summaryrefslogtreecommitdiff
path: root/libpod/image
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2018-05-09 12:04:28 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-05-10 14:56:56 +0000
commit0e58ec74747ac7fbb0dccd364765b83b212657c9 (patch)
tree4d123eb30ce8b7ef3651d38b96fb03f75e505178 /libpod/image
parenta74107b506857b35c0ca9455177c309cd440a5aa (diff)
downloadpodman-0e58ec74747ac7fbb0dccd364765b83b212657c9.tar.gz
podman-0e58ec74747ac7fbb0dccd364765b83b212657c9.tar.bz2
podman-0e58ec74747ac7fbb0dccd364765b83b212657c9.zip
podman push should honor registries.conf
Like podman pull, when you push an image, podman should check if the registry is listed as insecure and if so, it should --tls-verify=false unless the user overrides this. Signed-off-by: baude <bbaude@redhat.com> Closes: #738 Approved by: mheon
Diffstat (limited to 'libpod/image')
-rw-r--r--libpod/image/image.go20
1 files changed, 18 insertions, 2 deletions
diff --git a/libpod/image/image.go b/libpod/image/image.go
index db0fdab90..b7d9200ec 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -26,7 +26,9 @@ import (
"github.com/projectatomic/libpod/libpod/common"
"github.com/projectatomic/libpod/libpod/driver"
"github.com/projectatomic/libpod/pkg/inspect"
+ "github.com/projectatomic/libpod/pkg/registries"
"github.com/projectatomic/libpod/pkg/util"
+ "github.com/sirupsen/logrus"
)
// imageConversions is used to cache image "cast" types
@@ -426,7 +428,7 @@ func (i *Image) UntagImage(tag string) error {
}
// PushImage pushes the given image to a location described by the given path
-func (i *Image) PushImage(ctx context.Context, destination, manifestMIMEType, authFile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions SigningOptions, dockerRegistryOptions *DockerRegistryOptions) error {
+func (i *Image) PushImage(ctx context.Context, destination, manifestMIMEType, authFile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions SigningOptions, dockerRegistryOptions *DockerRegistryOptions, forceSecure bool) error {
if destination == "" {
return errors.Wrapf(syscall.EINVAL, "destination image name must be specified")
}
@@ -458,9 +460,23 @@ func (i *Image) PushImage(ctx context.Context, destination, manifestMIMEType, au
if err != nil {
return errors.Wrapf(err, "error getting source imageReference for %q", i.InputName)
}
-
+ insecureRegistries, err := registries.GetInsecureRegistries()
+ if err != nil {
+ return err
+ }
copyOptions := getCopyOptions(writer, signaturePolicyPath, nil, dockerRegistryOptions, signingOptions, authFile, manifestMIMEType, forceCompress)
+ if strings.HasPrefix(DockerTransport, dest.Transport().Name()) {
+ imgRef, err := reference.Parse(dest.DockerReference().String())
+ if err != nil {
+ return err
+ }
+ registry := reference.Domain(imgRef.(reference.Named))
+ if util.StringInSlice(registry, insecureRegistries) && !forceSecure {
+ copyOptions.DestinationCtx.DockerInsecureSkipTLSVerify = true
+ logrus.Info(fmt.Sprintf("%s is an insecure registry; pushing with tls-verify=false", registry))
+ }
+ }
// Copy the image to the remote destination
err = cp.Image(ctx, policyContext, dest, src, copyOptions)
if err != nil {