Merge pull request #59 from riyazdf/trust-parse-fixes-and-tests

trust: parsing fixes and tests
2025-10-28 17:25:42 +00:00 · 2017-06-01 22:35:59 +01:00
parent dec7f8bb2b e0fc007b5a
commit edcf4d0362
3 changed files with 80 additions and 5 deletions
--- a/cmd/moby/build.go
+++ b/cmd/moby/build.go
@@ -143,17 +143,35 @@ func enforceContentTrust(fullImageName string, config *TrustConfig) bool {
 		}
 		// Also check for an image name only match
 		// by removing a possible tag (with possibly added digest):
-		if img == strings.TrimSuffix(fullImageName, ":") {
+		imgAndTag := strings.Split(fullImageName, ":")
+		if len(imgAndTag) >= 2 && img == imgAndTag[0] {
 			return true
 		}
 		// and by removing a possible digest:
-		if img == strings.TrimSuffix(fullImageName, "@sha256:") {
+		imgAndDigest := strings.Split(fullImageName, "@sha256:")
+		if len(imgAndDigest) >= 2 && img == imgAndDigest[0] {
 			return true
 		}
 	}

 	for _, org := range config.Org {
-		if strings.HasPrefix(fullImageName, org+"/") {
+		var imgOrg string
+		splitName := strings.Split(fullImageName, "/")
+		switch len(splitName) {
+		case 0:
+			// if the image is empty, return false
+			return false
+		case 1:
+			// for single names like nginx, use library
+			imgOrg = "library"
+		case 2:
+			// for names that assume docker hub, like linxukit/alpine, take the first split
+			imgOrg = splitName[0]
+		default:
+			// for names that include the registry, the second piece is the org, ex: docker.io/library/alpine
+			imgOrg = splitName[1]
+		}
+		if imgOrg == org {
 			return true
 		}
 	}