From 01bf8a66872df7dc6f93b7156371fa8fce3d84df Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Thu, 23 Sep 2021 13:35:57 +0200 Subject: podman save: enforce signature removal Enforce the removal of signatures in `podman save` to restore behavior prior to the migration to libimage. We may consider improving on that in the future. For details, please refer to the excellent summary by @mtrmac [1]. [NO TESTS NEEDED] - manually verified but exisiting tests need some further investigation (see [1]). [1] https://github.com/containers/podman/pull/11669#issuecomment-925250264 Signed-off-by: Valentin Rothberg --- pkg/domain/entities/images.go | 2 -- pkg/domain/infra/abi/images.go | 5 ++++- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'pkg/domain') diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index edd23e662..80d570764 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -305,8 +305,6 @@ type ImageSaveOptions struct { OciAcceptUncompressedLayers bool // Output - write image to the specified path. Output string - // Do not save the signature from the source image - RemoveSignatures bool // Quiet - suppress output when copying images Quiet bool } diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 705ad7768..98d668434 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -368,7 +368,10 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, saveOptions := &libimage.SaveOptions{} saveOptions.DirForceCompress = options.Compress saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers - saveOptions.RemoveSignatures = options.RemoveSignatures + + // Force signature removal to preserve backwards compat. + // See https://github.com/containers/podman/pull/11669#issuecomment-925250264 + saveOptions.RemoveSignatures = true if !options.Quiet { saveOptions.Writer = os.Stderr -- cgit v1.2.3-54-g00ecf