bb3c0b2466
Commited13c3abfb
added flags for Docker Content Trust. Depending on the `verify` boolean, the message is "Skip image verification", or "Skip image signing". "Signing" is intended for `docker push` / `docker plugin push`. During the migration to Cobra, this boolean got flipped for `docker push` (9640e3a451
), causing `docker push` to show the incorrect flag description. This patch changes the flags to use the correct description for `docker push`, and `docker plugin push`. To prevent this confusion in future, the boolean argument is removed, and a `AddTrustSigningFlags()` function is added. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
43 lines
1.2 KiB
Go
43 lines
1.2 KiB
Go
package command
|
|
|
|
import (
|
|
"os"
|
|
"strconv"
|
|
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
var (
|
|
// TODO: make this not global
|
|
untrusted bool
|
|
)
|
|
|
|
// AddTrustVerificationFlags adds content trust flags to the provided flagset
|
|
func AddTrustVerificationFlags(fs *pflag.FlagSet) {
|
|
trusted := getDefaultTrustState()
|
|
fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image verification")
|
|
}
|
|
|
|
// AddTrustSigningFlags adds "signing" flags to the provided flagset
|
|
func AddTrustSigningFlags(fs *pflag.FlagSet) {
|
|
trusted := getDefaultTrustState()
|
|
fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image signing")
|
|
}
|
|
|
|
// getDefaultTrustState returns true if content trust is enabled through the $DOCKER_CONTENT_TRUST environment variable.
|
|
func getDefaultTrustState() bool {
|
|
var trusted bool
|
|
if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
|
|
if t, err := strconv.ParseBool(e); t || err != nil {
|
|
// treat any other value as true
|
|
trusted = true
|
|
}
|
|
}
|
|
return trusted
|
|
}
|
|
|
|
// IsTrusted returns true if content trust is enabled, either through the $DOCKER_CONTENT_TRUST environment variable,
|
|
// or through `--disabled-content-trust=false` on a command.
|
|
func IsTrusted() bool {
|
|
return !untrusted
|
|
}
|