diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go index ecff0f841c..426684d499 100644 --- a/cmd/podman/images/save.go +++ b/cmd/podman/images/save.go @@ -96,6 +96,11 @@ func saveFlags(cmd *cobra.Command) { flags.BoolVarP(&saveOpts.Quiet, "quiet", "q", false, "Suppress the output") flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)") + + if !registry.IsRemote() { + flags.StringVar(&saveOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file") + _ = flags.MarkHidden("signature-policy") + } } func save(cmd *cobra.Command, args []string) (finalErr error) { diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index cad11b0ab3..b1eb3b0057 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -335,7 +335,8 @@ type ImageSaveOptions struct { // Output - write image to the specified path. Output string // Quiet - suppress output when copying images - Quiet bool + Quiet bool + SignaturePolicy string } // ImageScpOptions provide options for securely copying images to and from a remote host diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 9ea09e1ecf..16b75829fa 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -405,6 +405,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, saveOptions := &libimage.SaveOptions{} saveOptions.DirForceCompress = options.Compress saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers + saveOptions.SignaturePolicyPath = options.SignaturePolicy // Force signature removal to preserve backwards compat. // See https://github.com/containers/podman/pull/11669#issuecomment-925250264 diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index f6a06d0ff7..db353c0364 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -45,6 +45,15 @@ var _ = Describe("Podman save", func() { Expect(save).Should(Exit(0)) }) + It("podman save signature-policy flag", func() { + SkipIfRemote("--signature-policy N/A for remote") + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", "--signature-policy", "/etc/containers/policy.json", "-o", outfile, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save).Should(Exit(0)) + }) + It("podman save oci flag", func() { outfile := filepath.Join(podmanTest.TempDir, "alpine.tar")