podman save: enforce signature removal

Enforce the removal of signatures in `podman save` to restore behavior
prior to the migration to libimage.  We may consider improving on that
in the future.  For details, please refer to the excellent summary by
@mtrmac [1].

[NO TESTS NEEDED] - manually verified but exisiting tests need some
further investigation (see [1]).

[1] containers#11669 (comment)

Signed-off-by: Valentin Rothberg <[email protected]>

pkg/api/handlers/libpod/images.go

@@ -359,7 +359,6 @@ func ExportImages(w http.ResponseWriter, r *http.Request) {
 		MultiImageArchive:           len(query.References) > 1,
 		OciAcceptUncompressedLayers: query.OciAcceptUncompressedLayers,
 		Output:                      output,
-		RemoveSignatures:            true,
 	}
 
 	imageEngine := abi.ImageEngine{Libpod: runtime}

pkg/domain/entities/images.go

@@ -305,8 +305,6 @@ type ImageSaveOptions struct {
 	OciAcceptUncompressedLayers bool
 	// Output - write image to the specified path.
 	Output string
-	// Do not save the signature from the source image
-	RemoveSignatures bool
 	// Quiet - suppress output when copying images
 	Quiet bool
 }

pkg/domain/infra/abi/images.go

@@ -368,7 +368,10 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
 	saveOptions := &libimage.SaveOptions{}
 	saveOptions.DirForceCompress = options.Compress
 	saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
-	saveOptions.RemoveSignatures = options.RemoveSignatures
+
+	// Force signature removal to preserve backwards compat.
+	// See https://github.com/containers/podman/pull/11669#issuecomment-925250264
+	saveOptions.RemoveSignatures = true
 
 	if !options.Quiet {
 		saveOptions.Writer = os.Stderr