pkg: Update content trust handling.

Firstly add option to disable content trust, for the use of e.g. projects which
are pushing to the linuxkitprojects org (which has no trust setup) rather than
the main linuxkit org.

Secondly, when trust _is_ enabled then enable it globally, in particular it is
now active for the `docker build` and hence containers referenced in
Dockerfiles via "FROM" will be checked.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
This commit is contained in:
Ian Campbell 2017-07-06 15:52:54 +01:00
parent 14db99c916
commit 4fba9d8545
2 changed files with 10 additions and 5 deletions

View File

@ -24,20 +24,24 @@ else
NET_OPT=--network=none
endif
ifeq ($(DOCKER_CONTENT_TRUST),)
ifndef NOTRUST
export DOCKER_CONTENT_TRUST=1
endif
endif
show-tag:
@echo $(TAG)
tag: $(BASE_DEPS) $(DEPS)
DOCKER_CONTENT_TRUST=1 docker pull $(TAG) || \
docker build $(NET_OPT) -t $(TAG) .
docker pull $(TAG) || docker build $(NET_OPT) -t $(TAG) .
push: tag
ifneq ($(DIRTY),)
$(error Your repository is not clean. Will not push package image.)
endif
DOCKER_CONTENT_TRUST=1 docker pull $(TAG) || \
DOCKER_CONTENT_TRUST=1 docker push $(TAG)
docker pull $(TAG) || docker push $(TAG)
ifneq ($(RELEASE),)
docker tag $(TAG) $(ORG)/$(IMAGE):$(RELEASE)
DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(RELEASE)
docker push $(ORG)/$(IMAGE):$(RELEASE)
endif

View File

@ -1,5 +1,6 @@
ORG?=linuxkitprojects
IMAGE=swarmd
NETWORK=1
NOTRUST=1
include ../../../pkg/package.mk