From 2fcd1d7b4dca2619277607da7c8d22e9ec7620a2 Mon Sep 17 00:00:00 2001
From: Qi Wang <qiwan@redhat.com>
Date: Sun, 13 Sep 2020 15:40:41 -0400
Subject: Supports import&run--signature-policy

Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands.

Signed-off-by: Qi Wang <qiwan@redhat.com>
---
 cmd/podman/common/create.go      | 5 +++++
 cmd/podman/common/create_opts.go | 1 +
 cmd/podman/containers/create.go  | 2 ++
 cmd/podman/containers/run.go     | 1 +
 cmd/podman/images/import.go      | 2 ++
 5 files changed, 11 insertions(+)

(limited to 'cmd/podman')

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 2b6f9348e..cfbcf6140 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -415,6 +415,11 @@ func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
 		"shm-size", containerConfig.ShmSize(),
 		"Size of /dev/shm "+sizeWithUnitFormat,
 	)
+	createFlags.StringVar(
+		&cf.SignaturePolicy,
+		"signature-policy", "",
+		"`Pathname` of signature policy file (not usually used)",
+	)
 	createFlags.StringVar(
 		&cf.StopSignal,
 		"stop-signal", "",
diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index 1b0e64590..83a25f4ab 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -84,6 +84,7 @@ type ContainerCLIOpts struct {
 	SecurityOpt       []string
 	SdNotifyMode      string
 	ShmSize           string
+	SignaturePolicy   string
 	StopSignal        string
 	StopTimeout       uint
 	StoreageOpt       []string
diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index f9d33a223..795b56d6a 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -61,6 +61,7 @@ func createFlags(flags *pflag.FlagSet) {
 	flags.AddFlagSet(common.GetNetFlags())
 	flags.SetNormalizeFunc(utils.AliasFlags)
 
+	_ = flags.MarkHidden("signature-policy")
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("authfile")
 		_ = flags.MarkHidden("env-host")
@@ -256,6 +257,7 @@ func pullImage(imageName string) (string, error) {
 			OverrideArch:    cliVals.OverrideArch,
 			OverrideOS:      cliVals.OverrideOS,
 			OverrideVariant: cliVals.OverrideVariant,
+			SignaturePolicy: cliVals.SignaturePolicy,
 		})
 		if pullErr != nil {
 			return "", pullErr
diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go
index 34eea14e1..ce144a32d 100644
--- a/cmd/podman/containers/run.go
+++ b/cmd/podman/containers/run.go
@@ -64,6 +64,7 @@ func runFlags(flags *pflag.FlagSet) {
 	flags.BoolVar(&runRmi, "rmi", false, "Remove container image unless used by other containers")
 	flags.UintVar(&runOpts.PreserveFDs, "preserve-fds", 0, "Pass a number of additional file descriptors into the container")
 
+	_ = flags.MarkHidden("signature-policy")
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("authfile")
 		_ = flags.MarkHidden("env-host")
diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go
index e605ddfc6..1c234e743 100644
--- a/cmd/podman/images/import.go
+++ b/cmd/podman/images/import.go
@@ -63,6 +63,8 @@ func importFlags(flags *pflag.FlagSet) {
 	flags.StringArrayVarP(&importOpts.Changes, "change", "c", []string{}, "Apply the following possible instructions to the created image (default []): CMD | ENTRYPOINT | ENV | EXPOSE | LABEL | STOPSIGNAL | USER | VOLUME | WORKDIR")
 	flags.StringVarP(&importOpts.Message, "message", "m", "", "Set commit message for imported image")
 	flags.BoolVarP(&importOpts.Quiet, "quiet", "q", false, "Suppress output")
+	flags.StringVar(&importOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
+	_ = flags.MarkHidden("signature-policy")
 }
 
 func importCon(cmd *cobra.Command, args []string) error {
-- 
cgit v1.2.3-54-g00ecf