github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-17 07:19:37 +00:00
Code Issues Projects Releases Wiki Activity

Implement policy enforcement in (skopeo copy)

Browse Source 
Finally, load and enforce the policy.

NOTE that this breaks a simple ./skopeo from a built directory if you
don't have /etc/atomic/policy.json installed for other reasons;
use (./skopeo --policy default-policy.json) instead.
This commit is contained in:
Miloslav Trmač
2016-06-02 16:26:01 +02:00
parent d4462330a5
commit 76a14985d6
2 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/skopeo/copy.go
View File

@@ -80,6 +80,12 @@ func copyHandler(context *cli.Context) error {
return errors.New("Usage: copy source destination") return errors.New("Usage: copy source destination")
} }
policyContext, err := getPolicyContext(context)
if err != nil {
return fmt.Errorf("Error loading verification policy: %v", err)
}
defer policyContext.Destroy()
dest, err := parseImageDestination(context, context.Args()[1]) dest, err := parseImageDestination(context, context.Args()[1])
if err != nil { if err != nil {
return fmt.Errorf("Error initializing %s: %v", context.Args()[1], err) return fmt.Errorf("Error initializing %s: %v", context.Args()[1], err)
@@ -93,11 +99,21 @@ func copyHandler(context *cli.Context) error {
signBy := context.String("sign-by") signBy := context.String("sign-by")
// Please keep this policy check BEFORE reading any other information about the image.
if allowed, err := policyContext.IsRunningImageAllowed(src); !allowed || err != nil { // Be paranoid and fail if either return value indicates so.
return fmt.Errorf("Source image rejected: %v", err)
}
manifest, _, err := src.Manifest() manifest, _, err := src.Manifest()
if err != nil { if err != nil {
return fmt.Errorf("Error reading manifest: %v", err) return fmt.Errorf("Error reading manifest: %v", err)
} }
sigs, err := src.Signatures()
if err != nil {
return fmt.Errorf("Error reading signatures: %v", err)
}
blobDigests, err := src.BlobDigests() blobDigests, err := src.BlobDigests()
if err != nil { if err != nil {
return fmt.Errorf("Error parsing manifest: %v", err) return fmt.Errorf("Error parsing manifest: %v", err)
@@ -128,11 +144,6 @@ func copyHandler(context *cli.Context) error {
} }
} }
sigs, err := src.Signatures()
if err != nil {
return fmt.Errorf("Error reading signatures: %v", err)
}
if signBy != "" { if signBy != "" {
mech, err := signature.NewGPGSigningMechanism() mech, err := signature.NewGPGSigningMechanism()
if err != nil { if err != nil {

2
docs/skopeo.1.md
View File

@@ -59,6 +59,8 @@ Most commands refer to container images, using a _transport_`:`_details_ format.
Copy an image (manifest, filesystem layers, signatures) from one location to another. Copy an image (manifest, filesystem layers, signatures) from one location to another.
Uses the system's signature verification policy to validate images, refuses to copy images rejected by the policy.
_source-image_ use the "image name" format described above _source-image_ use the "image name" format described above
_destination-image_ use the "image name" format described above _destination-image_ use the "image name" format described above