From e90ad8614be27f37409c20b36216d18f0f98fe24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Tue, 18 Jul 2023 20:22:22 +0200
Subject: [PATCH] Use globalOptions.getPolicyContext instead of an
 image-targeted SystemContext
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This automatically the global --policy-path and --insecure-policy options,
which don't affect h.sysctx.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
---
 cmd/skopeo/proxy.go | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/cmd/skopeo/proxy.go b/cmd/skopeo/proxy.go
index caf40265..6c2b1235 100644
--- a/cmd/skopeo/proxy.go
+++ b/cmd/skopeo/proxy.go
@@ -75,7 +75,6 @@ import (
 	"github.com/containers/image/v5/manifest"
 	ocilayout "github.com/containers/image/v5/oci/layout"
 	"github.com/containers/image/v5/pkg/blobinfocache"
-	"github.com/containers/image/v5/signature"
 	"github.com/containers/image/v5/transports"
 	"github.com/containers/image/v5/transports/alltransports"
 	"github.com/containers/image/v5/types"
@@ -268,15 +267,11 @@ func (h *proxyHandler) openImageImpl(args []any, allowNotFound bool) (replyBuf,
 		return ret, err
 	}
 
+	policyContext, err := h.opts.global.getPolicyContext()
+	if err != nil {
+		return ret, err
+	}
 	unparsedTopLevel := image.UnparsedInstance(imgsrc, nil)
-	policy, err := signature.DefaultPolicy(h.sysctx)
-	if err != nil {
-		return ret, err
-	}
-	policyContext, err := signature.NewPolicyContext(policy)
-	if err != nil {
-		return ret, err
-	}
 	allowed, err := policyContext.IsRunningImageAllowed(context.Background(), unparsedTopLevel)
 	if !allowed || err != nil {
 		return ret, err