From 2fcd1d7b4dca2619277607da7c8d22e9ec7620a2 Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Sun, 13 Sep 2020 15:40:41 -0400 Subject: Supports import&run--signature-policy Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang --- libpod/image/image.go | 2 +- libpod/image/pull.go | 3 +++ libpod/runtime_img.go | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'libpod') diff --git a/libpod/image/image.go b/libpod/image/image.go index 850a48eae..5dfb33afb 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -1284,7 +1284,7 @@ func (ir *Runtime) Import(ctx context.Context, path, reference string, writer io return nil, errors.Wrapf(err, "error updating image config") } - sc := GetSystemContext("", "", false) + sc := GetSystemContext(ir.SignaturePolicyPath, "", false) // if reference not given, get the image digest if reference == "" { diff --git a/libpod/image/pull.go b/libpod/image/pull.go index 94d6af4c2..65acdf427 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -255,6 +255,9 @@ func (ir *Runtime) pullImageFromHeuristicSource(ctx context.Context, inputName s sc.ArchitectureChoice = dockerOptions.ArchitectureChoice sc.VariantChoice = dockerOptions.VariantChoice } + if signaturePolicyPath == "" { + sc.SignaturePolicyPath = ir.SignaturePolicyPath + } sc.BlobInfoCacheDir = filepath.Join(ir.store.GraphRoot(), "cache") srcRef, err := alltransports.ParseImageName(inputName) if err != nil { diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index eb4512f8d..e57890fa2 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -174,7 +174,7 @@ func (r *Runtime) Build(ctx context.Context, options imagebuildah.BuildOptions, } // Import is called as an intermediary to the image library Import -func (r *Runtime) Import(ctx context.Context, source string, reference string, changes []string, history string, quiet bool) (string, error) { +func (r *Runtime) Import(ctx context.Context, source, reference, signaturePolicyPath string, changes []string, history string, quiet bool) (string, error) { var ( writer io.Writer err error @@ -223,6 +223,7 @@ func (r *Runtime) Import(ctx context.Context, source string, reference string, c source = file } + r.imageRuntime.SignaturePolicyPath = signaturePolicyPath newImage, err := r.imageRuntime.Import(ctx, source, reference, writer, image.SigningOptions{}, config) if err != nil { return "", err -- cgit v1.2.3-54-g00ecf