We now derive the proper sigstore from a series of YAML
configuration files in /etc/containers/registries.d. These
configuration files can have: sigstore and sigstore-write as
keys and the values are a file path or http|s URL.
When signing an image, as long as the -d override is not used,
we use those values when writing local signatures.
Closes: #603
Approved by: rhatdan
Previously, with the understanding we would be shipping a single
generic scanner configuration file, would 1) install the config
file and we had preset a default scanner in atomic.conf.
With the realization that the scanner could be variable based
on the distribution, the generic file is not longer installed
by default. Therefore, we should probably not set a default.
The prior code failed if a default was not defined in
/etc/atomic.conf. That code check has been altered and we now
adhere to the following rules:
* If no default is defined AND there is only one configured
scanner, we assume the single scanner IS the default.
* If no default is defined AND there are multiple scanners, we
error out and ask the user to define one.
* If there is a default defined, good to go!
Closes: #383
Approved by: rhatdan
As more scanners besides openscap become available, atomic
can now begin to leverage them. The new scan function has
been broken out into its on file (scan.py).
The scan command itself now defaults to openscap but can
also be switched to blackduck with --scanner.
Atomic now can use a configuration file which is stored
in /etc/atomic.conf. The location of the atomic conf
file can be overriden with the environment variable
'ATOMIC_CONF'. In the case of the scan function,
we need the scanner defined in the configuration file
as well as the fully qualified image name and the
scan arguments. Optionally, you can provide additional
custom docker arguments for the scanner as well
