With go 1.23 the maps package was added in the std library. The linter
now wants us to use that. However the API chnaged as it returns an
iterator, thus we also have to use slices.Collect().
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
sigstoreSigned does not have GPG IDs, so we add N/A in that column.
NOTE: this does not show the use-sigstore-attachments value from
registries.d.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Currently
- the output uses the first entry's type, even if the requirements are different
(notably signedBy + sigstoreSIgned)
- all public keys IDs are collected to a single line, even if some of them
are interchangeable, and some are required (e.g. two signedBy requirements
could require an image to be signed by (redhatProd OR redhatBeta) AND (vendor1 OR vendor2)
So, stop collapsing the requirements, and return a separate entry for each one. Multiple
GPG IDs on a single line used to mean AND or OR, now they always mean AND.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Do the registries.d lookup once, separately from building
an entry, so that we can share it across entries.
Also prepare a separate res to allow adding multiple entries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Just so that we don't have a boolean-named function returning a struct.
Also reorder the parameters to have the container first, and the lookup
key second.
Shoud not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Now that it is the primary return value of a small function,
the long name only makes reading harder.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This will evetually allow us to use it for the default scope
as well, which currently uses a simplified version.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add at least a basic unit test for the various entry types.
So that we don't have to actually deal with GPG keys and /usr/bin/gpg*,
parametrize the code with a gpgIDReader , and pass a fake one
in the unit test.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We now have only a few entrypoints that are called externally,
so make the rest private. This will make it more obvious that
we are not breaking any external users.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This will allow us to write unit tests without setting up the complete Podman runtime
(and without the Linux dependency).
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Split the existing code into policy.go and registries.go,
depending on which files it concerns.
Only moves unchanged code, should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This commit is courtesy of
```
for f in $(git ls-files *.go | grep -v ^vendor/); do \
sed -i 's/\(errors\..*\)"Error /\1"error /' $f;
done
for f in $(git ls-files *.go | grep -v ^vendor/); do \
sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f;
done
```
etc.
Self-reviewed using `git diff --word-diff`, found no issues.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like
fails, the error message already contains the file name and the
operation that fails, so there is no need to wrap the error with
something like "open %s failed".
While at it
- replace a few places with os.Open, ioutil.ReadAll with
ioutil.ReadFile.
- replace errors.Wrapf with errors.Wrap for cases where there
are no %-style arguments.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
- fix the bud podman not using specified --directory as signature storage.
- use manifest and image referce to set repo@digest.
close#6994close#6993
Signed-off-by: Qi Wang <qiwan@redhat.com>
Move to containers/image v5 and containers/buildah to v1.11.4.
Replace an equality check with a type assertion when checking for a
docker.ErrUnauthorizedForCredentials in `podman login`.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This requires updating all import paths throughout, and a matching
buildah update to interoperate.
I can't figure out the reason for go.mod tracking
github.com/containers/image v3.0.2+incompatible // indirect
((go mod graph) lists it as a direct dependency of libpod, but
(go list -json -m all) lists it as an indirect dependency),
but at least looking at the vendor subdirectory, it doesn't seem
to be actually used in the built binaries.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Paul Holzinger
Daniel J Walsh
Miloslav Trmač
Sascha Grunert
Paul Holzinger
Qi Wang
Kir Kolyshkin
Dmitry Smirnov
Nalin Dahyabhai
baude