Merge pull request #3997 from QiWang19/sigpath

fix podman sign signature store for rootless
This commit is contained in:
OpenShift Merge Robot
2019-09-12 22:23:29 +02:00
committed by GitHub

View File

@ -14,6 +14,7 @@ import (
"github.com/containers/libpod/cmd/podman/cliconfig" "github.com/containers/libpod/cmd/podman/cliconfig"
"github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/libpodruntime"
"github.com/containers/libpod/libpod/image" "github.com/containers/libpod/libpod/image"
"github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/trust" "github.com/containers/libpod/pkg/trust"
"github.com/containers/libpod/pkg/util" "github.com/containers/libpod/pkg/util"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -130,22 +131,33 @@ func signCmd(c *cliconfig.SignValues) error {
return errors.Wrapf(err, "error pulling image %s", signimage) return errors.Wrapf(err, "error pulling image %s", signimage)
} }
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs) if rootless.IsRootless() {
if registryInfo != nil {
if sigStoreDir == "" { if sigStoreDir == "" {
sigStoreDir = registryInfo.SigStoreStaging runtimeConfig, err := runtime.GetConfig()
if err != nil {
return err
}
sigStoreDir = filepath.Join(filepath.Dir(runtimeConfig.StorageConfig.GraphRoot), "sigstore")
}
} else {
registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
if registryInfo != nil {
if sigStoreDir == "" { if sigStoreDir == "" {
sigStoreDir = registryInfo.SigStore sigStoreDir = registryInfo.SigStoreStaging
if sigStoreDir == "" {
sigStoreDir = registryInfo.SigStore
}
}
sigStoreDir, err = isValidSigStoreDir(sigStoreDir)
if err != nil {
return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
} }
} }
sigStoreDir, err = isValidSigStoreDir(sigStoreDir) if sigStoreDir == "" {
if err != nil { sigStoreDir = SignatureStoreDir
return errors.Wrapf(err, "invalid signature storage %s", sigStoreDir)
} }
} }
if sigStoreDir == "" {
sigStoreDir = SignatureStoreDir
}
repos, err := newImage.RepoDigests() repos, err := newImage.RepoDigests()
if err != nil { if err != nil {