From 8b99b43bf3687d813542099469df93499c71a041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=F0=9F=98=8EMostafa=20Emami?= <mustafaemami@gmail.com>
Date: Tue, 20 Sep 2022 07:27:00 +0200
Subject: [PATCH] cli: Add signature-policy flag to podman save
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Allow overwrite of the signature-policy file
by passing signature-policy flag to podman save command

Closes: https://github.com/containers/podman/issues/15869
Signed-off-by: 😎Mostafa Emami <mustafaemami@gmail.com>
---
 cmd/podman/images/save.go             | 1 +
 docs/source/markdown/podman-save.1.md | 4 ++++
 pkg/domain/entities/images.go         | 3 ++-
 pkg/domain/infra/abi/images.go        | 1 +
 test/e2e/load_test.go                 | 2 +-
 5 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go
index ecff0f841c24..e87bd23e2d80 100644
--- a/cmd/podman/images/save.go
+++ b/cmd/podman/images/save.go
@@ -96,6 +96,7 @@ func saveFlags(cmd *cobra.Command) {
 
 	flags.BoolVarP(&saveOpts.Quiet, "quiet", "q", false, "Suppress the output")
 	flags.BoolVarP(&saveOpts.MultiImageArchive, "multi-image-archive", "m", containerConfig.Engine.MultiImageArchive, "Interpret additional arguments as images not tags and create a multi-image-archive (only for docker-archive)")
+	flags.StringVar(&saveOpts.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file")
 }
 
 func save(cmd *cobra.Command, args []string) (finalErr error) {
diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md
index 088d9dc2109c..bd7a81816d98 100644
--- a/docs/source/markdown/podman-save.1.md
+++ b/docs/source/markdown/podman-save.1.md
@@ -57,6 +57,10 @@ Write to a file, default is STDOUT
 
 Suppress the output
 
+#### **--signature-policy**
+
+Define the path to a signature-policy file
+
 #### **--uncompressed**
 
 Accept uncompressed layers when using one of the OCI formats.
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index cad11b0ab311..b1eb3b0057bb 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -335,7 +335,8 @@ type ImageSaveOptions struct {
 	// Output - write image to the specified path.
 	Output string
 	// Quiet - suppress output when copying images
-	Quiet bool
+	Quiet           bool
+	SignaturePolicy string
 }
 
 // ImageScpOptions provide options for securely copying images to and from a remote host
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 6934de60ecc7..e2f44e00261b 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -406,6 +406,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
 	saveOptions := &libimage.SaveOptions{}
 	saveOptions.DirForceCompress = options.Compress
 	saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
+	saveOptions.SignaturePolicyPath = options.SignaturePolicy
 
 	// Force signature removal to preserve backwards compat.
 	// See https://github.com/containers/podman/pull/11669#issuecomment-925250264
diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go
index 1e3f9089af95..14f91cb29dae 100644
--- a/test/e2e/load_test.go
+++ b/test/e2e/load_test.go
@@ -94,7 +94,7 @@ var _ = Describe("Podman load", func() {
 	It("podman load oci-archive with signature", func() {
 		outfile := filepath.Join(podmanTest.TempDir, "alpine.tar")
 
-		save := podmanTest.Podman([]string{"save", "-o", outfile, "--format", "oci-archive", ALPINE})
+		save := podmanTest.Podman([]string{"save", "--signature-policy", "/etc/containers/policy.json", "-o", outfile, "--format", "oci-archive", ALPINE})
 		save.WaitWithDefaultTimeout()
 		Expect(save).Should(Exit(0))