Docker-in-Docker (DinD) capabilities of public runners deactivated. More info

Commit 2f7c8c2a authored by Daniel Jiang's avatar Daniel Jiang
Browse files

Check the tag in isArtifactSigned func



This commit ensures that when CLI is pulling a tag, the content trust middleware check the data in notary to ensure the particular tag is signed, not only the digest.
Signed-off-by: default avatarDaniel Jiang <jiangd@vmware.com>
parent 316f0349
......@@ -21,6 +21,9 @@ var (
if err != nil {
return false, err
}
if len(art.Tag) > 0 {
return checker.IsTagSigned(art.Tag, art.Digest), nil
}
return checker.IsArtifactSigned(art.Digest), nil
}
)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment