github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 10:09:07 +00:00
Code Issues Projects Releases Wiki Activity

trust: include trust configuration in docker inspect for OCI config

Browse Source 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy 2017-06-02 15:18:55 -07:00
parent 6221552204
commit 6c6190172c
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/moby/build.go
View File

@ -262,13 +262,14 @@ func buildInternal(m Moby, pull bool) []byte {
} }
for i, image := range m.Onboot { for i, image := range m.Onboot {
log.Infof(" Create OCI config for %s", image.Image) log.Infof(" Create OCI config for %s", image.Image)
config, err := ConfigToOCI(image) useTrust := enforceContentTrust(image.Image, &m.Trust)
config, err := ConfigToOCI(image, useTrust)
if err != nil { if err != nil {
log.Fatalf("Failed to create config.json for %s: %v", image.Image, err) log.Fatalf("Failed to create config.json for %s: %v", image.Image, err)
} }
so := fmt.Sprintf("%03d", i) so := fmt.Sprintf("%03d", i)
path := "containers/onboot/" + so + "-" + image.Name path := "containers/onboot/" + so + "-" + image.Name
out, err := ImageBundle(path, image.Image, config, enforceContentTrust(image.Image, &m.Trust), pull) out, err := ImageBundle(path, image.Image, config, useTrust, pull)
if err != nil { if err != nil {
log.Fatalf("Failed to extract root filesystem for %s: %v", image.Image, err) log.Fatalf("Failed to extract root filesystem for %s: %v", image.Image, err)
} }
@ -281,12 +282,13 @@ func buildInternal(m Moby, pull bool) []byte {
} }
for _, image := range m.Services { for _, image := range m.Services {
log.Infof(" Create OCI config for %s", image.Image) log.Infof(" Create OCI config for %s", image.Image)
config, err := ConfigToOCI(image) useTrust := enforceContentTrust(image.Image, &m.Trust)
config, err := ConfigToOCI(image, useTrust)
if err != nil { if err != nil {
log.Fatalf("Failed to create config.json for %s: %v", image.Image, err) log.Fatalf("Failed to create config.json for %s: %v", image.Image, err)
} }
path := "containers/services/" + image.Name path := "containers/services/" + image.Name
out, err := ImageBundle(path, image.Image, config, enforceContentTrust(image.Image, &m.Trust), pull) out, err := ImageBundle(path, image.Image, config, useTrust, pull)
if err != nil { if err != nil {
log.Fatalf("Failed to extract root filesystem for %s: %v", image.Image, err) log.Fatalf("Failed to extract root filesystem for %s: %v", image.Image, err)
} }

4
cmd/moby/config.go
View File

@ -202,7 +202,7 @@ func NewImage(config []byte) (MobyImage, error) {
} }
// ConfigToOCI converts a config specification to an OCI config file // ConfigToOCI converts a config specification to an OCI config file
func ConfigToOCI(image MobyImage) ([]byte, error) { func ConfigToOCI(image MobyImage, trust bool) ([]byte, error) {
// TODO pass through same docker client to all functions // TODO pass through same docker client to all functions
cli, err := dockerClient() cli, err := dockerClient()
@ -210,7 +210,7 @@ func ConfigToOCI(image MobyImage) ([]byte, error) {
return []byte{}, err return []byte{}, err
} }
inspect, err := dockerInspectImage(cli, image.Image) inspect, err := dockerInspectImage(cli, image.Image, trust)
if err != nil { if err != nil {
return []byte{}, err return []byte{}, err
} }

4
cmd/moby/docker.go
View File

@ -175,13 +175,13 @@ func dockerClient() (*client.Client, error) {
return client.NewEnvClient() return client.NewEnvClient()
} }
func dockerInspectImage(cli *client.Client, image string) (types.ImageInspect, error) { func dockerInspectImage(cli *client.Client, image string, trustedPull bool) (types.ImageInspect, error) {
log.Debugf("docker inspect image: %s", image) log.Debugf("docker inspect image: %s", image)
inspect, _, err := cli.ImageInspectWithRaw(context.Background(), image) inspect, _, err := cli.ImageInspectWithRaw(context.Background(), image)
if err != nil { if err != nil {
if client.IsErrImageNotFound(err) { if client.IsErrImageNotFound(err) {
pullErr := dockerPull(image, true, false) pullErr := dockerPull(image, true, trustedPull)
if pullErr != nil { if pullErr != nil {
return types.ImageInspect{}, pullErr return types.ImageInspect{}, pullErr
} }