2016-09-08 13:11:39 -04:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"strconv"
|
|
|
|
|
|
|
|
"github.com/spf13/pflag"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
2016-08-29 14:45:29 -04:00
|
|
|
// TODO: make this not global
|
|
|
|
untrusted bool
|
2016-09-08 13:11:39 -04:00
|
|
|
)
|
|
|
|
|
2017-08-31 17:07:16 -04:00
|
|
|
func init() {
|
|
|
|
untrusted = !getDefaultTrustState()
|
|
|
|
}
|
|
|
|
|
2017-01-17 09:46:07 -05:00
|
|
|
// AddTrustVerificationFlags adds content trust flags to the provided flagset
|
|
|
|
func AddTrustVerificationFlags(fs *pflag.FlagSet) {
|
|
|
|
trusted := getDefaultTrustState()
|
|
|
|
fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image verification")
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
2017-01-17 09:46:07 -05:00
|
|
|
// AddTrustSigningFlags adds "signing" flags to the provided flagset
|
|
|
|
func AddTrustSigningFlags(fs *pflag.FlagSet) {
|
|
|
|
trusted := getDefaultTrustState()
|
|
|
|
fs.BoolVar(&untrusted, "disable-content-trust", !trusted, "Skip image signing")
|
|
|
|
}
|
|
|
|
|
|
|
|
// getDefaultTrustState returns true if content trust is enabled through the $DOCKER_CONTENT_TRUST environment variable.
|
|
|
|
func getDefaultTrustState() bool {
|
2016-09-08 13:11:39 -04:00
|
|
|
var trusted bool
|
|
|
|
if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
|
|
|
|
if t, err := strconv.ParseBool(e); t || err != nil {
|
|
|
|
// treat any other value as true
|
|
|
|
trusted = true
|
|
|
|
}
|
|
|
|
}
|
2017-01-17 09:46:07 -05:00
|
|
|
return trusted
|
2016-09-08 13:11:39 -04:00
|
|
|
}
|
|
|
|
|
2017-01-17 09:46:07 -05:00
|
|
|
// IsTrusted returns true if content trust is enabled, either through the $DOCKER_CONTENT_TRUST environment variable,
|
|
|
|
// or through `--disabled-content-trust=false` on a command.
|
2016-09-08 13:11:39 -04:00
|
|
|
func IsTrusted() bool {
|
|
|
|
return !untrusted
|
|
|
|
}
|