Add signature.DefaultPolicy() #49
Conversation
|
(I have also considered using At the moment, a simple explicit override for that one path is easier to use; we may consider the |
(5) Container image signing and verification with a single key
|
lgtm |
signature/policy_config.go
Outdated
| if err != nil { | ||
| policy = &Policy{Default: PolicyRequirements{NewPRReject()}} | ||
| } | ||
| return policy, err |
There was a problem hiding this comment.
return policy, nil? (or am I missing something?)
There was a problem hiding this comment.
alright, got it but it's pretty confusing.
User of this function at https://github.com/projectatomic/skopeo/pull/157/files#diff-c6c318da062a6b9637745a480d10434eR88 bail out on error so why setting in line 56 a default policy if we're stil going to return the error here?
There was a problem hiding this comment.
I'm not saying it's wrong, perhaps could be rewritten to be more obvious?
|
just nitpicking after reviewing related PRs |
This is the API most applications should use to get the policy for the current host. Also adds a types.SystemContext per discussions in containers#41 and elsewhere, to make the functions testable and usable in special situations like chroots. (Though, signature.DefaultPolicy() with an override is not that different from signature.NewPolicyFromFile().) Signed-off-by: Miloslav Trmač <[email protected]>
|
Updated to move the compiled-in path to |
|
LGTM |
|
👍 |
2 participants
This is the API most applications should use to get the policy for the current host.
Also adds a
types.SystemContextper discussions in #41 and elsewhere, to make the functions testable and usable in special situations like chroots.(Though,
signature.DefaultPolicy()with an override is not that different fromsignature.NewPolicyFromFile().)