summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2018-12-03 22:15:06 +0100
committerMiloslav Trmač <mitr@redhat.com>2018-12-06 23:34:59 +0100
commitb134951d14512506500a1446c3e5600aa858ea61 (patch)
tree88be257477d68ff1f9c2f49c4b5f52a250077483 /libpod
parentb70f8b3884e42b17748f8d503c84b855aa1eda8d (diff)
downloadpodman-b134951d14512506500a1446c3e5600aa858ea61.tar.gz
podman-b134951d14512506500a1446c3e5600aa858ea61.tar.bz2
podman-b134951d14512506500a1446c3e5600aa858ea61.zip
Minimally update for the DockerInsecureSkipTLSVerify type change
Following SystemContext.DockerInsecureSkipTLSVerify, make the DockerRegistryOne also an OptionalBool, and update callers. Explicitly document that --tls-verify=true and --tls-verify unset have different behavior in those commands where the behavior changed (or where it hasn't changed but the documentation needed updating). Also make the --tls-verify man page sections a tiny bit more consistent throughout. This is a minimal fix, without changing the existing "--tls-verify=true" paths nor existing manual insecure registry lookups. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/image/docker_registry_options.go5
-rw-r--r--libpod/image/image.go2
-rw-r--r--libpod/image/pull.go2
3 files changed, 5 insertions, 4 deletions
diff --git a/libpod/image/docker_registry_options.go b/libpod/image/docker_registry_options.go
index 97a151396..c191a3ca2 100644
--- a/libpod/image/docker_registry_options.go
+++ b/libpod/image/docker_registry_options.go
@@ -19,8 +19,9 @@ type DockerRegistryOptions struct {
// except for ".cert" and ".key" suffixes).
DockerCertPath string
// DockerInsecureSkipTLSVerify turns off verification of TLS
- // certificates and allows connecting to registries without encryption.
- DockerInsecureSkipTLSVerify bool
+ // certificates and allows connecting to registries without encryption
+ // - or forces it on even if registries.conf has the registry configured as insecure.
+ DockerInsecureSkipTLSVerify types.OptionalBool
}
// GetSystemContext constructs a new system context from a parent context. the values in the DockerRegistryOptions, and other parameters.
diff --git a/libpod/image/image.go b/libpod/image/image.go
index 434f9031e..a27da83fe 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -547,7 +547,7 @@ func (i *Image) PushImageToReference(ctx context.Context, dest types.ImageRefere
registry := reference.Domain(imgRef)
if util.StringInSlice(registry, insecureRegistries) && !forceSecure {
- copyOptions.DestinationCtx.DockerInsecureSkipTLSVerify = true
+ copyOptions.DestinationCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
logrus.Info(fmt.Sprintf("%s is an insecure registry; pushing with tls-verify=false", registry))
}
}
diff --git a/libpod/image/pull.go b/libpod/image/pull.go
index bfa04d069..706e0d48f 100644
--- a/libpod/image/pull.go
+++ b/libpod/image/pull.go
@@ -247,7 +247,7 @@ func (ir *Runtime) doPullImage(ctx context.Context, sc *types.SystemContext, goa
registry := reference.Domain(imgRef)
if util.StringInSlice(registry, insecureRegistries) && !forceSecure {
- copyOptions.SourceCtx.DockerInsecureSkipTLSVerify = true
+ copyOptions.SourceCtx.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
logrus.Info(fmt.Sprintf("%s is an insecure registry; pulling with tls-verify=false", registry))
}
}