diff --git a/cmd/cosign/cli/copy.go b/cmd/cosign/cli/copy.go index f6c76571f52..5519b18e2db 100644 --- a/cmd/cosign/cli/copy.go +++ b/cmd/cosign/cli/copy.go @@ -34,10 +34,10 @@ func Copy() *cobra.Command { cosign copy example.com/src:latest example.com/dest:latest # copy the signatures only - cosign copy --only=sign example.com/src example.com/dest + cosign copy --only=sig example.com/src example.com/dest # copy the signatures, attestations, sbom only - cosign copy --only=sign,att,sbom example.com/src example.com/dest + cosign copy --only=sig,att,sbom example.com/src example.com/dest # overwrite destination image and signatures cosign copy -f example.com/src example.com/dest diff --git a/cmd/cosign/cli/copy/copy.go b/cmd/cosign/cli/copy/copy.go index 65c65e99b30..6575c71fb4b 100644 --- a/cmd/cosign/cli/copy/copy.go +++ b/cmd/cosign/cli/copy/copy.go @@ -79,7 +79,13 @@ func CopyCmd(ctx context.Context, regOpts options.RegistryOptions, srcImg, dstIm return err } + onlyFlagSet := false tags := parseOnlyOpt(copyOnly, sigOnly) + if len(tags) > 0 { + onlyFlagSet = true + } else { + tags = []tagMap{ociremote.SignatureTag, ociremote.AttestationTag, ociremote.SBOMTag} + } if err := walk.SignedEntity(gctx, root, func(ctx context.Context, se oci.SignedEntity) error { // Both of the SignedEntity types implement Digest() h, err := se.Digest() @@ -126,7 +132,7 @@ func CopyCmd(ctx context.Context, regOpts options.RegistryOptions, srcImg, dstIm } // If we're only copying sig/att/sbom, we have nothing left to do. - if len(tags) > 0 { + if onlyFlagSet { return nil } @@ -174,17 +180,16 @@ func remoteCopy(ctx context.Context, pusher *remote.Pusher, src, dest name.Refer return pusher.Push(ctx, dest, got) } -func parseOnlyOpt(str string, sigOnly bool) []tagMap { +func parseOnlyOpt(onlyFlag string, sigOnly bool) []tagMap { var tags []tagMap - items := strings.Split(str, ",") - tagSet := sets.New(items...) + tagSet := sets.New(strings.Split(onlyFlag, ",")...) if sigOnly { - fmt.Fprintf(os.Stderr, "--sig-only is deprecated, use --only=sign instead") + fmt.Fprintf(os.Stderr, "--sig-only is deprecated, use --only=sig instead") tagSet.Insert("sign") } - if tagSet.Has("sign") { + if tagSet.Has("sig") { tags = append(tags, ociremote.SignatureTag) } if tagSet.Has("sbom") { diff --git a/doc/cosign_copy.md b/doc/cosign_copy.md index bd5ba29d80e..5cce9b638d5 100644 --- a/doc/cosign_copy.md +++ b/doc/cosign_copy.md @@ -15,10 +15,10 @@ cosign copy [flags] cosign copy example.com/src:latest example.com/dest:latest # copy the signatures only - cosign copy --only=sign example.com/src example.com/dest + cosign copy --only=sig example.com/src example.com/dest # copy the signatures, attestations, sbom only - cosign copy --only=sign,att,sbom example.com/src example.com/dest + cosign copy --only=sig,att,sbom example.com/src example.com/dest # overwrite destination image and signatures cosign copy -f example.com/src example.com/dest