aboutsummaryrefslogtreecommitdiff
path: root/pkg/trust
Commit message (Collapse)AuthorAge
* Preserve all unknown PolicyRequirement fields on (podman image trust set)Miloslav Trmač2022-08-25
| | | | | | | | | | | We are unmarshaling and re-marshaling JSON, which can _silently_ drop data with the Go design decision.data. Try harder, by using json.RawMessage at least for the data we care about. Alternatively, this could use json.Decoder.DisallowUnknownFields. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Reorganize the types in policy.go a bitMiloslav Trmač2022-08-25
| | | | | | | | ... to go from top to bottom. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add support for showing keyPaths in (podman image trust show)Miloslav Trmač2022-08-25
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Support (image trust show) for sigstoreSigned entriesMiloslav Trmač2022-08-25
| | | | | | | | | sigstoreSigned does not have GPG IDs, so we add N/A in that column. NOTE: this does not show the use-sigstore-attachments value from registries.d. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* BREAKING CHANGE: Change how (podman image trust show) represents multiple ↵Miloslav Trmač2022-08-25
| | | | | | | | | | | | | | | | requirements Currently - the output uses the first entry's type, even if the requirements are different (notably signedBy + sigstoreSIgned) - all public keys IDs are collected to a single line, even if some of them are interchangeable, and some are required (e.g. two signedBy requirements could require an image to be signed by (redhatProd OR redhatBeta) AND (vendor1 OR vendor2) So, stop collapsing the requirements, and return a separate entry for each one. Multiple GPG IDs on a single line used to mean AND or OR, now they always mean AND. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Reorganize descriptionsOfPolicyRequirements a bitMiloslav Trmač2022-08-25
| | | | | | | | | Do the registries.d lookup once, separately from building an entry, so that we can share it across entries. Also prepare a separate res to allow adding multiple entries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use the full descriptionsOfPolicyRequirements for the default scopeMiloslav Trmač2022-08-25
| | | | | | ... instead of taking a shortcut, e.g. not listing any keys if they are required. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Rename haveMatchRegistry to registriesDConfigurationForScopeMiloslav Trmač2022-08-25
| | | | | | | | | | Just so that we don't have a boolean-named function returning a struct. Also reorder the parameters to have the container first, and the lookup key second. Shoud not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Rename tempTrustShowOutput to entryMiloslav Trmač2022-08-25
| | | | | | | | | Now that it is the primary return value of a small function, the long name only makes reading harder. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Split descriptionsOfPolicyRequirements out of getPolicyShowOutputMiloslav Trmač2022-08-25
| | | | | | | | | This will evetually allow us to use it for the default scope as well, which currently uses a simplified version. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Recognize the new lookaside names for simple signing sigstoreMiloslav Trmač2022-08-25
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add a unit test for trust.PolicyDescriptionMiloslav Trmač2022-08-25
| | | | | | | | | | Add at least a basic unit test for the various entry types. So that we don't have to actually deal with GPG keys and /usr/bin/gpg*, parametrize the code with a gpgIDReader , and pass a fake one in the unit test. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Make the output of (podman image trust show) deterministicMiloslav Trmač2022-08-25
| | | | | | Sort map keys instead of iterating in the Go-imposed random order. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Make most of pkg/trust package-privateMiloslav Trmač2022-08-25
| | | | | | | | We now have only a few entrypoints that are called externally, so make the rest private. This will make it more obvious that we are not breaking any external users. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescriptionMiloslav Trmač2022-08-25
| | | | | | | | | This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Add support for sigstoreSigned in (podman image trust set)Miloslav Trmač2022-08-25
| | | | | | | | NOTE: This does not edit the use-sigstore-attachments value in registries.d, similarly to how (podman image trust set) didn't set the lookaside paths for simple signing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Create new policy entries together with validating inputMiloslav Trmač2022-08-25
| | | | | | | | That way, we don't have to switch over trustType twice. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Improve validation of data in ImageEngine.SetTrustMiloslav Trmač2022-08-25
| | | | | | | | - Also reject public keys with types that don't use them - Reject unknown trust types - And add unit tests Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntriesMiloslav Trmač2022-08-25
| | | | | | | | | | | This will allow us to write unit tests without setting up the complete Podman runtime (and without the Linux dependency). Also, actually add a basic smoke test of the core functionality. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Make trust.CreateTempFile privateMiloslav Trmač2022-08-25
| | | | | | | | Nothing uses it outside the package. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Reorganize pkg/trustMiloslav Trmač2022-08-25
| | | | | | | | | Split the existing code into policy.go and registries.go, depending on which files it concerns. Only moves unchanged code, should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Remove an unused trust.ShowOutput typeMiloslav Trmač2022-08-25
| | | | | | Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Cleanup display of trust with transportsDaniel J Walsh2022-02-22
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* standardize logrus messages to upper caseDaniel J Walsh2021-09-22
| | | | | | | | Remove ERROR: Error stutter from logrus messages also. [ NO TESTS NEEDED] This is just code cleanup. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable whitespace linterPaul Holzinger2021-02-11
| | | | | | | | Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* image sign using per user registries.dQi Wang2020-12-07
| | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Lowercase some errorsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | This commit is courtesy of ``` for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Error /\1"error /' $f; done for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f; done ``` etc. Self-reviewed using `git diff --word-diff`, found no issues. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* fix bug podman sign storage pathQi Wang2020-08-04
| | | | | | | | | - fix the bud podman not using specified --directory as signature storage. - use manifest and image referce to set repo@digest. close #6994 close #6993 Signed-off-by: Qi Wang <qiwan@redhat.com>
* Fixup issues found by golintDaniel J Walsh2020-06-10
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* v2trust set and showbaude2020-05-07
| | | | | | | | add podman image trust set and show Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: bbaude <bbaude@DESKTOP-SH5EG3J.localdomain> Signed-off-by: Brent Baude <bbaude@redhat.com>
* codespell: spelling correctionsDmitry Smirnov2019-11-13
| | | | Signed-off-by: Dmitry Smirnov <onlyjob@member.fsf.org>
* bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
| | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Update c/image to v4.0.1 and buildah to 1.11.3Miloslav Trmač2019-10-04
| | | | | | | | | | | | | | This requires updating all import paths throughout, and a matching buildah update to interoperate. I can't figure out the reason for go.mod tracking github.com/containers/image v3.0.2+incompatible // indirect ((go mod graph) lists it as a direct dependency of libpod, but (go list -json -m all) lists it as an indirect dependency), but at least looking at the vendor subdirectory, it doesn't seem to be actually used in the built binaries. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* trivial cleanups from golangbaude2019-07-03
| | | | | | the results of a code cleanup performed by the goland IDE. Signed-off-by: baude <bbaude@redhat.com>
* Fix up `image sign` in PR 2108Qi Wang2019-01-15
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* Fix 'image trust' from PR1899Qi Wang2019-01-09
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* Support podman image trust commandQi Wang2018-12-19
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>