Fix trust not using local policy file

When running the `trust` command, only the global policy.json file was being taken into account. Fixes #19073 [NO NEW TESTS NEEDED] Signed-off-by: Ismael Arias <ismaelariasmn@gmail.com>
2023-07-13 22:13:31 +02:00 · 2023-07-13 22:13:31 +02:00 · a3bbc3a2ca
parent 72ec8824a0
commit a3bbc3a2ca
1 changed files with 13 additions and 7 deletions
--- a/pkg/trust/policy.go
+++ b/pkg/trust/policy.go
@ -14,9 +14,13 @@ import (

 	"github.com/containers/common/pkg/config"
 	"github.com/containers/image/v5/types"
+	"github.com/containers/storage/pkg/homedir"
 	"github.com/sirupsen/logrus"
 )

+// userPolicyFile is the path to the per user policy path.
+var userPolicyFile = filepath.FromSlash(".config/containers/policy.json")
+
 // policyContent is the overall structure of a policy.json file (= c/image/v5/signature.Policy)
 type policyContent struct {
 	Default    []repoContent     `json:"default"`
@ -54,14 +58,16 @@ type genericRepoMap map[string]json.RawMessage

 // DefaultPolicyPath returns a path to the default policy of the system.
 func DefaultPolicyPath(sys *types.SystemContext) string {
+	if sys != nil && sys.SignaturePolicyPath != "" {
+		return sys.SignaturePolicyPath
+	}
+	userPolicyFilePath := filepath.Join(homedir.Get(), userPolicyFile)
+	if _, err := os.Stat(userPolicyFilePath); err == nil {
+		return userPolicyFilePath
+	}
 	systemDefaultPolicyPath := config.DefaultSignaturePolicyPath
-	if sys != nil {
-		if sys.SignaturePolicyPath != "" {
-			return sys.SignaturePolicyPath
-		}
-		if sys.RootForImplicitAbsolutePaths != "" {
-			return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath)
-		}
+	if sys != nil && sys.RootForImplicitAbsolutePaths != "" {
+		return filepath.Join(sys.RootForImplicitAbsolutePaths, systemDefaultPolicyPath)
 	}
 	return systemDefaultPolicyPath
 }