--authfile command line argument for image sign command. #12270
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@edsantiago @vrothberg @mtrmac PTAL |
test/system/011-image.bats
Outdated
| test -e "$dir/$sigfile" || die "Missing signature file '$sigfile'" | ||
|
|
||
| # Confirm good signature | ||
| GNUPGHOME=$_GNUPGHOME_TMP gpg --verify "$dir/$sigfile" |
There was a problem hiding this comment.
You don't need this if you have the next line
|
LGTM once Ed's comment is addressed |
|
Added Requires: gnupg to fedora rawhide specfile. @lsm5, please cherry-pick that to whatever other branches might need it. @jnovy, please add that to RHEL specfile when appropriate. |
|
Added to CentOS Stream 9/RHEL9 GA spec @edsantiago Suggest to file a bugzilla for requests like these next time so that QE can test this to assure it's not omitted. Thanks. |
rhatdan
changed the title
There was a problem hiding this comment.
I don't think authfile is involved in image signing.
Isn’t it involved, if only to determine what image (and digest) to create the signature for?
The only way I can read #10866 is that the request truly is for --authfile, with the usual --authfile semantics. The report is not very explicit (in particular “Steps to reproduce the issue:” is downright pointless), but both the --authfile wording and the mention of “the default auth file location” are a better fit for auth.json than for the single signature file.
How does --sigfile and --all work together? AFAICS it doesn’t work usefully.
Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: containers#10975 Fixes: containers#10866 Signed-off-by: José Guilherme Vanz <[email protected]> Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan
changed the title
|
LGTM |
There was a problem hiding this comment.
LGTM
A final head nod from @edsantiago / @mtrmac would be good.
github-actions
bot
added
the
locked - please file new issue/PR
Adds the --authfile command line argument to allow users to set the location of the auth file to use.
Replaces: #10975
Fixes: #10866
Signed-off-by: José Guilherme Vanz [email protected]
Signed-off-by: Daniel J Walsh [email protected]
What this PR does / why we need it:
How to verify it
Which issue(s) this PR fixes:
Special notes for your reviewer: