From 33c31112fb44da455b8841b73a92980a07f42720 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=98=8EMostafa=20Emami?= Date: Tue, 20 Sep 2022 07:27:00 +0200 Subject: [PATCH] cli: Add signature-policy flag to podman save MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow overwrite of the signature-policy file by passing signature-policy flag to podman save command Closes: https://github.com/containers/podman/issues/15869 Signed-off-by: 😎Mostafa Emami --- cmd/podman/images/save.go | 5 +++++ pkg/domain/entities/images.go | 3 ++- pkg/domain/infra/abi/images.go | 1 + test/e2e/save_test.go | 9 +++++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go index ecff0f841c..426684d499 100644 --- a/cmd/podman/images/save.go +++ b/cmd/podman/images/save.go @@ -96,6 +96,11 @@ func saveFlags(cmd *cobra.Command) { flags.BoolVarP(&saveOpts.Quiet, "quiet", "q", false, "Suppress the output") flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)") + + if !registry.IsRemote() { + flags.StringVar(&saveOpts.SignaturePolicy, "signature-policy", "", "Path to a signature-policy file") + _ = flags.MarkHidden("signature-policy") + } } func save(cmd *cobra.Command, args []string) (finalErr error) { diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index cad11b0ab3..b1eb3b0057 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -335,7 +335,8 @@ type ImageSaveOptions struct { // Output - write image to the specified path. Output string // Quiet - suppress output when copying images - Quiet bool + Quiet bool + SignaturePolicy string } // ImageScpOptions provide options for securely copying images to and from a remote host diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 6934de60ec..e2f44e0026 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -406,6 +406,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, saveOptions := &libimage.SaveOptions{} saveOptions.DirForceCompress = options.Compress saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers + saveOptions.SignaturePolicyPath = options.SignaturePolicy // Force signature removal to preserve backwards compat. // See https://github.com/containers/podman/pull/11669#issuecomment-925250264 diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index afb723a63f..90ac8c5ff9 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -46,6 +46,15 @@ var _ = Describe("Podman save", func() { Expect(save).Should(Exit(0)) }) + It("podman save signature-policy flag", func() { + SkipIfRemote("--signature-policy N/A for remote") + outfile := filepath.Join(podmanTest.TempDir, "alpine.tar") + + save := podmanTest.Podman([]string{"save", "--signature-policy", "/etc/containers/policy.json", "-o", outfile, ALPINE}) + save.WaitWithDefaultTimeout() + Expect(save).Should(Exit(0)) + }) + It("podman save oci flag", func() { outfile := filepath.Join(podmanTest.TempDir, "alpine.tar")