aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/sign.go6
-rw-r--r--completions/bash/podman107
-rw-r--r--docs/podman-image-sign.1.md12
3 files changed, 116 insertions, 9 deletions
diff --git a/cmd/podman/sign.go b/cmd/podman/sign.go
index 790b6031d..aa3e0cab7 100644
--- a/cmd/podman/sign.go
+++ b/cmd/podman/sign.go
@@ -1,10 +1,10 @@
package main
import (
- "fmt"
"io/ioutil"
"net/url"
"os"
+ "path/filepath"
"strconv"
"strings"
@@ -138,7 +138,7 @@ func signCmd(c *cli.Context) error {
return errors.Wrapf(err, "error creating new signature")
}
- sigStoreDir = fmt.Sprintf("%s/%s", sigStoreDir, strings.Replace(repos[0][strings.Index(repos[0], "/")+1:len(repos[0])], ":", "=", 1))
+ sigStoreDir = filepath.Join(sigStoreDir, strings.Replace(repos[0][strings.Index(repos[0], "/")+1:len(repos[0])], ":", "=", 1))
if err := os.MkdirAll(sigStoreDir, 0751); err != nil {
// The directory is allowed to exist
if !os.IsExist(err) {
@@ -151,7 +151,7 @@ func signCmd(c *cli.Context) error {
logrus.Errorf("error creating sigstore file: %v", err)
continue
}
- err = ioutil.WriteFile(sigStoreDir+"/"+sigFilename, newSig, 0644)
+ err = ioutil.WriteFile(filepath.Join(sigStoreDir, sigFilename), newSig, 0644)
if err != nil {
logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
continue
diff --git a/completions/bash/podman b/completions/bash/podman
index e23615d52..6333dfdf2 100644
--- a/completions/bash/podman
+++ b/completions/bash/podman
@@ -32,6 +32,9 @@ __podman_containers() {
__podman_q ps --format "$format" "$@"
}
+__podman_list_registries() {
+ sed -n -e '/registries.*=/ {s/.*\[\([^]]*\).*/\1/p;q}' /etc/containers/registries.conf | sed -e "s/[,']//g"
+}
# __podman_pods returns a list of pods. Additional options to
# `podman pod ps` may be specified in order to filter the list, e.g.
@@ -365,6 +368,7 @@ __podman_subcommands() {
local subcommands="$1"
local counter=$(($command_pos + 1))
+
while [ $counter -lt $cword ]; do
case "${words[$counter]}" in
$(__podman_to_extglob "$subcommands") )
@@ -1296,7 +1300,9 @@ _podman_image() {
push
rm
save
+ sign
tag
+ trust
"
local aliases="
list
@@ -2356,6 +2362,92 @@ _podman_container_runlabel() {
esac
}
+_podman_image_sign() {
+ local options_with_args="
+ -d
+ --directory
+ --sign-by
+ "
+ local boolean_options="
+ --help
+ -h
+ "
+ case "$cur" in
+ -*)
+ COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
+ ;;
+ *)
+ __podman_complete_images
+ ;;
+ esac
+}
+
+_podman_image_trust_set() {
+ echo hello
+ local options_with_args="
+ -f
+ --type
+ --pubkeysfile
+ "
+ local boolean_options="
+ --help
+ -h
+ "
+ case "$cur" in
+ -*)
+ COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
+ ;;
+ *)
+ COMPREPLY=($(compgen -W "default $( __podman_list_registries )" -- "$cur"))
+ ;;
+ esac
+}
+
+_podman_image_trust_show() {
+ local options_with_args="
+ "
+ local boolean_options="
+ --help
+ -h
+ -j
+ --json
+ --raw
+ "
+ case "$cur" in
+ -*)
+ COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
+ ;;
+ *)
+ __podman_complete_images
+ ;;
+ esac
+}
+
+_podman_image_trust() {
+ local boolean_options="
+ --help
+ -h
+ "
+ subcommands="
+ set
+ show
+ "
+ local aliases="
+ list
+ "
+ command=image_trust
+ __podman_subcommands "$subcommands $aliases" && return
+
+ case "$cur" in
+ -*)
+ COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
+ ;;
+ *)
+ COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
+ ;;
+ esac
+}
+
_podman_images_prune() {
local options_with_args="
"
@@ -2364,6 +2456,11 @@ _podman_images_prune() {
-h
--help
"
+ case "$cur" in
+ -*)
+ COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
+ ;;
+ esac
}
_podman_container_prune() {
@@ -2382,6 +2479,15 @@ _podman_container_exists() {
local boolean_options="
"
+ case "$cur" in
+ -*)
+ COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
+ ;;
+ *)
+ __podman_complete_images
+ ;;
+ esac
+
}
_podman_pod_exists() {
@@ -2813,6 +2919,7 @@ _podman_podman() {
export
generate
history
+ image
images
import
info
diff --git a/docs/podman-image-sign.1.md b/docs/podman-image-sign.1.md
index c4f3c6676..232bc87fe 100644
--- a/docs/podman-image-sign.1.md
+++ b/docs/podman-image-sign.1.md
@@ -5,8 +5,8 @@ podman-image-sign- Create a signature for an image
# SYNOPSIS
**podman image sign**
-[**-h**|**--help**]
-[**-d**, **--directory**]
+[**--help**|**-h**]
+[**--directory**|**-d**]
[**--sign-by**]
[ IMAGE... ]
@@ -16,10 +16,10 @@ been pulled from a registry. The signature will be written to a directory
derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory.
# OPTIONS
-**-h** **--help**
+**--help** **-h**
Print usage statement.
-**-d** **--directory**
+**--directory** **-d**
Store the signatures in the specified directory. Default: /var/lib/containers/sigstore
**--sign-by**
@@ -28,7 +28,7 @@ derived from the registry configuration files in /etc/containers/registries.d. B
# EXAMPLES
Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/.
- sudo podman image sign --sign-by foo@bar.com -d /tmp/signatures transport://privateregistry.example.com/foobar
+ sudo podman image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar
# RELATED CONFIGURATION
@@ -36,7 +36,7 @@ The write (and read) location for signatures is defined in YAML-based
configuration files in /etc/containers/registries.d/. When you sign
an image, podman will use those configuration files to determine
where to write the signature based on the the name of the originating
-registry or a default storage value unless overriden with the -d
+registry or a default storage value unless overriden with the --directory
option. For example, consider the following configuration file.
docker: