Set default rootless sigstore

Set default rootless sigstore to ~/.local/share/containers/sigstore if the caller is non-root. Signed-off-by: Qi Wang <qiwan@redhat.com>
containers · Aug 26, 2020 · dcc8efa · dcc8efa
1 parent 44634e0
commit dcc8efa
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/docker/lookaside.go b/docker/lookaside.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/containers/image/v5/docker/reference"
+	"github.com/containers/image/v5/internal/uid"
 	"github.com/containers/image/v5/types"
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/ghodss/yaml"
@@ -30,6 +31,12 @@ const builtinRegistriesDirPath = "/etc/containers/registries.d"
 // userRegistriesDirPath is the path to the per user registries.d.
 var userRegistriesDir = filepath.FromSlash(".config/containers/registries.d")
 
+// defaultRootlessDockerDir is the default sigstore directory for per use configuration
+var defaultRootlessDockerDir = filepath.FromSlash(".local/share/containers/sigstore")
+
+// defaultDockerDir is the default sigstore derivide from registries.d
+var defaultDockerDir = "file:///var/lib/containers/sigstore"
+
 // registryConfiguration is one of the files in registriesDirPath configuring lookaside locations, or the result of merging them all.
 // NOTE: Keep this in sync with docs/registries.d.md!
 type registryConfiguration struct {
@@ -175,6 +182,13 @@ func (config *registryConfiguration) signatureTopLevel(ref dockerReference, writ
 	if config.DefaultDocker != nil {
 		logrus.Debugf(` Using "default-docker" configuration`)
 		if url := config.DefaultDocker.signatureTopLevel(write); url != "" {
+			if euid := uid.GetRootlessUID(); euid != 0 {
+				if url != defaultDockerDir {
+					// use user configured default-docker
+					return url
+				}
+				return filepath.Join(homedir.Get(), defaultRootlessDockerDir)
+			}
 			return url
 		}
 	}

diff --git a/internal/uid/uid.go b/internal/uid/uid.go
@@ -0,0 +1,16 @@
+package uid
+
+import (
+	"os"
+	"strconv"
+)
+
+// GetRootlessUID returns the UID of the user in the parent userNS
+func GetRootlessUID() int {
+	uidEnv := os.Getenv("_CONTAINERS_ROOTLESS_UID")
+	if uidEnv != "" {
+		u, _ := strconv.Atoi(uidEnv)
+		return u
+	}
+	return os.Geteuid()
+}