summaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2018-04-16 13:39:00 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-04-18 14:07:59 +0000
commit313e5e83e92f68349d2026fc3f358f237fe93a4a (patch)
tree91c523b44bb8f55790037a9a7b42bf63e3c90de6 /cmd/podman
parent982927468c6102cfc52e838be4815d2f89d3827e (diff)
downloadpodman-313e5e83e92f68349d2026fc3f358f237fe93a4a.tar.gz
podman-313e5e83e92f68349d2026fc3f358f237fe93a4a.tar.bz2
podman-313e5e83e92f68349d2026fc3f358f237fe93a4a.zip
regression: tls verify should be set on registries.conf if insecure
In the case where podman needs to pull an image, if that registry that the image resides on is known to be insesure (as defined in /etc/containers/registries.conf), tls-verify should be altered on the fly. Signed-off-by: baude <bbaude@redhat.com> Closes: #626 Approved by: mheon
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/create.go2
-rw-r--r--cmd/podman/load.go6
-rw-r--r--cmd/podman/pull.go6
-rw-r--r--cmd/podman/run.go2
-rw-r--r--cmd/podman/search.go4
5 files changed, 12 insertions, 8 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index b95309980..97490d6c0 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -181,7 +181,7 @@ func createCmd(c *cli.Context) error {
rtc := runtime.GetConfig()
- newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false)
+ newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false)
if err != nil {
return err
}
diff --git a/cmd/podman/load.go b/cmd/podman/load.go
index 941dd68d9..1fb723750 100644
--- a/cmd/podman/load.go
+++ b/cmd/podman/load.go
@@ -99,17 +99,17 @@ func loadCmd(c *cli.Context) error {
}
src := libpod.DockerArchive + ":" + input
- newImage, err := runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false)
+ newImage, err := runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false)
if err != nil {
// generate full src name with specified image:tag
fullSrc := libpod.OCIArchive + ":" + input
if image != "" {
fullSrc = fullSrc + ":" + image
}
- newImage, err = runtime.ImageRuntime().New(fullSrc, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false)
+ newImage, err = runtime.ImageRuntime().New(fullSrc, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false)
if err != nil {
src = libpod.DirTransport + ":" + input
- newImage, err = runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false)
+ newImage, err = runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false)
if err != nil {
return errors.Wrapf(err, "error pulling %q", src)
}
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index 4ceae4596..43169635a 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -58,6 +58,7 @@ var (
// pullCmd gets the data from the command line and calls pullImage
// to copy an image from a registry to a local machine
func pullCmd(c *cli.Context) error {
+ forceSecure := true
runtime, err := getRuntime(c)
if err != nil {
return errors.Wrapf(err, "could not get runtime")
@@ -98,8 +99,11 @@ func pullCmd(c *cli.Context) error {
DockerCertPath: c.String("cert-dir"),
DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
}
+ if !c.IsSet("tls-verify") {
+ forceSecure = false
+ }
- newImage, err := runtime.ImageRuntime().New(image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true)
+ newImage, err := runtime.ImageRuntime().New(image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true, forceSecure)
if err != nil {
return errors.Wrapf(err, "error pulling image %q", image)
}
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 2bf0668a3..ac6361070 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -59,7 +59,7 @@ func runCmd(c *cli.Context) error {
}
rtc := runtime.GetConfig()
- newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false)
+ newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false)
if err != nil {
return errors.Wrapf(err, "unable to find image")
}
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index 01eaa6729..106513e34 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -9,8 +9,8 @@ import (
"github.com/containers/image/docker"
"github.com/pkg/errors"
"github.com/projectatomic/libpod/cmd/podman/formats"
- "github.com/projectatomic/libpod/libpod"
"github.com/projectatomic/libpod/libpod/common"
+ sysreg "github.com/projectatomic/libpod/pkg/registries"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -110,7 +110,7 @@ func searchCmd(c *cli.Context) error {
if len(c.StringSlice("registry")) > 0 {
registries = c.StringSlice("registry")
} else {
- registries, err = libpod.GetRegistries()
+ registries, err = sysreg.GetRegistries()
if err != nil {
return errors.Wrapf(err, "error getting registries to search")
}