Merge pull request #2161 from ijc/trust-issues

pkg: Update content trust handling.

pkg/package.mk

@@ -7,16 +7,16 @@ HASH_COMMIT?=HEAD # Setting this is only really useful with the show-tag target
 HASH?=$(shell git ls-tree --full-tree $(HASH_COMMIT) -- $(CURDIR) | awk '{print $$3}')
 
 ifneq ($(HASH_COMMIT),HEAD) # Others can't be dirty by definition
-DIRTY=$(shell git update-index -q --refresh && git diff-index --quiet HEAD -- $(CURDIR) || echo "-dirty")
+DIRTY:=$(shell git update-index -q --refresh && git diff-index --quiet HEAD -- $(CURDIR) || echo "-dirty")
 endif
 endif
 
-TAG=$(ORG)/$(IMAGE):$(HASH)$(DIRTY)
+TAG:=$(ORG)/$(IMAGE):$(HASH)$(DIRTY)
 
 BASE_DEPS=Dockerfile Makefile
 
 # Get a release tag, if present
-RELEASE=$(shell git tag -l --points-at HEAD)
+RELEASE:=$(shell git tag -l --points-at HEAD)
 
 ifdef NETWORK
 NET_OPT=
@@ -24,20 +24,24 @@ else
 NET_OPT=--network=none
 endif
 
+ifeq ($(DOCKER_CONTENT_TRUST),)
+ifndef NOTRUST
+export DOCKER_CONTENT_TRUST=1
+endif
+endif
+
 show-tag:
 	@echo $(TAG)
 
 tag: $(BASE_DEPS) $(DEPS)
-	DOCKER_CONTENT_TRUST=1 docker pull $(TAG) || \
+	docker pull $(TAG) || docker build $(NET_OPT) -t $(TAG) .
-	docker build $(NET_OPT) -t $(TAG) .
 
 push: tag
 ifneq ($(DIRTY),)
 	$(error Your repository is not clean. Will not push package image.)
 endif
-	DOCKER_CONTENT_TRUST=1 docker pull $(TAG) || \
+	docker pull $(TAG) || docker push $(TAG)
-	DOCKER_CONTENT_TRUST=1 docker push $(TAG)
 ifneq ($(RELEASE),)
 	docker tag $(TAG) $(ORG)/$(IMAGE):$(RELEASE)
-	DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(RELEASE)
+	docker push $(ORG)/$(IMAGE):$(RELEASE)
 endif

projects/swarmd/swarmd/Makefile

@@ -1,5 +1,6 @@
 ORG?=linuxkitprojects
 IMAGE=swarmd
 NETWORK=1
+NOTRUST=1
 
 include ../../../pkg/package.mk