cli: Add signature-policy flag to podman save

Allow overwrite of the signature-policy file by passing signature-policy flag to podman save command Closes: containers#15869 Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
idleroamer · Sep 21, 2022 · 8b99b43 · 8b99b43
1 parent 30231d0
commit 8b99b43
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 2 deletions.
diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go
@@ -96,6 +96,7 @@ func saveFlags(cmd *cobra.Command) {
 
 	flags.BoolVarP(&saveOpts.Quiet, "quiet", "q", false, "Suppress the output")
 	flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)")
+	flags.StringVar(&saveOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file")
 }
 
 func save(cmd *cobra.Command, args []string) (finalErr error) {

diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md
@@ -57,6 +57,10 @@ Write to a file, default is STDOUT
 
 Suppress the output
 
+#### **--signature-policy**
+
+Define the path to a signature-policy file
+
 #### **--uncompressed**
 
 Accept uncompressed layers when using one of the OCI formats.

diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
@@ -335,7 +335,8 @@ type ImageSaveOptions struct {
 	// Output - write image to the specified path.
 	Output string
 	// Quiet - suppress output when copying images
-	Quiet bool
+	Quiet           bool
+	SignaturePolicy string
 }
 
 // ImageScpOptions provide options for securely copying images to and from a remote host

diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
@@ -406,6 +406,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
 	saveOptions := &libimage.SaveOptions{}
 	saveOptions.DirForceCompress = options.Compress
 	saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
+	saveOptions.SignaturePolicyPath = options.SignaturePolicy
 
 	// Force signature removal to preserve backwards compat.
 	// See https://github.com/containers/podman/pull/11669#issuecomment-925250264

diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go
@@ -94,7 +94,7 @@ var _ = Describe("Podman load", func() {
 	It("podman load oci-archive with signature", func() {
 		outfile := filepath.Join(podmanTest.TempDir, "alpine.tar")
 
-		save := podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-archive", ALPINE})
+		save := podmanTest.Podman([]string{"save", "--signature-policy", "/etc/containers/policy.json", "-o", outfile, "--format", "oci-archive", ALPINE})
 		save.WaitWithDefaultTimeout()
 		Expect(save).Should(Exit(0))