github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2026-01-15 17:08:00 +00:00
Code Issues Projects Releases Wiki Activity

trust: always tag after pull

Browse Source 
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy
2017-05-26 17:37:49 -07:00
parent e8dc61e910
commit 81d17913d1
2 changed files with 25 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/moby/docker.go
View File

@@ -120,18 +120,28 @@ func dockerRm(container string) error {
func dockerPull(image string, trustedPull bool) error {
log.Debugf("docker pull: %s", image)
cli, err := dockerClient()
if err != nil {
return errors.New("could not initialize Docker API client")
}
if trustedPull {
log.Debugf("pulling %s with content trust", image)
trustedImg, err := TrustedReference(image)
if err != nil {
return fmt.Errorf("Trusted pull for %s failed: %v", image, err)
}
// tag the image on a best-effort basis after pulling with content trust,
// ensuring that docker picks up the tag and digest fom the canonical format
defer func(src, dst string) {
if err := cli.ImageTag(context.Background(), src, dst); err != nil {
log.Debugf("could not tag trusted image %s to %s", src, dst)
}
}(trustedImg.String(), image)
image = trustedImg.String()
}
cli, err := dockerClient()
if err != nil {
return errors.New("could not initialize Docker API client")
}
r, err := cli.ImagePull(context.Background(), image, types.ImagePullOptions{})
if err != nil {