Do not perform build context switch when content trust is not enabled.

Signed-off-by: David Calavera <david.calavera@gmail.com>

api/client/build.go

@@ -121,15 +121,6 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		contextDir = tempDir
 	}
 
-	// Resolve the FROM lines in the Dockerfile to trusted digest references
-	// using Notary. On a successful build, we must tag the resolved digests
-	// to the original name specified in the Dockerfile.
-	newDockerfile, resolvedTags, err := rewriteDockerfileFrom(filepath.Join(contextDir, relDockerfile), cli.trustedReference)
-	if err != nil {
-		return fmt.Errorf("unable to process Dockerfile: %v", err)
-	}
-	defer newDockerfile.Close()
-
 	// And canonicalize dockerfile name to a platform-independent one
 	relDockerfile, err = archive.CanonicalTarNameForPath(relDockerfile)
 	if err != nil {
@@ -176,9 +167,22 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 		return err
 	}
 
-	// Wrap the tar archive to replace the Dockerfile entry with the rewritten
+	var resolvedTags []*resolvedTag
-	// Dockerfile which uses trusted pulls.
+	if isTrusted() {
-	context = replaceDockerfileTarWrapper(context, newDockerfile, relDockerfile)
+		// Resolve the FROM lines in the Dockerfile to trusted digest references
+		// using Notary. On a successful build, we must tag the resolved digests
+		// to the original name specified in the Dockerfile.
+		var newDockerfile *trustedDockerfile
+		newDockerfile, resolvedTags, err = rewriteDockerfileFrom(filepath.Join(contextDir, relDockerfile), cli.trustedReference)
+		if err != nil {
+			return fmt.Errorf("unable to process Dockerfile: %v", err)
+		}
+		defer newDockerfile.Close()
+
+		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
+		// Dockerfile which uses trusted pulls.
+		context = replaceDockerfileTarWrapper(context, newDockerfile, relDockerfile)
+	}
 
 	// Setup an upload progress bar
 	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(progBuff, true)
@@ -266,11 +270,14 @@ func (cli *DockerCli) CmdBuild(args ...string) error {
 	if *suppressOutput {
 		fmt.Fprintf(cli.out, "%s", buildBuff)
 	}
-	// Since the build was successful, now we must tag any of the resolved
+
-	// images from the above Dockerfile rewrite.
+	if isTrusted() {
-	for _, resolved := range resolvedTags {
+		// Since the build was successful, now we must tag any of the resolved
-		if err := cli.tagTrusted(resolved.digestRef, resolved.tagRef); err != nil {
+		// images from the above Dockerfile rewrite.
-			return err
+		for _, resolved := range resolvedTags {
+			if err := cli.tagTrusted(resolved.digestRef, resolved.tagRef); err != nil {
+				return err
+			}
 		}
 	}