mirror of
https://github.com/containers/podman.git
synced 2025-06-21 01:19:15 +08:00
Merge pull request #3997 from QiWang19/sigpath
fix podman sign signature store for rootless
This commit is contained in:
@ -14,6 +14,7 @@ import (
|
|||||||
"github.com/containers/libpod/cmd/podman/cliconfig"
|
"github.com/containers/libpod/cmd/podman/cliconfig"
|
||||||
"github.com/containers/libpod/cmd/podman/libpodruntime"
|
"github.com/containers/libpod/cmd/podman/libpodruntime"
|
||||||
"github.com/containers/libpod/libpod/image"
|
"github.com/containers/libpod/libpod/image"
|
||||||
|
"github.com/containers/libpod/pkg/rootless"
|
||||||
"github.com/containers/libpod/pkg/trust"
|
"github.com/containers/libpod/pkg/trust"
|
||||||
"github.com/containers/libpod/pkg/util"
|
"github.com/containers/libpod/pkg/util"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error {
|
|||||||
return errors.Wrapf(err, "error pulling image %s", signimage)
|
return errors.Wrapf(err, "error pulling image %s", signimage)
|
||||||
}
|
}
|
||||||
|
|
||||||
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
|
if rootless.IsRootless() {
|
||||||
if registryInfo != nil {
|
|
||||||
if sigStoreDir == "" {
|
if sigStoreDir == "" {
|
||||||
sigStoreDir = registryInfo.SigStoreStaging
|
runtimeConfig, err := runtime.GetConfig()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore")
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
|
||||||
|
if registryInfo != nil {
|
||||||
if sigStoreDir == "" {
|
if sigStoreDir == "" {
|
||||||
sigStoreDir = registryInfo.SigStore
|
sigStoreDir = registryInfo.SigStoreStaging
|
||||||
|
if sigStoreDir == "" {
|
||||||
|
sigStoreDir = registryInfo.SigStore
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
|
||||||
|
if err != nil {
|
||||||
|
return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
|
if sigStoreDir == "" {
|
||||||
if err != nil {
|
sigStoreDir = SignatureStoreDir
|
||||||
return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if sigStoreDir == "" {
|
|
||||||
sigStoreDir = SignatureStoreDir
|
|
||||||
}
|
|
||||||
|
|
||||||
repos, err := newImage.RepoDigests()
|
repos, err := newImage.RepoDigests()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Reference in New Issue
Block a user