diff options
author | Miloslav Trmač <mitr@redhat.com> | 2018-12-03 22:15:06 +0100 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2018-12-06 23:34:59 +0100 |
commit | b134951d14512506500a1446c3e5600aa858ea61 (patch) | |
tree | 88be257477d68ff1f9c2f49c4b5f52a250077483 /libpod | |
parent | b70f8b3884e42b17748f8d503c84b855aa1eda8d (diff) | |
download | podman-b134951d14512506500a1446c3e5600aa858ea61.tar.gz podman-b134951d14512506500a1446c3e5600aa858ea61.tar.bz2 podman-b134951d14512506500a1446c3e5600aa858ea61.zip |
Minimally update for the DockerInsecureSkipTLSVerify type change
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/image/docker_registry_options.go | 5 | ||||
-rw-r--r-- | libpod/image/image.go | 2 | ||||
-rw-r--r-- | libpod/image/pull.go | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go index 97a151396..c191a3ca2 100644 --- a/libpod/image/docker_registry_options.go +++ b/libpod/image/docker_registry_options.go @@ -19,8 +19,9 @@ type DockerRegistryOptions struct { // except for ".cert" and ".key" suffixes). DockerCertPath string // DockerInsecureSkipTLSVerify turns off verification of TLS - // certificates and allows connecting to registries without encryption. - DockerInsecureSkipTLSVerify bool + // certificates and allows connecting to registries without encryption + // - or forces it on even if registries.conf has the registry configured as insecure. + DockerInsecureSkipTLSVerify types.OptionalBool } // GetSystemContext constructs a new system context from a parent context. the values in the DockerRegistryOptions, and other parameters. diff --git a/libpod/image/image.go b/libpod/image/image.go index 434f9031e..a27da83fe 100644 --- a/libpod/image/image.go +++ b/libpod/image/image.go @@ -547,7 +547,7 @@ func (i *Image) PushImageToReference(ctx context.Context, dest types.ImageRefere registry := reference.Domain(imgRef) if util.StringInSlice(registry, insecureRegistries) && !forceSecure { - copyOptions.DestinationCtx.DockerInsecureSkipTLSVerify = true + copyOptions.DestinationCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue logrus.Info(fmt.Sprintf("%s is an insecure registry; pushing with tls-verify=false", registry)) } } diff --git a/libpod/image/pull.go b/libpod/image/pull.go index bfa04d069..706e0d48f 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -247,7 +247,7 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa registry := reference.Domain(imgRef) if util.StringInSlice(registry, insecureRegistries) && !forceSecure { - copyOptions.SourceCtx.DockerInsecureSkipTLSVerify = true + copyOptions.SourceCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue logrus.Info(fmt.Sprintf("%s is an insecure registry; pulling with tls-verify=false", registry)) } } |