diff options
| author | baude <bbaude@redhat.com> | 2018-04-16 13:39:00 -0500 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-04-18 14:07:59 +0000 |
| commit | 313e5e83e92f68349d2026fc3f358f237fe93a4a (patch) | |
| tree | 91c523b44bb8f55790037a9a7b42bf63e3c90de6 /cmd/podman | |
| parent | 982927468c6102cfc52e838be4815d2f89d3827e (diff) | |
| download | podman-313e5e83e92f68349d2026fc3f358f237fe93a4a.tar.gz podman-313e5e83e92f68349d2026fc3f358f237fe93a4a.tar.bz2 podman-313e5e83e92f68349d2026fc3f358f237fe93a4a.zip | |
regression: tls verify should be set on registries.conf if insecure
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
Diffstat (limited to 'cmd/podman')
| -rw-r--r-- | cmd/podman/create.go | 2 | ||||
| -rw-r--r-- | cmd/podman/load.go | 6 | ||||
| -rw-r--r-- | cmd/podman/pull.go | 6 | ||||
| -rw-r--r-- | cmd/podman/run.go | 2 | ||||
| -rw-r--r-- | cmd/podman/search.go | 4 |
5 files changed, 12 insertions, 8 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index b95309980..97490d6c0 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -181,7 +181,7 @@ func createCmd(c *cli.Context) error { rtc := runtime.GetConfig() - newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false) + newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false) if err != nil { return err } diff --git a/cmd/podman/load.go b/cmd/podman/load.go index 941dd68d9..1fb723750 100644 --- a/cmd/podman/load.go +++ b/cmd/podman/load.go @@ -99,17 +99,17 @@ func loadCmd(c *cli.Context) error { } src := libpod.DockerArchive + ":" + input - newImage, err := runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false) + newImage, err := runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false) if err != nil { // generate full src name with specified image:tag fullSrc := libpod.OCIArchive + ":" + input if image != "" { fullSrc = fullSrc + ":" + image } - newImage, err = runtime.ImageRuntime().New(fullSrc, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false) + newImage, err = runtime.ImageRuntime().New(fullSrc, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false) if err != nil { src = libpod.DirTransport + ":" + input - newImage, err = runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false) + newImage, err = runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false) if err != nil { return errors.Wrapf(err, "error pulling %q", src) } diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index 4ceae4596..43169635a 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -58,6 +58,7 @@ var ( // pullCmd gets the data from the command line and calls pullImage // to copy an image from a registry to a local machine func pullCmd(c *cli.Context) error { + forceSecure := true runtime, err := getRuntime(c) if err != nil { return errors.Wrapf(err, "could not get runtime") @@ -98,8 +99,11 @@ func pullCmd(c *cli.Context) error { DockerCertPath: c.String("cert-dir"), DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"), } + if !c.IsSet("tls-verify") { + forceSecure = false + } - newImage, err := runtime.ImageRuntime().New(image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true) + newImage, err := runtime.ImageRuntime().New(image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true, forceSecure) if err != nil { return errors.Wrapf(err, "error pulling image %q", image) } diff --git a/cmd/podman/run.go b/cmd/podman/run.go index 2bf0668a3..ac6361070 100644 --- a/cmd/podman/run.go +++ b/cmd/podman/run.go @@ -59,7 +59,7 @@ func runCmd(c *cli.Context) error { } rtc := runtime.GetConfig() - newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false) + newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false) if err != nil { return errors.Wrapf(err, "unable to find image") } diff --git a/cmd/podman/search.go b/cmd/podman/search.go index 01eaa6729..106513e34 100644 --- a/cmd/podman/search.go +++ b/cmd/podman/search.go @@ -9,8 +9,8 @@ import ( "github.com/containers/image/docker" "github.com/pkg/errors" "github.com/projectatomic/libpod/cmd/podman/formats" - "github.com/projectatomic/libpod/libpod" "github.com/projectatomic/libpod/libpod/common" + sysreg "github.com/projectatomic/libpod/pkg/registries" "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -110,7 +110,7 @@ func searchCmd(c *cli.Context) error { if len(c.StringSlice("registry")) > 0 { registries = c.StringSlice("registry") } else { - registries, err = libpod.GetRegistries() + registries, err = sysreg.GetRegistries() if err != nil { return errors.Wrapf(err, "error getting registries to search") } |