Skip to content

Commit

Permalink
cli: Add signature-policy flag to podman save
Browse files Browse the repository at this point in the history
Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command

Closes: #15869
Signed-off-by: 😎Mostafa Emami <[email protected]>
  • Loading branch information
idleroamer committed Sep 21, 2022
1 parent 30231d0 commit 33c3111
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 1 deletion.
5 changes: 5 additions & 0 deletions cmd/podman/images/save.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,11 @@ func saveFlags(cmd *cobra.Command) {

flags.BoolVarP(&saveOpts.Quiet, "quiet", "q", false, "Suppress the output")
flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)")

if !registry.IsRemote() {
flags.StringVar(&saveOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file")
_ = flags.MarkHidden("signature-policy")
}
}

func save(cmd *cobra.Command, args []string) (finalErr error) {
Expand Down
3 changes: 2 additions & 1 deletion pkg/domain/entities/images.go
Original file line number Diff line number Diff line change
Expand Up @@ -335,7 +335,8 @@ type ImageSaveOptions struct {
// Output - write image to the specified path.
Output string
// Quiet - suppress output when copying images
Quiet bool
Quiet bool
SignaturePolicy string
}

// ImageScpOptions provide options for securely copying images to and from a remote host
Expand Down
1 change: 1 addition & 0 deletions pkg/domain/infra/abi/images.go
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
saveOptions := &libimage.SaveOptions{}
saveOptions.DirForceCompress = options.Compress
saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
saveOptions.SignaturePolicyPath = options.SignaturePolicy

// Force signature removal to preserve backwards compat.
// See https://github.com/containers/podman/pull/11669#issuecomment-925250264
Expand Down
9 changes: 9 additions & 0 deletions test/e2e/save_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,15 @@ var _ = Describe("Podman save", func() {
Expect(save).Should(Exit(0))
})

It("podman save signature-policy flag", func() {
SkipIfRemote("--signature-policy N/A for remote")
outfile := filepath.Join(podmanTest.TempDir, "alpine.tar")

save := podmanTest.Podman([]string{"save", "--signature-policy", "/etc/containers/policy.json", "-o", outfile, ALPINE})
save.WaitWithDefaultTimeout()
Expect(save).Should(Exit(0))
})

It("podman save oci flag", func() {
outfile := filepath.Join(podmanTest.TempDir, "alpine.tar")

Expand Down

0 comments on commit 33c3111

Please sign in to comment.