Commit 2f7c8c2a authored by Daniel Jiang's avatar Daniel Jiang
Browse files

Check the tag in isArtifactSigned func



This commit ensures that when CLI is pulling a tag, the content trust middleware check the data in notary to ensure the particular tag is signed, not only the digest.
Signed-off-by: default avatarDaniel Jiang <jiangd@vmware.com>
parent 316f0349
...@@ -21,6 +21,9 @@ var ( ...@@ -21,6 +21,9 @@ var (
if err != nil { if err != nil {
return false, err return false, err
} }
if len(art.Tag) > 0 {
return checker.IsTagSigned(art.Tag, art.Digest), nil
}
return checker.IsArtifactSigned(art.Digest), nil return checker.IsArtifactSigned(art.Digest), nil
} }
) )
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment