Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

podman save cli doesn't support --signature-policy #15869

Closed
idleroamer opened this issue Sep 20, 2022 · 0 comments · Fixed by #15870
Closed

podman save cli doesn't support --signature-policy #15869

idleroamer opened this issue Sep 20, 2022 · 0 comments · Fixed by #15870
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@idleroamer
Copy link
Contributor

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

It is not possible to use custom signature-policy files with podman save in the similar manner to other cli commands like podman load, podman pull, ....
This effectively means without a default /etc/containers/policy.json the podman save fails.

Error: open /etc/containers/policy.json: no such file or directory

Steps to reproduce the issue:

  1. Remove /etc/containers/policy.json

  2. Use podman save ...

podman save should support --signature-policy.

Output of podman version:

podman version 4.3.0-dev

Output of podman info:

host:
  arch: amd64
  buildahVersion: 1.28.0-dev
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - pids
  cgroupManager: systemd
  cgroupVersion: v1
  conmon:
    package: conmon-2.0.27+git0+3efab3e71c-r0.core2_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.28-dev, commit: 3efab3e71c4c29f127cd7b8e8a5a885fc17dec88'
  cpuUtilization:
    idlePercent: 94.95
    systemPercent: 1.46
    userPercent: 3.6
  cpus: 6
  distribution:
    distribution: mbient
    version: "1.0"
  eventLogger: file
  hostname: qemux86-64
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.4.178-yocto-standard
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 8516308992
  memTotal: 22189408256
  networkBackend: cni
  ociRuntime:
    name: crun
    package: crun-0.18+gitf302dd8c02c6fddd2c50d1685d82b7a19aae8afe-r0.core2_64
    path: /usr/bin/crun
    version: |-
      crun version 0.19.5-f302
      commit: f302dd8c02c6fddd2c50d1685d82b7a19aae8afe
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: true
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: ""
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-0.4.1-r0.core2_64
    version: |-
      slirp4netns version 0.4.1
      commit: unknown
  swapFree: 46133248
  swapTotal: 46133248
  uptime: 6h 13m 12.00s (Approximately 0.25 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - quay.io
  - registry.access.redhat.com
  - registry.centos.org
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 5
    paused: 0
    running: 0
    stopped: 5
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev
  graphRoot: <removed>
  graphRootAllocated: 4093313024
  graphRootUsed: 38490112
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 2
  runRoot: /var/run/containers/storage
  volumePath: <removed>
version:
  APIVersion: 4.3.0-dev
  Built: 1663677023
  BuiltTime: Tue Sep 20 14:30:23 2022
  GitCommit: 2e3967be2fa368e5b6dbcbc0080f7f9ffd99b8bc
  GoVersion: go1.19
  Os: linux
  OsArch: linux/amd64
  Version: 4.3.0-dev

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 20, 2022
@idleroamer idleroamer changed the title podman save cli doesn't support --signature-policy argument podman save cli doesn't support --signature-policy Sep 20, 2022
idleroamer added a commit to idleroamer/podman that referenced this issue Sep 21, 2022
Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command

Closes: containers#15869
Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 15, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant