Update kpod load to add signature-policy (2)

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This commit is contained in:
TomSweeneyRedHat 2017-10-12 20:35:08 -04:00
parent cd1bac5ee0
commit 54a043bfcd
7 changed files with 60 additions and 5 deletions

View file

@ -21,6 +21,10 @@ var (
Name: "quiet, q", Name: "quiet, q",
Usage: "Suppress the output", Usage: "Suppress the output",
}, },
cli.StringFlag{
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
},
} }
loadDescription = "Loads the image from docker-archive stored on the local machine." loadDescription = "Loads the image from docker-archive stored on the local machine."
loadCommand = cli.Command{ loadCommand = cli.Command{
@ -92,7 +96,7 @@ func loadCmd(c *cli.Context) error {
} }
src := libpod.DockerArchive + ":" + input src := libpod.DockerArchive + ":" + input
if err := runtime.PullImage(src, false, "", output); err != nil { if err := runtime.PullImage(src, false, c.String("signature-policy"), output); err != nil {
src = libpod.OCIArchive + ":" + input src = libpod.OCIArchive + ":" + input
// generate full src name with specified image:tag // generate full src name with specified image:tag
if image != "" { if image != "" {

View file

@ -25,7 +25,6 @@ var (
cli.StringFlag{ cli.StringFlag{
Name: "signature-policy", Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)", Usage: "`pathname` of signature policy file (not usually used)",
Hidden: true,
}, },
} }

View file

@ -170,6 +170,7 @@ _kpod_logs() {
_kpod_pull() { _kpod_pull() {
local options_with_args=" local options_with_args="
--signature-policy
" "
local boolean_options=" local boolean_options="
--all-tags -a --all-tags -a
@ -424,6 +425,7 @@ _complete_() {
_kpod_load() { _kpod_load() {
local options_with_args=" local options_with_args="
--input -i --input -i
--signature-policy
" "
local boolean_options=" local boolean_options="
--quiet -q --quiet -q

View file

@ -31,12 +31,22 @@ Read from archive file, default is STDIN
**--quiet, -q** **--quiet, -q**
Suppress the output Suppress the output
**--signature-policy="PATHNAME"**
Pathname of a signature policy file to use. It is not recommended that this
option be used, as the default behavior of using the system-wide default policy
(frequently */etc/containers/policy.json*) is most often preferred
## EXAMPLES ## EXAMPLES
``` ```
# kpod load --quiet -i fedora.tar # kpod load --quiet -i fedora.tar
``` ```
```
# kpod load -q --signature-policy /etc/containers/policy.json -i fedora.tar
```
``` ```
# kpod load < fedora.tar # kpod load < fedora.tar
Getting image source signatures Getting image source signatures

View file

@ -52,6 +52,29 @@ Image stored in local container/storage
**kpod pull NAME[:TAG|@DIGEST]** **kpod pull NAME[:TAG|@DIGEST]**
## OPTIONS
**--signature-policy="PATHNAME"**
Pathname of a signature policy file to use. It is not recommended that this
option be used, as the default behavior of using the system-wide default policy
(frequently */etc/containers/policy.json*) is most often preferred
## EXAMPLES
```
# kpod pull --signature-policy /etc/containers/policy.json alpine:latest
Trying to pull registry.access.redhat.com/alpine:latest... Failed
Trying to pull registry.fedoraproject.org/alpine:latest... Failed
Trying to pull docker.io/library/alpine:latest...Getting image source signatures
Copying blob sha256:88286f41530e93dffd4b964e1db22ce4939fffa4a4c665dab8591fbab03d4926
1.90 MB / 1.90 MB [========================================================] 0s
Copying config sha256:76da55c8019d7a47c347c0dceb7a6591144d232a7dd616242a367b8bed18ecbc
1.48 KB / 1.48 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
```
## SEE ALSO ## SEE ALSO
kpod(1), crio(8), crio.conf(5) kpod(1), crio(8), crio.conf(5)

View file

@ -160,7 +160,7 @@ func (r *Runtime) PullImage(imgName string, allTags bool, signaturePolicyPath st
images = append(images, imgName) images = append(images, imgName)
} }
policy, err := signature.DefaultPolicy(r.imageContext) policy, err := signature.DefaultPolicy(sc)
if err != nil { if err != nil {
return err return err
} }

View file

@ -42,6 +42,23 @@ function teardown() {
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@test "kpod load oci-archive image with signature-policy" {
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
[ "$status" -eq 0 ]
run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE
[ "$status" -eq 0 ]
run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE
[ "$status" -eq 0 ]
cp /etc/containers/policy.json /tmp
run ${KPOD_BINARY} ${KPOD_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar
echo "$output"
[ "$status" -eq 0 ]
rm -f /tmp/policy.json
rm -f alpine.tar
run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE
[ "$status" -eq 0 ]
}
@test "kpod load using quiet flag" { @test "kpod load using quiet flag" {
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
echo "$output" echo "$output"