Do not perform build context switch when content trust is not enabled.

Signed-off-by: David Calavera <david.calavera@gmail.com>
2022-11-09 12:21:53 -05:00 · 2016-01-05 13:32:43 -05:00 · 2016-01-05 13:32:43 -05:00 · 18d15babef
commit 18d15babef
parent 5aae5a5fae
1 changed files with 24 additions and 17 deletions
--- a/api/client/build.go
+++ b/api/client/build.go
@ -121,15 +121,6 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		contextDir = tempDir
 	}

-	// Resolve the FROM lines in the Dockerfile to trusted digest references
-	// using Notary. On a successful build, we must tag the resolved digests
-	// to the original name specified in the Dockerfile.
-	newDockerfile, resolvedTags, err := rewriteDockerfileFrom(filepath.Join(contextDir, relDockerfile), cli.trustedReference)
-	if err != nil {
-		return fmt.Errorf("unable to process Dockerfile: %v", err)
-	}
-	defer newDockerfile.Close()
-
 	// And canonicalize dockerfile name to a platform-independent one
 	relDockerfile, err = archive.CanonicalTarNameForPath(relDockerfile)
 	if err != nil {
@ -176,9 +167,22 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		return err
 	}

-	// Wrap the tar archive to replace the Dockerfile entry with the rewritten
-	// Dockerfile which uses trusted pulls.
-	context = replaceDockerfileTarWrapper(context, newDockerfile, relDockerfile)
+	var resolvedTags []*resolvedTag
+	if isTrusted() {
+		// Resolve the FROM lines in the Dockerfile to trusted digest references
+		// using Notary. On a successful build, we must tag the resolved digests
+		// to the original name specified in the Dockerfile.
+		var newDockerfile *trustedDockerfile
+		newDockerfile, resolvedTags, err = rewriteDockerfileFrom(filepath.Join(contextDir, relDockerfile), cli.trustedReference)
+		if err != nil {
+			return fmt.Errorf("unable to process Dockerfile: %v", err)
+		}
+		defer newDockerfile.Close()
+
+		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
+		// Dockerfile which uses trusted pulls.
+		context = replaceDockerfileTarWrapper(context, newDockerfile, relDockerfile)
+	}

 	// Setup an upload progress bar
 	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(progBuff, true)
@ -266,11 +270,14 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 	if *suppressOutput {
 		fmt.Fprintf(cli.out, "%s", buildBuff)
 	}
-	// Since the build was successful, now we must tag any of the resolved
-	// images from the above Dockerfile rewrite.
-	for _, resolved := range resolvedTags {
-		if err := cli.tagTrusted(resolved.digestRef, resolved.tagRef); err != nil {
-			return err
+
+	if isTrusted() {
+		// Since the build was successful, now we must tag any of the resolved
+		// images from the above Dockerfile rewrite.
+		for _, resolved := range resolvedTags {
+			if err := cli.tagTrusted(resolved.digestRef, resolved.tagRef); err != nil {
+				return err
+			}
 		}
 	}