Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-12-18 14:47:38 +01:00
Code Issues Projects Releases Wiki Activity

Check the tag in isArtifactSigned func

Browse Source 
This commit ensures that when CLI is pulling a tag, the content trust middleware check the data in notary to ensure the particular tag is signed, not only the digest.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2020-09-03 16:07:36 +08:00
parent 316f03492f
commit 2f7c8c2abd
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/server/middleware/contenttrust/contenttrust.go
View File

@ -21,6 +21,9 @@ var (
if err != nil { if err != nil {
return false, err return false, err
} }
if len(art.Tag) > 0 {
return checker.IsTagSigned(art.Tag, art.Digest), nil
}
return checker.IsArtifactSigned(art.Digest), nil return checker.IsArtifactSigned(art.Digest), nil
} }
) )