pkg: Update content trust handling.

Firstly add option to disable content trust, for the use of e.g. projects which
are pushing to the linuxkitprojects org (which has no trust setup) rather than
the main linuxkit org.

Secondly, when trust _is_ enabled then enable it globally, in particular it is
now active for the `docker build` and hence containers referenced in
Dockerfiles via "FROM" will be checked.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>

pkg/package.mk

@@ -24,20 +24,24 @@ else
 NET_OPT=--network=none
 endif
 
+ifeq ($(DOCKER_CONTENT_TRUST),)
+ifndef NOTRUST
+export DOCKER_CONTENT_TRUST=1
+endif
+endif
+
 show-tag:
 	@echo $(TAG)
 
 tag: $(BASE_DEPS) $(DEPS)
-	DOCKER_CONTENT_TRUST=1 docker pull $(TAG) || \
+	docker pull $(TAG) || docker build $(NET_OPT) -t $(TAG) .
-	docker build $(NET_OPT) -t $(TAG) .
 
 push: tag
 ifneq ($(DIRTY),)
 	$(error Your repository is not clean. Will not push package image.)
 endif
-	DOCKER_CONTENT_TRUST=1 docker pull $(TAG) || \
+	docker pull $(TAG) || docker push $(TAG)
-	DOCKER_CONTENT_TRUST=1 docker push $(TAG)
 ifneq ($(RELEASE),)
 	docker tag $(TAG) $(ORG)/$(IMAGE):$(RELEASE)
-	DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(RELEASE)
+	docker push $(ORG)/$(IMAGE):$(RELEASE)
 endif

projects/swarmd/swarmd/Makefile

@@ -1,5 +1,6 @@
 ORG?=linuxkitprojects
 IMAGE=swarmd
 NETWORK=1
+NOTRUST=1
 
 include ../../../pkg/package.mk