We use YAML format in atomic.conf file, so it should be KEY: VALUE
not KEY=VALUE.
Signed-off-by: Alex Jia <ajia@redhat.com>
Closes: #1004
Approved by: baude
http_proxy and https_proxy are currently supported in /etc/atomic.conf.
This change adds no_proxy support. no_proxy is for urls which should
not go through a proxy.
Closes: #999
Approved by: baude
If HTTP[S]_PROXY is defined, honor it in python requests usage
as well as pass it on to skopeo.
If http[s]_proxy is defined in atomic.conf, use it; however, environment
variables will override these if defined.
Added --insecure to Atomic push so the user can override the logic
(or lack thereof) around deducing if a registry is insecure. Also
needed for integration tests.
Closes: #964
Approved by: rhatdan
We now derive the proper sigstore from a series of YAML
configuration files in /etc/containers/registries.d. These
configuration files can have: sigstore and sigstore-write as
keys and the values are a file path or http|s URL.
When signing an image, as long as the -d override is not used,
we use those values when writing local signatures.
Closes: #603
Approved by: rhatdan
Previously, with the understanding we would be shipping a single
generic scanner configuration file, would 1) install the config
file and we had preset a default scanner in atomic.conf.
With the realization that the scanner could be variable based
on the distribution, the generic file is not longer installed
by default. Therefore, we should probably not set a default.
The prior code failed if a default was not defined in
/etc/atomic.conf. That code check has been altered and we now
adhere to the following rules:
* If no default is defined AND there is only one configured
scanner, we assume the single scanner IS the default.
* If no default is defined AND there are multiple scanners, we
error out and ask the user to define one.
* If there is a default defined, good to go!
Closes: #383
Approved by: rhatdan
As more scanners besides openscap become available, atomic
can now begin to leverage them. The new scan function has
been broken out into its on file (scan.py).
The scan command itself now defaults to openscap but can
also be switched to blackduck with --scanner.
Atomic now can use a configuration file which is stored
in /etc/atomic.conf. The location of the atomic conf
file can be overriden with the environment variable
'ATOMIC_CONF'. In the case of the scan function,
we need the scanner defined in the configuration file
as well as the fully qualified image name and the
scan arguments. Optionally, you can provide additional
custom docker arguments for the scanner as well
