containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16869 from nalind/always-allow-push-from-storage 

Always allow pushing from containers-storage
This commit is contained in:
Daniel J Walsh 2022-12-17 04:11:21 -05:00 committed by GitHub
parent 12d5e6ab82 d1496afb54
commit a78d0ca6b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/domain/infra/abi/images.go
View File

@ -304,6 +304,8 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
pushOptions.Password = options.Password
pushOptions.ManifestMIMEType = manifestType
pushOptions.RemoveSignatures = options.RemoveSignatures
pushOptions.PolicyAllowStorage = true
pushOptions.SignaturePolicyPath = options.SignaturePolicy
pushOptions.SignBy = options.SignBy
pushOptions.SignPassphrase = options.SignPassphrase
pushOptions.SignBySigstorePrivateKeyFile = options.SignBySigstorePrivateKeyFile
@ -357,6 +359,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
}
return pushError
}
func (ir *ImageEngine) Tag(ctx context.Context, nameOrID string, tags []string, options entities.ImageTagOptions) error {
// Allow tagging manifest list instead of resolving instances from manifest
lookupOptions := &libimage.LookupImageOptions{ManifestList: true}

7
test/deny.json Normal file
View File

@ -0,0 +1,7 @@
{
"default": [
{
"type": "reject"
}
]
}

15
test/e2e/push_test.go
View File

@ -188,6 +188,21 @@ var _ = Describe("Podman push", func() {
}
})
It("podman push from local storage with nothing-allowed signature policy", func() {
SkipIfRemote("Remote push does not support dir transport")
denyAllPolicy := filepath.Join(INTEGRATION_ROOT, "test/deny.json")
inspect := podmanTest.Podman([]string{"inspect", "--format={{.ID}}", ALPINE})
inspect.WaitWithDefaultTimeout()
Expect(inspect).Should(Exit(0))
imageID := inspect.OutputToString()
push := podmanTest.Podman([]string{"push", "--signature-policy", denyAllPolicy, "-q", imageID, "dir:" + filepath.Join(podmanTest.TempDir, imageID)})
push.WaitWithDefaultTimeout()
Expect(push).Should(Exit(0))
Expect(push.ErrorToString()).To(BeEmpty())
})
It("podman push to local registry with authorization", func() {
SkipIfRootless("volume-mounting a certs.d file N/A over remote")
if podmanTest.Host.Arch == "ppc64le" {