From d9449c66bb8e876de420f00bbd9dbc4bc239abd8 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 12 Oct 2017 16:55:49 -0400 Subject: [PATCH] Update kpod load to add signature-policy Signed-off-by: TomSweeneyRedHat --- cmd/kpod/load.go | 10 ++++++---- completions/bash/kpod | 2 ++ docs/kpod-load.1.md | 6 ++++++ docs/kpod-pull.1.md | 8 ++++++++ libpod/runtime_img.go | 2 +- test/kpod_load.bats | 15 +++++++++++++++ 6 files changed, 38 insertions(+), 5 deletions(-) diff --git a/cmd/kpod/load.go b/cmd/kpod/load.go index e3920805..c1fce3ae 100644 --- a/cmd/kpod/load.go +++ b/cmd/kpod/load.go @@ -21,6 +21,11 @@ var ( Name: "quiet, q", Usage: "Suppress the output", }, + cli.StringFlag{ + Name: "signature-policy", + Usage: "`pathname` of signature policy file (not usually used)", + Hidden: true, + }, } loadDescription = "Loads the image from docker-archive stored on the local machine." loadCommand = cli.Command{ @@ -39,9 +44,6 @@ func loadCmd(c *cli.Context) error { args := c.Args() var image string - if len(args) == 1 { - image = args[0] - } if len(args) > 1 { return errors.New("too many arguments. Requires exactly 1") } @@ -92,7 +94,7 @@ func loadCmd(c *cli.Context) error { } src := libpod.DockerArchive + ":" + input - if err := runtime.PullImage(src, false, "", output); err != nil { + if err := runtime.PullImage(src, false, c.String("signature-policy"), output); err != nil { src = libpod.OCIArchive + ":" + input // generate full src name with specified image:tag if image != "" { diff --git a/completions/bash/kpod b/completions/bash/kpod index 700c0eb8..8f06d56c 100644 --- a/completions/bash/kpod +++ b/completions/bash/kpod @@ -170,6 +170,7 @@ _kpod_logs() { _kpod_pull() { local options_with_args=" + --signature-policy " local boolean_options=" --all-tags -a @@ -424,6 +425,7 @@ _complete_() { _kpod_load() { local options_with_args=" --input -i + --signature-policy " local boolean_options=" --quiet -q diff --git a/docs/kpod-load.1.md b/docs/kpod-load.1.md index 34711c9f..67df2f94 100644 --- a/docs/kpod-load.1.md +++ b/docs/kpod-load.1.md @@ -31,6 +31,12 @@ Read from archive file, default is STDIN **--quiet, -q** Suppress the output +**--signature-policy="PATHNAME"** + +Pathname of a signature policy file to use. It is not recommended that this +option be used, as the default behavior of using the system-wide default policy +(frequently */etc/containers/policy.json*) is most often preferred + ## EXAMPLES ``` diff --git a/docs/kpod-pull.1.md b/docs/kpod-pull.1.md index 647f6f89..f1e509e0 100644 --- a/docs/kpod-pull.1.md +++ b/docs/kpod-pull.1.md @@ -52,6 +52,14 @@ Image stored in local container/storage **kpod pull NAME[:TAG|@DIGEST]** +## OPTIONS + +**--signature-policy="PATHNAME"** + +Pathname of a signature policy file to use. It is not recommended that this +option be used, as the default behavior of using the system-wide default policy +(frequently */etc/containers/policy.json*) is most often preferred + ## SEE ALSO kpod(1), crio(8), crio.conf(5) diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index 69fa5606..23653645 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -160,7 +160,7 @@ func (r *Runtime) PullImage(imgName string, allTags bool, signaturePolicyPath st images = append(images, imgName) } - policy, err := signature.DefaultPolicy(r.imageContext) + policy, err := signature.DefaultPolicy(sc) if err != nil { return err } diff --git a/test/kpod_load.bats b/test/kpod_load.bats index bb8dd086..619c52c7 100644 --- a/test/kpod_load.bats +++ b/test/kpod_load.bats @@ -42,6 +42,21 @@ function teardown() { [ "$status" -eq 0 ] } +@test "kpod load oci-archive image with signature-policy" { + run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} save -o alpine.tar --format oci-archive $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + [ "$status" -eq 0 ] + run ${KPOD_BINARY} ${KPOD_OPTIONS} load --signature-policy ${INTEGRATION_ROOT}/policy.json -i alpine.tar + echo "$output" + [ "$status" -eq 0 ] + rm -f alpine.tar + run ${KPOD_BINARY} $KPOD_OPTIONS rmi $IMAGE + [ "$status" -eq 0 ] +} + @test "kpod load using quiet flag" { run ${KPOD_BINARY} ${KPOD_OPTIONS} pull $IMAGE echo "$output"