cosign: add https_proxy and no_proxy for ClientConfig

The new `https_proxy` and `no_proxy` option gives ability for the users to set a proxy to pull signature manifest from the registry. This is useful in some cases where access to the registry depends on a proxy. Signed-off-by: Xynnn007 <[email protected]>
sigstore · Oct 9, 2024 · 89204d6 · 89204d6
1 parent 9965440
commit 89204d6
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/Cargo.toml b/Cargo.toml
@@ -109,7 +109,7 @@ elliptic-curve = { version = "0.13", features = ["arithmetic", "pem"] }
 futures = "0.3"
 futures-util = { version = "0.3", optional = true }
 lazy_static = "1.5"
-oci-distribution = { default-features = false, optional = true, package = "oci-client", git = "https://github.com/oras-project/rust-oci-client.git", rev = "8be4688" }
+oci-distribution = { default-features = false, optional = true, package = "oci-client", version = "0.13" }
 olpc-cjson = { version = "0.1", optional = true }
 openidconnect = { version = "3.5", default-features = false, features = [
   "reqwest",

diff --git a/src/registry/config.rs b/src/registry/config.rs
@@ -157,6 +157,16 @@ pub struct ClientConfig {
     /// A list of extra root certificate to trust. This can be used to connect
     /// to servers using self-signed certificates
     pub extra_root_certificates: Vec<Certificate>,
+
+    /// Set the `HTTPS PROXY` used by the client.
+    ///
+    /// This defaults to `None`.
+    pub https_proxy: Option<String>,
+
+    /// Set the `NO PROXY` used by the client.
+    ///
+    /// This defaults to `None`.
+    pub no_proxy: Option<String>,
 }
 
 impl Default for ClientConfig {
@@ -167,6 +177,8 @@ impl Default for ClientConfig {
             accept_invalid_hostnames: false,
             accept_invalid_certificates: false,
             extra_root_certificates: Vec::new(),
+            https_proxy: None,
+            no_proxy: None,
         }
     }
 }
@@ -183,6 +195,8 @@ impl From<ClientConfig> for oci_distribution::client::ClientConfig {
                 .iter()
                 .map(|c| c.into())
                 .collect(),
+            https_proxy: config.https_proxy,
+            no_proxy: config.no_proxy,
             ..Default::default()
         }
     }