github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-06-29 16:17:44 +00:00
Code Issues Projects Releases Wiki Activity
3,200 Commits 19 Branches 101 Tags 85 MiB
f825fdcb15
Commit Graph

3200 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Miloslav Trmač
2a8ffee621 Flip --tls-verify default to true 
Document better what --tls-verify does

... and sprinkle --tls-verify=false over integration tests.
 2016-09-13 19:26:21 +02:00
Miloslav Trmač
623865c159 Vendor after merging mtrmac/image:tls-verification 2016-09-13 19:25:42 +02:00
Antonio Murdaca
58ec828eab Merge pull request #204 from mtrmac/registries.d 
Create /etc/containers/registries.d in (make install)
 2016-09-13 18:30:07 +02:00
Miloslav Trmač
9835ae579b Create /etc/containers/registries.d in (make install) 2016-09-13 18:08:25 +02:00
Antonio Murdaca
14847101c0 Merge pull request #202 from runcom/change-os-uri 
Change atomic URI
 2016-09-13 17:11:07 +02:00
Antonio Murdaca
3980ac5894
vendor containers/image#81 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-13 16:50:28 +02:00
Miloslav Trmač
d6be447ce9 Merge pull request #170 from mtrmac/docker-lookaside 
Implement a lookaside storage for signatures of images in Docker registries
 2016-09-12 21:39:39 +02:00
Miloslav Trmač
b6fdea03f2 Add a global --registries.d option to skopeo 
This is added pretty much only for integration tests right now;
though, it might be useful also for non-root operation.

Also makes a tiny cleanup of contextFromGlobalOptions, removing a
variable.
 2016-09-12 21:13:53 +02:00
Miloslav Trmač
f46da343e2 Vendor after merging in mtrmac/image:docker-lookaside 2016-09-12 21:13:34 +02:00
Antonio Murdaca
d1d1d6533e Merge pull request #201 from runcom/fix-198 
vendor containers/image#84
 2016-09-12 17:47:00 +02:00
Antonio Murdaca
890c073526
vendor containers/image#84 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-12 17:25:52 +02:00
Antonio Murdaca
7e69022723 Merge pull request #196 from runcom/crane-fix 
vendor containers/image to fix RH
 2016-09-09 11:55:37 +02:00
Antonio Murdaca
1c16cd5e9d
vendor containers/image to fix RH 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-09 11:34:58 +02:00
Miloslav Trmač
362bfc5fe3 Merge pull request #195 from runcom/vendor-cont/images 
vendor containers/image, OCI/image-spec
 2016-09-08 14:03:43 +02:00
Antonio Murdaca
81d67eab92
vendor containers/image, OCI/image-spec 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-08 13:23:41 +02:00
Miloslav Trmač
fc0c5be08d Merge pull request #192 from rhatdan/install 
Refer to the policy file as a trust policy file.
 2016-09-07 17:42:29 +02:00
Dan Walsh
824853d85d Refer to the signature trust policy. 
The policy file is actualy indicatiting the signatures that the
user trusts.  This patch changes the documentation and error messages
to indicate this trust.
 2016-09-07 10:18:14 -04:00
Antonio Murdaca
2c78131d1d Merge pull request #171 from aweiteka/makefile 
Fix selinux perms in Makefile binary build
 2016-09-06 23:03:55 +02:00
Aaron Weitekamp
157b9c0f3b disable selinux for binary build 2016-09-06 16:28:07 -04:00
Antonio Murdaca
ee89d2c6a4 Merge pull request #190 from runcom/fix-putblob 
vendor containers/image for PutBlob returns
 2016-09-06 20:10:16 +02:00
Antonio Murdaca
4e40830eae
vendor containers/image for PutBlob returns 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-06 19:47:59 +02:00
Miloslav Trmač
46ffaa8e51 Merge pull request #188 from runcom/vendor-image-spec 
vendor containers/image and OCI/image-spec
 2016-09-06 16:50:18 +02:00
Antonio Murdaca
649ea391a4
vendor containers/image and OCI/image-spec 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-06 16:19:52 +02:00
Miloslav Trmač
4421e7ea2f Merge pull request #187 from mtrmac/api-changes 
Update for mtrmac/image:api-changes
 2016-09-06 16:03:28 +02:00
Miloslav Trmač
e8794bd9ff Vendor after merging in mtrmac/image:api-changes 
... and update for the API changes.
 2016-09-06 15:37:39 +02:00
Antonio Murdaca
136fd1d8a6 Merge pull request #185 from mtrmac/remove-signatures 
Add --remove-signatures to (skopeo copy)
 2016-09-05 19:34:42 +02:00
Miloslav Trmač
f627fc6045 Add --remove-signatures to (skopeo copy) 
This is necessary to allow copying signed images into destinations which
don't support signatures.
 2016-09-01 22:34:13 +02:00
Miloslav Trmač
7c2a47f8b9 Vendor after merging mtrmac/image:remove-signatures 2016-09-01 22:17:04 +02:00
Antonio Murdaca
1bfb549f7f Merge pull request #182 from runcom/fix-oci 
vendor containers/image for oci dest fix
 2016-09-01 18:01:44 +02:00
Antonio Murdaca
9914de1bf4
vendor containers/image for oci dest fix 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
 2016-09-01 17:38:17 +02:00
Antonio Murdaca
f37d72d964 Merge pull request #175 from mtrmac/copy 
Move copy implementation into containers/image
 2016-09-01 16:55:34 +02:00
Miloslav Trmač
3e3748a800 Move the core of the (skopeo copy) implementation to containers/image 2016-09-01 16:27:38 +02:00
Miloslav Trmač
61158ce7f4 Vendor after merging mtrmac/image:copy 2016-09-01 16:27:22 +02:00
Miloslav Trmač
7c17614143 Fix an ambiguity in (git reset) 
This is necessary to be able to check out a branch named "clone",
otherwise we get
> fatal: ambiguous argument 'copy': both revision and filename
 2016-08-31 22:10:47 +02:00
Miloslav Trmač
d24cdcbcf3 Merge pull request #180 from mtrmac/api-changes 
Vendor in API changes from https://github.com/containers/image/pull/64
 2016-08-31 22:04:20 +02:00
Miloslav Trmač
4055442da5 Vendor after merging mtrmac/image:api-changes 
... and update for the API changes.

NOTE: This keeps the old dangerous tlsVerify semantics.
 2016-08-31 21:26:42 +02:00
Antonio Murdaca
fb5e5a79f6 Merge pull request #176 from rhatdan/install 
Fix install command to create directories
 2016-08-25 21:06:50 +02:00
Dan Walsh
88bec961af Fix install command to create directories 2016-08-25 14:37:35 -04:00
Miloslav Trmač
fc843adca9 Merge pull request #158 from mtrmac/copy-signing-integration-tests 
Copy signing integration tests
 2016-08-25 20:35:39 +02:00
Miloslav Trmač
3d42f226c2 Add integration tests for signature handling in (skopeo copy) 
Note the need for openshiftCluster.relaxImageSignerPermissions.
 2016-08-25 20:11:31 +02:00
Miloslav Trmač
821f938a11 Merge pull request #157 from mtrmac/verify-on-pull 
Verify signatures on pull
 2016-08-25 20:02:45 +02:00
Miloslav Trmač
76a14985d6 Implement policy enforcement in (skopeo copy) 
Finally, load and enforce the policy.

NOTE that this breaks a simple ./skopeo from a built directory if you
don't have /etc/atomic/policy.json installed for other reasons;
use (./skopeo --policy default-policy.json) instead.
 2016-08-25 19:39:21 +02:00
Miloslav Trmač
d4462330a5 Add a default policy file, install it in (make install) and integration tests 
(skopeo copy) will soon ALWAYS require a present policy file.  So,
install one by (make install), and ensure that integration tests do so
as well.

Also simplifies the usage of install(1) a bit.
 2016-08-25 19:39:21 +02:00
Miloslav Trmač
d5d6bc28f7 Add a new --policy flag. 
This ordinarily uses the compiled-in default, but allows per-command
override.  No users yet.

Note that this adds an URL to policy documentation within
containers/image, and that URL does not exist at the moment.
 2016-08-25 19:39:15 +02:00
Miloslav Trmač
8826f09cf4 Vendor after merging mtrmac/image:default-policy 2016-08-25 19:36:29 +02:00
Daniel J Walsh
e6886e4afc Merge pull request #173 from mikebrow/auto-completions 
add support for completions
 2016-08-25 18:13:18 +02:00
Mike Brown
a40d7b53aa add support for completions 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2016-08-25 10:45:24 -05:00
Miloslav Trmač
e0d44861af Merge pull request #165 from mtrmac/manifest-digest 
Improve manifest digest handling
 2016-08-25 17:28:59 +02:00
Miloslav Trmač
c236b29c75 Add (skopeo manifest-digest) 
A plain sha256sum and the like is insufficient because we need to strip
signatures from v2s1 manifests; so, add a subcommand.

This can be used together with (skopeo inspect --raw) to download a
manifest from a source untrusted to modify it under us; we download a
manifest once using (skopeo inspect --raw), compute a digest using
(skopeo manifest-digest), and then do all future operations using a
digest reference.
 2016-08-25 16:49:02 +02:00
Miloslav Trmač
e4315e82b0 Output the original raw manifest in (skopeo inspect --raw) 
We need (skopeo inspect --raw > manifest.json) to save the unmodified
original: no extra new lines, no undetected truncation, nothing.
 2016-08-25 16:49:02 +02:00