github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-10-31 05:52:56 +00:00
Code Issues Projects Releases Wiki Activity

trust: clean up logic for digests and orgs

Browse Source 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy
2017-04-08 17:25:18 -07:00
parent f9c4c30142
commit 7f79de1b6f
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/cmd/moby/build.go
View File

@@ -52,21 +52,26 @@ func initrdAppend(iw *initrd.Writer, r io.Reader) {
func enforceContentTrust(fullImageName string, config *TrustConfig) bool { func enforceContentTrust(fullImageName string, config *TrustConfig) bool {
for _, img := range config.Image { for _, img := range config.Image {
// First check for an exact tag match // First check for an exact name match
if img == fullImageName { if img == fullImageName {
return true return true
} }
// Also check for an image name only match: // Also check for an image name only match
// by removing a possible tag (with possibly added digest):
if img == strings.TrimSuffix(fullImageName, ":") { if img == strings.TrimSuffix(fullImageName, ":") {
return true return true
} }
// and by removing a possible digest:
if img == strings.TrimSuffix(fullImageName, "@sha256:") {
return true
}
} }
for _, org := range config.Org { for _, org := range config.Org {
if strings.HasPrefix(fullImageName, org+"/") { if strings.HasPrefix(fullImageName, org+"/") {
}
return true return true
} }
}
return false return false
} }