Finally, load and enforce the policy.
NOTE that this breaks a simple ./skopeo from a built directory if you
don't have /etc/atomic/policy.json installed for other reasons;
use (./skopeo --policy default-policy.json) instead.
(skopeo copy) will soon ALWAYS require a present policy file. So,
install one by (make install), and ensure that integration tests do so
as well.
Also simplifies the usage of install(1) a bit.
This ordinarily uses the compiled-in default, but allows per-command
override. No users yet.
Note that this adds an URL to policy documentation within
containers/image, and that URL does not exist at the moment.
A plain sha256sum and the like is insufficient because we need to strip
signatures from v2s1 manifests; so, add a subcommand.
This can be used together with (skopeo inspect --raw) to download a
manifest from a source untrusted to modify it under us; we download a
manifest once using (skopeo inspect --raw), compute a digest using
(skopeo manifest-digest), and then do all future operations using a
digest reference.
* Use “override GOGCFLAGS+=” so that (make GOGCFLAGS=… DEBUG=1)
does not ignore the appending to GOGCFLAGS
* Move quoting of -gcflags from the variable to its use,
so that (make GOGCFLAGS=… DEBUG=1) is correctly quoted
* Now that GOGCFLAGS and DEBUG are both handled correctly when
completely empty, simplify by dropping the DEBUG!=1 branch.
* Beautify the command line by not using DEBUG= if DEBUG is unset.
This ensures that we are not installing e.g. an obsolete version of the
man page after the Markdown version is updated.
Note that this greatly benefits from the "skopeo" target being
non-phony, otherwise (make install) would rebuild the binary.
- Use ArgsUsage to document the non-option arguments
- Refer to ArgsUsage placeholders in Usage
- Use named placeholders in flag documentation
Fixes#137, more or less.
Among other minor changes:
- Do not duplicate synopses of the subcommands; use a generic synopsis
at the top, and detailed subcommand synopses only when documenting the
subcommands.
- Use the conventions documented in man-pages(7), in particular using
italic for replaceable values.
- Add a section documenting the transport:details reference format,
and list the supported transports.
- Relax the warning about standalone-sign.
Note that this requires ImageDestination.PutBlob to fail and delete
any unfinished data if stream.Read() fails.
We do not have to trust PutBlob to correctly handle a validation error,
so we don't; but we can't do the storage cleanup for PutBlob.
- Use transports.ParseImageReference instead of dealing with individual
transports
- CanonicalDockerReference replaced by Reference.DockerReference, can't
fail but can be unsupported
- directory.NewImageDestination replaced by
directory.NewReference.NewImageDestination
