Merge pull request #1008 from TomSweeneyRedHat/dev/tsweeney/kpod_load

Update kpod load to add signature-policy (2)
This commit is contained in:
Daniel J Walsh 2017-10-14 05:34:13 -04:00 committed by GitHub
commit 774d44589c
7 changed files with 60 additions and 5 deletions

View file

@ -21,6 +21,10 @@ var (
Name: "quiet, q",
Usage: "Suppress the output",
},
cli.StringFlag{
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
},
}
loadDescription = "Loads the image from docker-archive stored on the local machine."
loadCommand = cli.Command{
@ -92,7 +96,7 @@ func loadCmd(c *cli.Context) error {
}
src := libpod.DockerArchive + ":" + input
if err := runtime.PullImage(src, false, "", output); err != nil {
if err := runtime.PullImage(src, false, c.String("signature-policy"), output); err != nil {
src = libpod.OCIArchive + ":" + input
// generate full src name with specified image:tag
if image != "" {

View file

@ -23,9 +23,8 @@ var (
Usage: "Download all tagged images in the repository",
},
cli.StringFlag{
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
Hidden: true,
Name: "signature-policy",
Usage: "`pathname` of signature policy file (not usually used)",
},
}

View file

@ -170,6 +170,7 @@ _kpod_logs() {
_kpod_pull() {
local options_with_args="
--signature-policy
"
local boolean_options="
--all-tags -a
@ -424,6 +425,7 @@ _complete_() {
_kpod_load() {
local options_with_args="
--input -i
--signature-policy
"
local boolean_options="
--quiet -q

View file

@ -31,12 +31,22 @@ Read from archive file, default is STDIN
**--quiet, -q**
Suppress the output
**--signature-policy="PATHNAME"**
Pathname of a signature policy file to use. It is not recommended that this
option be used, as the default behavior of using the system-wide default policy
(frequently */etc/containers/policy.json*) is most often preferred
## EXAMPLES
```
# kpod load --quiet -i fedora.tar
```
```
# kpod load -q --signature-policy /etc/containers/policy.json -i fedora.tar
```
```
# kpod load < fedora.tar
Getting image source signatures

View file

@ -52,6 +52,29 @@ Image stored in local container/storage
**kpod pull NAME[:TAG|@DIGEST]**
## OPTIONS
**--signature-policy="PATHNAME"**
Pathname of a signature policy file to use. It is not recommended that this
option be used, as the default behavior of using the system-wide default policy
(frequently */etc/containers/policy.json*) is most often preferred
## EXAMPLES
```
# kpod pull --signature-policy /etc/containers/policy.json alpine:latest
Trying to pull registry.access.redhat.com/alpine:latest... Failed
Trying to pull registry.fedoraproject.org/alpine:latest... Failed
Trying to pull docker.io/library/alpine:latest...Getting image source signatures
Copying blob sha256:88286f41530e93dffd4b964e1db22ce4939fffa4a4c665dab8591fbab03d4926
1.90 MB / 1.90 MB [========================================================] 0s
Copying config sha256:76da55c8019d7a47c347c0dceb7a6591144d232a7dd616242a367b8bed18ecbc
1.48 KB / 1.48 KB [========================================================] 0s
Writing manifest to image destination
Storing signatures
```
## SEE ALSO
kpod(1), crio(8), crio.conf(5)

View file

@ -160,7 +160,7 @@ func (r *Runtime) PullImage(imgName string, allTags bool, signaturePolicyPath st
images = append(images, imgName)
}
policy, err := signature.DefaultPolicy(r.imageContext)
policy, err := signature.DefaultPolicy(sc)
if err != nil {
return err
}

View file

@ -42,6 +42,23 @@ function teardown() {
[ "$status" -eq 0 ]
}
@test "kpod load oci-archive image with signature-policy" {
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
[ "$status" -eq 0 ]
run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE
[ "$status" -eq 0 ]
run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE
[ "$status" -eq 0 ]
cp /etc/containers/policy.json /tmp
run ${KPOD_BINARY} ${KPOD_OPTIONS} load --signature-policy /tmp/policy.json -i alpine.tar
echo "$output"
[ "$status" -eq 0 ]
rm -f /tmp/policy.json
rm -f alpine.tar
run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE
[ "$status" -eq 0 ]
}
@test "kpod load using quiet flag" {
run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE
echo "$output"