summaryrefslogtreecommitdiff
path: root/cmd/podman/manifest
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/manifest')
-rw-r--r--cmd/podman/manifest/push.go20
1 files changed, 18 insertions, 2 deletions
diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go
index 9023d5d27..756ed2a74 100644
--- a/cmd/podman/manifest/push.go
+++ b/cmd/podman/manifest/push.go
@@ -20,8 +20,9 @@ import (
type manifestPushOptsWrapper struct {
entities.ImagePushOptions
- TLSVerifyCLI bool // CLI only
- CredentialsCLI string
+ TLSVerifyCLI bool // CLI only
+ CredentialsCLI string
+ SignPassphraseFileCLI string
}
var (
@@ -72,6 +73,14 @@ func init() {
flags.StringVar(&manifestPushOpts.SignBy, signByFlagName, "", "sign the image using a GPG key with the specified `FINGERPRINT`")
_ = pushCmd.RegisterFlagCompletionFunc(signByFlagName, completion.AutocompleteNone)
+ signBySigstorePrivateKeyFlagName := "sign-by-sigstore-private-key"
+ flags.StringVar(&manifestPushOpts.SignBySigstorePrivateKeyFile, signBySigstorePrivateKeyFlagName, "", "Sign the image using a sigstore private key at `PATH`")
+ _ = pushCmd.RegisterFlagCompletionFunc(signBySigstorePrivateKeyFlagName, completion.AutocompleteDefault)
+
+ signPassphraseFileFlagName := "sign-passphrase-file"
+ flags.StringVar(&manifestPushOpts.SignPassphraseFileCLI, signPassphraseFileFlagName, "", "Read a passphrase for signing an image from `PATH`")
+ _ = pushCmd.RegisterFlagCompletionFunc(signPassphraseFileFlagName, completion.AutocompleteDefault)
+
flags.BoolVar(&manifestPushOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists")
flags.SetNormalizeFunc(utils.AliasFlags)
@@ -82,6 +91,9 @@ func init() {
if registry.IsRemote() {
_ = flags.MarkHidden("cert-dir")
+ _ = flags.MarkHidden(signByFlagName)
+ _ = flags.MarkHidden(signBySigstorePrivateKeyFlagName)
+ _ = flags.MarkHidden(signPassphraseFileFlagName)
}
}
@@ -107,6 +119,10 @@ func push(cmd *cobra.Command, args []string) error {
manifestPushOpts.Password = creds.Password
}
+ if err := common.PrepareSigningPassphrase(&manifestPushOpts.ImagePushOptions, manifestPushOpts.SignPassphraseFileCLI); err != nil {
+ return err
+ }
+
// TLS verification in c/image is controlled via a `types.OptionalBool`
// which allows for distinguishing among set-true, set-false, unspecified
// which is important to implement a sane way of dealing with defaults of