Skip to content

Commit

Permalink
Fix copy without any flag set
Browse files Browse the repository at this point in the history
PR sigstore#3247 added an --only flag which when set copies only a subset of
metadata. By default the flag is set to an empty string, meaning that by
default copy would copy nothing. This PR fixes this bug so that if only
is unset, copy defaults to the same behavior as before copying
everything.

Also update the tag name to be sig rather than sign for the flag.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
  • Loading branch information
haydentherapper committed Dec 4, 2023
1 parent 29ca73f commit 997aed5
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 10 deletions.
4 changes: 2 additions & 2 deletions cmd/cosign/cli/copy.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ func Copy() *cobra.Command {
cosign copy example.com/src:latest example.com/dest:latest
# copy the signatures only
cosign copy --only=sign example.com/src example.com/dest
cosign copy --only=sig example.com/src example.com/dest
# copy the signatures, attestations, sbom only
cosign copy --only=sign,att,sbom example.com/src example.com/dest
cosign copy --only=sig,att,sbom example.com/src example.com/dest
# overwrite destination image and signatures
cosign copy -f example.com/src example.com/dest
Expand Down
17 changes: 11 additions & 6 deletions cmd/cosign/cli/copy/copy.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,13 @@ func CopyCmd(ctx context.Context, regOpts options.RegistryOptions, srcImg, dstIm
return err
}

onlyFlagSet := false
tags := parseOnlyOpt(copyOnly, sigOnly)
if len(tags) > 0 {
onlyFlagSet = true
} else {
tags = []tagMap{ociremote.SignatureTag, ociremote.AttestationTag, ociremote.SBOMTag}
}
if err := walk.SignedEntity(gctx, root, func(ctx context.Context, se oci.SignedEntity) error {
// Both of the SignedEntity types implement Digest()
h, err := se.Digest()
Expand Down Expand Up @@ -126,7 +132,7 @@ func CopyCmd(ctx context.Context, regOpts options.RegistryOptions, srcImg, dstIm
}

// If we're only copying sig/att/sbom, we have nothing left to do.
if len(tags) > 0 {
if onlyFlagSet {
return nil
}

Expand Down Expand Up @@ -174,17 +180,16 @@ func remoteCopy(ctx context.Context, pusher *remote.Pusher, src, dest name.Refer
return pusher.Push(ctx, dest, got)
}

func parseOnlyOpt(str string, sigOnly bool) []tagMap {
func parseOnlyOpt(onlyFlag string, sigOnly bool) []tagMap {
var tags []tagMap
items := strings.Split(str, ",")
tagSet := sets.New(items...)
tagSet := sets.New(strings.Split(onlyFlag, ",")...)

if sigOnly {
fmt.Fprintf(os.Stderr, "--sig-only is deprecated, use --only=sign instead")
fmt.Fprintf(os.Stderr, "--sig-only is deprecated, use --only=sig instead")
tagSet.Insert("sign")
}

if tagSet.Has("sign") {
if tagSet.Has("sig") {
tags = append(tags, ociremote.SignatureTag)
}
if tagSet.Has("sbom") {
Expand Down
4 changes: 2 additions & 2 deletions doc/cosign_copy.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 997aed5

Please sign in to comment.