0651d3a8de
Bump containers/image to 3d0304a02154dddc8f97cc833aa0861cea5e9ade, and containers/storage to 0d32dfce498e06c132c60dac945081bf44c22464. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
31 lines
1,009 B
Go
31 lines
1,009 B
Go
package copy
|
|
|
|
import (
|
|
"github.com/containers/image/signature"
|
|
"github.com/containers/image/transports"
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
// createSignature creates a new signature of manifest using keyIdentity.
|
|
func (c *copier) createSignature(manifest []byte, keyIdentity string) ([]byte, error) {
|
|
mech, err := signature.NewGPGSigningMechanism()
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "Error initializing GPG")
|
|
}
|
|
defer mech.Close()
|
|
if err := mech.SupportsSigning(); err != nil {
|
|
return nil, errors.Wrap(err, "Signing not supported")
|
|
}
|
|
|
|
dockerReference := c.dest.Reference().DockerReference()
|
|
if dockerReference == nil {
|
|
return nil, errors.Errorf("Cannot determine canonical Docker reference for destination %s", transports.ImageName(c.dest.Reference()))
|
|
}
|
|
|
|
c.Printf("Signing manifest\n")
|
|
newSig, err := signature.SignDockerManifest(manifest, dockerReference.String(), mech, keyIdentity)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "Error creating signature")
|
|
}
|
|
return newSig, nil
|
|
}
|