Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)

(podman push) and (podman manifest push) now support --sign-by-sigstore=param-file, using the containers-sigstore-signing-params.yaml(5) file format. That notably adds support for Fulcio and Rekor signing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-05-22 17:46:52 +08:00 · 2023-01-12 00:14:42 +01:00
parent 356f7b6c9d
commit 069edc3adf
287 changed files with 61247 additions and 19 deletions
--- a/vendor/github.com/go-openapi/runtime/middleware/security.go
+++ b/vendor/github.com/go-openapi/runtime/middleware/security.go
@ -0,0 +1,39 @@
+// Copyright 2015 go-swagger maintainers
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package middleware
+
+import "net/http"
+
+func newSecureAPI(ctx *Context, next http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+		route, rCtx, _ := ctx.RouteInfo(r)
+		if rCtx != nil {
+			r = rCtx
+		}
+		if route != nil && !route.NeedsAuth() {
+			next.ServeHTTP(rw, r)
+			return
+		}
+
+		_, rCtx, err := ctx.Authorize(r, route)
+		if err != nil {
+			ctx.Respond(rw, r, route.Produces, route, err)
+			return
+		}
+		r = rCtx
+
+		next.ServeHTTP(rw, r)
+	})
+}