Support content trust images and pull with authentication

Contact the notary server if ```--verify``` is specified (or `verify: true` is enabled on the repo config) and verify if the image is signed, use the returned value to pull the verified image.
2025-09-01 23:37:07 +00:00 · 2021-03-11 17:04:26 +01:00
parent caa1cfad5c
commit 0028dd3a92
12 changed files with 237 additions and 23 deletions
--- a/pkg/helpers/imgworker/pull.go
+++ b/pkg/helpers/imgworker/pull.go
@@ -31,6 +31,7 @@ func (c *Client) Pull(image string) (*ListedImage, error) {
 	if err != nil {
 		return nil, err
 	}
+
 	// Parse the image name and tag.
 	named, err := reference.ParseNormalizedNamed(image)
 	if err != nil {
@@ -114,7 +115,6 @@ func (c *Client) Pull(image string) (*ListedImage, error) {
 	if _, err := e.Export(ctx, exporter.Source{Ref: ref}); err != nil {
 		return nil, err
 	}
-
 	// Get the image.
 	img, err := opt.ImageStore.Get(ctx, image)
 	if err != nil {