Merge pull request #19231 from ariasmn/trust-local-policy

Fix `trust` not using local policy file
2025-06-25 20:26:51 +08:00 · 2023-07-22 07:33:42 -04:00
parent 58dd5cbd1e 5c0912b07b
commit 9b7de8d411
1 changed files with 17 additions and 7 deletions
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@ -7,6 +7,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"os/exec"
 	"path/filepath"
@ -14,6 +15,7 @@ import (

 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/types"
+	"github.com/containers/storage/pkg/homedir"
 	"github.com/sirupsen/logrus"
 )

@ -54,14 +56,22 @@ type genericRepoMap map[string]json.RawMessage

 // DefaultPolicyPath returns a path to the default policy of the system.
 func DefaultPolicyPath(sys *types.SystemContext) string {
+	if sys != nil && sys.SignaturePolicyPath != "" {
+		return sys.SignaturePolicyPath
+	}
+
+	userPolicyFilePath := filepath.Join(homedir.Get(), filepath.FromSlash(".config/containers/policy.json"))
+	_, err := os.Stat(userPolicyFilePath)
+	if err == nil {
+		return userPolicyFilePath
+	}
+	if !errors.Is(err, fs.ErrNotExist) {
+		logrus.Warnf("Error trying to read local config file: %s", err.Error())
+	}
+
 	systemDefaultPolicyPath := config.DefaultSignaturePolicyPath
-	if sys != nil {
-		if sys.SignaturePolicyPath != "" {
-			return sys.SignaturePolicyPath
-		}
-		if sys.RootForImplicitAbsolutePaths != "" {
-			return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath)
-		}
+	if sys != nil && sys.RootForImplicitAbsolutePaths != "" {
+		return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath)
 	}
 	return systemDefaultPolicyPath
 }