diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2021-10-22 16:07:26 +0200 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2021-11-30 14:48:26 +0100 |
| commit | 47a8e7c9f9759f1775a0d59dd292eb375accd903 (patch) | |
| tree | b125b7fad9f736445c34f6688f5d4dd28513b1bd /cmd/podman | |
| parent | 67d5b21f66beb58f9bfe25451e812a741d5c017d (diff) | |
| download | podman-47a8e7c9f9759f1775a0d59dd292eb375accd903.tar.gz podman-47a8e7c9f9759f1775a0d59dd292eb375accd903.tar.bz2 podman-47a8e7c9f9759f1775a0d59dd292eb375accd903.zip | |
container create: fix --tls-verify parsing
Make sure that the value is only set if specified on the CLI. c/image
already defaults to true but if set in the system context, we'd skip
settings in the registries.conf.
Backport of commit ff31f2264da.
Fixes: #11933
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'cmd/podman')
| -rw-r--r-- | cmd/podman/common/create.go | 8 | ||||
| -rw-r--r-- | cmd/podman/containers/create.go | 7 |
2 files changed, 9 insertions, 6 deletions
diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 643f6728a..910aae6f0 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -5,6 +5,7 @@ import ( "github.com/containers/common/pkg/auth" "github.com/containers/common/pkg/completion" + commonFlag "github.com/containers/common/pkg/flag" "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/domain/entities" @@ -606,12 +607,9 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, ) _ = cmd.RegisterFlagCompletionFunc(timeoutFlagName, completion.AutocompleteNone) - // Flag for TLS verification, so that `run` and `create` commands can make use of it. - // Make sure to use `=` while using this flag i.e `--tls-verify=false/true` - tlsVerifyFlagName := "tls-verify" - createFlags.BoolVar( + commonFlag.OptionalBoolFlag(createFlags, &cf.TLSVerify, - tlsVerifyFlagName, true, + "tls-verify", "Require HTTPS and verify certificates when contacting registries for pulling images", ) diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index aa34f9ba5..8bbdfa871 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -292,6 +292,11 @@ func PullImage(imageName string, cliVals entities.ContainerCreateOptions) (strin } } + skipTLSVerify := types.OptionalBoolUndefined + if cliVals.TLSVerify.Present() { + skipTLSVerify = types.NewOptionalBool(!cliVals.TLSVerify.Value()) + } + pullReport, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{ Authfile: cliVals.Authfile, Quiet: cliVals.Quiet, @@ -300,7 +305,7 @@ func PullImage(imageName string, cliVals entities.ContainerCreateOptions) (strin Variant: cliVals.Variant, SignaturePolicy: cliVals.SignaturePolicy, PullPolicy: pullPolicy, - SkipTLSVerify: types.NewOptionalBool(!cliVals.TLSVerify), // If Flag changed for TLS Verification + SkipTLSVerify: skipTLSVerify, }) if pullErr != nil { return "", pullErr |