From 258e4c37d206cd1ed5e5c7171a045bbc5f020a1a Mon Sep 17 00:00:00 2001
From: Dennis Chen <dennis.chen@arm.com>
Date: Wed, 15 Nov 2017 07:04:43 +0000
Subject: [PATCH] alpine: Remove the 'content trust build' workaround

Before the alpine base image is multi-arch and signed, the
DOCKER_CONTENT_TRUST=1 doesn't work on AArch64 for 'docker build'.
Now since the alpine base image is already multi-arch and signed,
also we've used 'push_manifest.sh' to push and sign linuxkit/image,
so we can remove this workaround.

Signed-off-by: Dennis Chen <dennis.chen@arm.com>
---
 tools/alpine/Makefile | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/tools/alpine/Makefile b/tools/alpine/Makefile
index 6254f2efa..675191d98 100644
--- a/tools/alpine/Makefile
+++ b/tools/alpine/Makefile
@@ -4,26 +4,11 @@ ORG?=linuxkit
 IMAGE=alpine
 DEPS=packages
 
-# The logic for content trust is a bit convoluted because:
-# - The arm64 base image is currently not signed so we need to pull it
-#   with content trust disabled. This is controlled by
-#   DOCKER_CONTENT_PULL.
-# - 'docker build' with the FROM image supplied as environment
-#   variable *and* with DOCKER_CONTENT_TRUST=1 currently does not work
-#   (https://github.com/moby/moby/issues/34199). We therefor build
-#   with DOCKER_CONTENT_TRUST explicitly set to 0. However, we pull
-#   the base image just before with content trust enabled (if
-#   supported, see above).
-# - By default we always pull and push the linuxkit/alpine image with
-#   content trust, unless explicitly disabled with NOTRUST. Once the
-#   above issues are resolved, this will be the only mechanism to control
-#   content trust.
-ifdef NOTRUST
-DOCKER_CONTENT_PULL=0
-else
-DOCKER_CONTENT_PULL=1
+ifeq ($(DOCKER_CONTENT_TRUST),)
+ifndef NOTRUST
 export DOCKER_CONTENT_TRUST=1
 endif
+endif
 
 ARCH := $(shell uname -m)
 ifeq ($(ARCH), x86_64)
@@ -41,7 +26,7 @@ show-tag:
 	@sed -n -e '1s/# \(.*\/.*:[0-9a-f]\{40\}\)/\1/p;q' versions.$(ARCH)
 
 iid: Dockerfile Makefile $(DEPS)
-	DOCKER_CONTENT_TRUST=1 docker build --no-cache --iidfile iid .
+	docker build --no-cache --iidfile iid .
 
 hash: Makefile iid
 	docker run --rm $(shell cat iid) sh -c 'echo Dockerfile /lib/apk/db/installed $$(find /mirror -name '*.apk' -type f) $$(find /go/bin -type f) | xargs cat | sha1sum' | sed 's/ .*//' | sed 's/$$/$(SUFFIX)/'> $@