Update kpod load to add signature-policy (2)
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This commit is contained in:
parent
cd1bac5ee0
commit
54a043bfcd
7 changed files with 60 additions and 5 deletions
|
@ -21,6 +21,10 @@ var (
|
||||||
Name: "quiet, q",
|
Name: "quiet, q",
|
||||||
Usage: "Suppress the output",
|
Usage: "Suppress the output",
|
||||||
},
|
},
|
||||||
|
cli.StringFlag{
|
||||||
|
Name: "signature-policy",
|
||||||
|
Usage: "`pathname` of signature policy file (not usually used)",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
loadDescription = "Loads the image from docker-archive stored on the local machine."
|
loadDescription = "Loads the image from docker-archive stored on the local machine."
|
||||||
loadCommand = cli.Command{
|
loadCommand = cli.Command{
|
||||||
|
@ -92,7 +96,7 @@ func loadCmd(c *cli.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
src := libpod.DockerArchive + ":" + input
|
src := libpod.DockerArchive + ":" + input
|
||||||
if err := runtime.PullImage(src, false, "", output); err != nil {
|
if err := runtime.PullImage(src, false, c.String("signature-policy"), output); err != nil {
|
||||||
src = libpod.OCIArchive + ":" + input
|
src = libpod.OCIArchive + ":" + input
|
||||||
// generate full src name with specified image:tag
|
// generate full src name with specified image:tag
|
||||||
if image != "" {
|
if image != "" {
|
||||||
|
|
|
@ -25,7 +25,6 @@ var (
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "signature-policy",
|
Name: "signature-policy",
|
||||||
Usage: "`pathname` of signature policy file (not usually used)",
|
Usage: "`pathname` of signature policy file (not usually used)",
|
||||||
Hidden: true,
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -170,6 +170,7 @@ _kpod_logs() {
|
||||||
|
|
||||||
_kpod_pull() {
|
_kpod_pull() {
|
||||||
local options_with_args="
|
local options_with_args="
|
||||||
|
--signature-policy
|
||||||
"
|
"
|
||||||
local boolean_options="
|
local boolean_options="
|
||||||
--all-tags -a
|
--all-tags -a
|
||||||
|
@ -424,6 +425,7 @@ _complete_() {
|
||||||
_kpod_load() {
|
_kpod_load() {
|
||||||
local options_with_args="
|
local options_with_args="
|
||||||
--input -i
|
--input -i
|
||||||
|
--signature-policy
|
||||||
"
|
"
|
||||||
local boolean_options="
|
local boolean_options="
|
||||||
--quiet -q
|
--quiet -q
|
||||||
|
|
|
@ -31,12 +31,22 @@ Read from archive file, default is STDIN
|
||||||
**--quiet, -q**
|
**--quiet, -q**
|
||||||
Suppress the output
|
Suppress the output
|
||||||
|
|
||||||
|
**--signature-policy="PATHNAME"**
|
||||||
|
|
||||||
|
Pathname of a signature policy file to use. It is not recommended that this
|
||||||
|
option be used, as the default behavior of using the system-wide default policy
|
||||||
|
(frequently */etc/containers/policy.json*) is most often preferred
|
||||||
|
|
||||||
## EXAMPLES
|
## EXAMPLES
|
||||||
|
|
||||||
```
|
```
|
||||||
# kpod load --quiet -i fedora.tar
|
# kpod load --quiet -i fedora.tar
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
# kpod load -q --signature-policy /etc/containers/policy.json -i fedora.tar
|
||||||
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
# kpod load < fedora.tar
|
# kpod load < fedora.tar
|
||||||
Getting image source signatures
|
Getting image source signatures
|
||||||
|
|
|
@ -52,6 +52,29 @@ Image stored in local container/storage
|
||||||
|
|
||||||
**kpod pull NAME[:TAG|@DIGEST]**
|
**kpod pull NAME[:TAG|@DIGEST]**
|
||||||
|
|
||||||
|
## OPTIONS
|
||||||
|
|
||||||
|
**--signature-policy="PATHNAME"**
|
||||||
|
|
||||||
|
Pathname of a signature policy file to use. It is not recommended that this
|
||||||
|
option be used, as the default behavior of using the system-wide default policy
|
||||||
|
(frequently */etc/containers/policy.json*) is most often preferred
|
||||||
|
|
||||||
|
## EXAMPLES
|
||||||
|
|
||||||
|
```
|
||||||
|
# kpod pull --signature-policy /etc/containers/policy.json alpine:latest
|
||||||
|
Trying to pull registry.access.redhat.com/alpine:latest... Failed
|
||||||
|
Trying to pull registry.fedoraproject.org/alpine:latest... Failed
|
||||||
|
Trying to pull docker.io/library/alpine:latest...Getting image source signatures
|
||||||
|
Copying blob sha256:88286f41530e93dffd4b964e1db22ce4939fffa4a4c665dab8591fbab03d4926
|
||||||
|
1.90 MB / 1.90 MB [========================================================] 0s
|
||||||
|
Copying config sha256:76da55c8019d7a47c347c0dceb7a6591144d232a7dd616242a367b8bed18ecbc
|
||||||
|
1.48 KB / 1.48 KB [========================================================] 0s
|
||||||
|
Writing manifest to image destination
|
||||||
|
Storing signatures
|
||||||
|
```
|
||||||
|
|
||||||
## SEE ALSO
|
## SEE ALSO
|
||||||
kpod(1), crio(8), crio.conf(5)
|
kpod(1), crio(8), crio.conf(5)
|
||||||
|
|
||||||
|
|
|
@ -160,7 +160,7 @@ func (r *Runtime) PullImage(imgName string, allTags bool, signaturePolicyPath st
|
||||||
images = append(images, imgName)
|
images = append(images, imgName)
|
||||||
}
|
}
|
||||||
|
|
||||||
policy, err := signature.DefaultPolicy(r.imageContext)
|
policy, err := signature.DefaultPolicy(sc)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,23 @@ function teardown() {
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "kpod load oci-archive image with signature-policy" {
|
||||||
|
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
cp /etc/containers/policy.json /tmp
|
||||||
|
run ${KPOD_BINARY} ${KPOD_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar
|
||||||
|
echo "$output"
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
rm -f /tmp/policy.json
|
||||||
|
rm -f alpine.tar
|
||||||
|
run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
@test "kpod load using quiet flag" {
|
@test "kpod load using quiet flag" {
|
||||||
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
|
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
|
||||||
echo "$output"
|
echo "$output"
|
||||||
|
|
Loading…
Reference in a new issue