Minimally update for the DockerInsecureSkipTLSVerify type change

Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.

Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).

Also make the --tls-verify man page sections a tiny bit more consistent
throughout.

This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

6 files changed, 21 insertions, 15 deletions

diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 33ce8635f..cfdd8005b 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/containers/image/docker"
 	"github.com/containers/image/pkg/docker/config"
+	"github.com/containers/image/types"
 	"github.com/containers/libpod/libpod/common"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
@@ -93,7 +94,9 @@ func loginCmd(c *cli.Context) error {
 		return errors.Wrapf(err, "error getting username and password")
 	}
 
-	sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify")
+	if c.IsSet("tls-verify") {
+		sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
+	}
 	if c.String("cert-dir") != "" {
 		sc.DockerCertPath = c.String("cert-dir")
 	}
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index 8fb3971bd..490b7f96f 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -104,11 +104,11 @@ func pullCmd(c *cli.Context) error {
 	}
 
 	dockerRegistryOptions := image2.DockerRegistryOptions{
-		DockerRegistryCreds:         registryCreds,
-		DockerCertPath:              c.String("cert-dir"),
-		DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
+		DockerRegistryCreds: registryCreds,
+		DockerCertPath:      c.String("cert-dir"),
 	}
 	if c.IsSet("tls-verify") {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
 		forceSecure = c.Bool("tls-verify")
 	}
 
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index 331f92cd2..0015373ed 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -108,7 +108,6 @@ func pushCmd(c *cli.Context) error {
 	}
 
 	certPath := c.String("cert-dir")
-	skipVerify := !c.BoolT("tls-verify")
 	removeSignatures := c.Bool("remove-signatures")
 	signBy := c.String("sign-by")
 
@@ -145,16 +144,15 @@ func pushCmd(c *cli.Context) error {
 		}
 	}
 
+	dockerRegistryOptions := image.DockerRegistryOptions{
+		DockerRegistryCreds: registryCreds,
+		DockerCertPath:      certPath,
+	}
 	if c.IsSet("tls-verify") {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
 		forceSecure = c.Bool("tls-verify")
 	}
 
-	dockerRegistryOptions := image.DockerRegistryOptions{
-		DockerRegistryCreds:         registryCreds,
-		DockerCertPath:              certPath,
-		DockerInsecureSkipTLSVerify: skipVerify,
-	}
-
 	so := image.SigningOptions{
 		RemoveSignatures: removeSignatures,
 		SignBy:           signBy,
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index b0d87d0d9..48a296260 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/image/types"
 	"github.com/containers/libpod/cmd/podman/libpodruntime"
 	"github.com/containers/libpod/cmd/podman/shared"
 	"github.com/containers/libpod/libpod/image"
@@ -153,8 +154,10 @@ func runlabelCmd(c *cli.Context) error {
 	}
 
 	dockerRegistryOptions := image.DockerRegistryOptions{
-		DockerCertPath:              c.String("cert-dir"),
-		DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
+		DockerCertPath: c.String("cert-dir"),
+	}
+	if c.IsSet("tls-verify") {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify"))
 	}
 
 	authfile := getAuthFile(c.String("authfile"))
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index fa11dad32..c12224666 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/containers/image/docker"
+	"github.com/containers/image/types"
 	"github.com/containers/libpod/cmd/podman/formats"
 	"github.com/containers/libpod/libpod/common"
 	sysreg "github.com/containers/libpod/pkg/registries"
@@ -216,7 +217,7 @@ func getSearchOutput(term string, regAndSkipTLS map[string]bool, opts searchOpts
 	var paramsArr []searchParams
 	for reg, skipTLS := range regAndSkipTLS {
 		// set the SkipTLSVerify bool depending on the registry being searched through
-		sc.DockerInsecureSkipTLSVerify = skipTLS
+		sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(skipTLS)
 		results, err := docker.SearchRegistry(context.TODO(), sc, reg, term, limit)
 		if err != nil {
 			logrus.Errorf("error searching registry %q: %v", reg, err)
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index b081b60a3..486f4e60c 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -610,7 +610,8 @@ method InspectImage(name: string) -> (image: string)
 method HistoryImage(name: string) -> (history: []ImageHistory)
 
 # PushImage takes three input arguments: the name or ID of an image, the fully-qualified destination name of the image,
-# and a boolean as to whether tls-verify should be used.  It will return an [ImageNotFound](#ImageNotFound) error if
+# and a boolean as to whether tls-verify should be used (with false disabling TLS, not affecting the default behavior).
+# It will return an [ImageNotFound](#ImageNotFound) error if
 # the image cannot be found in local storage; otherwise the ID of the image will be returned on success.
 method PushImage(name: string, tag: string, tlsverify: bool) -> (image: string)