opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-13 02:24:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2111 from rhatdan/sign

Browse Source 
Fix up image sign and trust
This commit is contained in:
OpenShift Merge Robot
2019-01-10 07:43:54 -08:00
committed by GitHub
parent ac426bada2 55583bdfa6
commit c338da50ca
2 changed files with 113 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
completions/bash/podman
View File

@ -32,6 +32,9 @@ __podman_containers() {
__podman_q ps --format "$format" "$@" __podman_q ps --format "$format" "$@"
} }
__podman_list_registries() {
sed -n -e '/registries.*=/ {s/.*\[\([^]]*\).*/\1/p;q}' /etc/containers/registries.conf | sed -e "s/[,']//g"
}
# __podman_pods returns a list of pods. Additional options to # __podman_pods returns a list of pods. Additional options to
# `podman pod ps` may be specified in order to filter the list, e.g. # `podman pod ps` may be specified in order to filter the list, e.g.
@ -365,6 +368,7 @@ __podman_subcommands() {
local subcommands="$1" local subcommands="$1"
local counter=$(($command_pos + 1)) local counter=$(($command_pos + 1))
while [ $counter -lt $cword ]; do while [ $counter -lt $cword ]; do
case "${words[$counter]}" in case "${words[$counter]}" in
$(__podman_to_extglob "$subcommands") ) $(__podman_to_extglob "$subcommands") )
@ -1296,7 +1300,9 @@ _podman_image() {
push push
rm rm
save save
sign
tag tag
trust
" "
local aliases=" local aliases="
list list
@ -2356,6 +2362,92 @@ _podman_container_runlabel() {
esac esac
} }
_podman_image_sign() {
local options_with_args="
-d
--directory
--sign-by
"
local boolean_options="
--help
-h
"
case "$cur" in
-*)
COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
;;
*)
__podman_complete_images
;;
esac
}
_podman_image_trust_set() {
echo hello
local options_with_args="
-f
--type
--pubkeysfile
"
local boolean_options="
--help
-h
"
case "$cur" in
-*)
COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
;;
*)
COMPREPLY=($(compgen -W "default $( __podman_list_registries )" -- "$cur"))
;;
esac
}
_podman_image_trust_show() {
local options_with_args="
"
local boolean_options="
--help
-h
-j
--json
--raw
"
case "$cur" in
-*)
COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
;;
*)
__podman_complete_images
;;
esac
}
_podman_image_trust() {
local boolean_options="
--help
-h
"
subcommands="
set
show
"
local aliases="
list
"
command=image_trust
__podman_subcommands "$subcommands $aliases" && return
case "$cur" in
-*)
COMPREPLY=( $( compgen -W "--help" -- "$cur" ) )
;;
*)
COMPREPLY=( $( compgen -W "$subcommands" -- "$cur" ) )
;;
esac
}
_podman_images_prune() { _podman_images_prune() {
local options_with_args=" local options_with_args="
" "
@ -2364,6 +2456,11 @@ _podman_images_prune() {
-h -h
--help --help
" "
case "$cur" in
-*)
COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
;;
esac
} }
_podman_container_prune() { _podman_container_prune() {
@ -2382,6 +2479,15 @@ _podman_container_exists() {
local boolean_options=" local boolean_options="
" "
case "$cur" in
-*)
COMPREPLY=($(compgen -W "$boolean_options $options_with_args" -- "$cur"))
;;
*)
__podman_complete_images
;;
esac
} }
_podman_pod_exists() { _podman_pod_exists() {
@ -2813,6 +2919,7 @@ _podman_podman() {
export export
generate generate
history history
image
images images
import import
info info

12
docs/podman-image-sign.1.md
View File

@ -5,8 +5,8 @@ podman-image-sign- Create a signature for an image
# SYNOPSIS # SYNOPSIS
**podman image sign** **podman image sign**
[**-h**|**--help**] [**--help**|**-h**]
[**-d**, **--directory**] [**--directory**|**-d**]
[**--sign-by**] [**--sign-by**]
[ IMAGE... ] [ IMAGE... ]
@ -16,10 +16,10 @@ been pulled from a registry. The signature will be written to a directory
derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory. derived from the registry configuration files in /etc/containers/registries.d. By default, the signature will be written into /var/lib/containers/sigstore directory.
# OPTIONS # OPTIONS
**-h** **--help** **--help** **-h**
Print usage statement. Print usage statement.
**-d** **--directory** **--directory** **-d**
Store the signatures in the specified directory. Default: /var/lib/containers/sigstore Store the signatures in the specified directory. Default: /var/lib/containers/sigstore
**--sign-by** **--sign-by**
@ -28,7 +28,7 @@ derived from the registry configuration files in /etc/containers/registries.d. B
# EXAMPLES # EXAMPLES
Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/. Sign the busybox image with the identify of foo@bar.com with a user's keyring and save the signature in /tmp/signatures/.
sudo podman image sign --sign-by foo@bar.com -d /tmp/signatures transport://privateregistry.example.com/foobar sudo podman image sign --sign-by foo@bar.com --directory /tmp/signatures docker://privateregistry.example.com/foobar
# RELATED CONFIGURATION # RELATED CONFIGURATION
@ -36,7 +36,7 @@ The write (and read) location for signatures is defined in YAML-based
configuration files in /etc/containers/registries.d/. When you sign configuration files in /etc/containers/registries.d/. When you sign
an image, podman will use those configuration files to determine an image, podman will use those configuration files to determine
where to write the signature based on the the name of the originating where to write the signature based on the the name of the originating
registry or a default storage value unless overriden with the -d registry or a default storage value unless overriden with the --directory
option. For example, consider the following configuration file. option. For example, consider the following configuration file.
docker: docker: