | 3bd355609715d56a0f4126179c0876cfece3aa4d /pkg | |
parent | 87f892e5b56c2fab2f394f8cc79794ccce03f510 (diff) | |
parent | 5c95c0920f32b61021395ec2700884d136240de7 (diff) | |
download | podman-49ae6cfed67dbc38408c85b3be52af69fa8f031d.tar.gz podman-49ae6cfed67dbc38408c85b3be52af69fa8f031d.tar.bz2 podman-49ae6cfed67dbc38408c85b3be52af69fa8f031d.zip |
Merge pull request #15142 from mtrmac/sigstore-sign-4.2
[v4.2] Sigstore sign
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/domain/entities/images.go | 10 | ||||
-rw-r--r-- | pkg/domain/infra/abi/images.go | 3 | ||||
-rw-r--r-- | pkg/domain/infra/abi/manifest.go | 3 | ||||
-rw-r--r-- | pkg/domain/infra/abi/secrets.go | 2 | ||||
-rw-r--r-- | pkg/specgen/generate/kube/play_test.go | 2 |
5 files changed, 18 insertions, 2 deletions
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index b8b346005..dad2dc6cc 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -205,6 +205,16 @@ type ImagePushOptions struct { // SignBy adds a signature at the destination using the specified key. // Ignored for remote calls. SignBy string + // SignPassphrase, if non-empty, specifies a passphrase to use when signing + // with the key ID from SignBy. + SignPassphrase string + // SignBySigstorePrivateKeyFile, if non-empty, asks for a signature to be added + // during the copy, using a sigstore private key file at the provided path. + // Ignored for remote calls. + SignBySigstorePrivateKeyFile string + // SignSigstorePrivateKeyPassphrase is the passphrase to use when signing with + // SignBySigstorePrivateKeyFile. + SignSigstorePrivateKeyPassphrase []byte // SkipTLSVerify to skip HTTPS and certificate verification. SkipTLSVerify types.OptionalBool // Progress to get progress notifications diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index ff42b0367..94178a8e2 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -304,6 +304,9 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri pushOptions.ManifestMIMEType = manifestType pushOptions.RemoveSignatures = options.RemoveSignatures pushOptions.SignBy = options.SignBy + pushOptions.SignPassphrase = options.SignPassphrase + pushOptions.SignBySigstorePrivateKeyFile = options.SignBySigstorePrivateKeyFile + pushOptions.SignSigstorePrivateKeyPassphrase = options.SignSigstorePrivateKeyPassphrase pushOptions.InsecureSkipTLSVerify = options.SkipTLSVerify pushOptions.Writer = options.Writer diff --git a/pkg/domain/infra/abi/manifest.go b/pkg/domain/infra/abi/manifest.go index d20744d76..60f727234 100644 --- a/pkg/domain/infra/abi/manifest.go +++ b/pkg/domain/infra/abi/manifest.go @@ -316,6 +316,9 @@ func (ir *ImageEngine) ManifestPush(ctx context.Context, name, destination strin pushOptions.ManifestMIMEType = manifestType pushOptions.RemoveSignatures = opts.RemoveSignatures pushOptions.SignBy = opts.SignBy + pushOptions.SignPassphrase = opts.SignPassphrase + pushOptions.SignBySigstorePrivateKeyFile = opts.SignBySigstorePrivateKeyFile + pushOptions.SignSigstorePrivateKeyPassphrase = opts.SignSigstorePrivateKeyPassphrase pushOptions.InsecureSkipTLSVerify = opts.SkipTLSVerify if opts.All { diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go index 7321ef715..e82fa4fdd 100644 --- a/pkg/domain/infra/abi/secrets.go +++ b/pkg/domain/infra/abi/secrets.go @@ -42,7 +42,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader } } - secretID, err := manager.Store(name, data, options.Driver, options.DriverOpts) + secretID, err := manager.Store(name, data, options.Driver, options.DriverOpts, nil) if err != nil { return nil, err } diff --git a/pkg/specgen/generate/kube/play_test.go b/pkg/specgen/generate/kube/play_test.go index 466dab610..470c0c39c 100644 --- a/pkg/specgen/generate/kube/play_test.go +++ b/pkg/specgen/generate/kube/play_test.go @@ -28,7 +28,7 @@ func createSecrets(t *testing.T, d string) *secrets.SecretsManager { data, err := json.Marshal(s.Data) assert.NoError(t, err) - _, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, driverOpts) + _, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, driverOpts, nil) assert.NoError(t, err) } |