diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-02-15 10:50:36 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-15 10:50:36 +0100 |
| commit | d512c4d255ad0229e52804b805da119ff9075c3d (patch) | |
| tree | ff4c242fd9d39766d739151431e1736ff64f89e9 /libpod | |
| parent | 81ace5caaca844eda4be48245590ea54bdd0cba3 (diff) | |
| parent | 5f7d4ee73fdf53f912d7e31c24daf5f4c8a93327 (diff) | |
| download | podman-d512c4d255ad0229e52804b805da119ff9075c3d.tar.gz podman-d512c4d255ad0229e52804b805da119ff9075c3d.tar.bz2 podman-d512c4d255ad0229e52804b805da119ff9075c3d.zip | |
Merge pull request #2305 from rhatdan/tlsverify
Add tlsVerify bool to SearchImage for varlink
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/adapter/runtime_remote.go | 38 |
1 files changed, 27 insertions, 11 deletions
diff --git a/libpod/adapter/runtime_remote.go b/libpod/adapter/runtime_remote.go index d0a3c5b1f..f63b5875d 100644 --- a/libpod/adapter/runtime_remote.go +++ b/libpod/adapter/runtime_remote.go @@ -163,7 +163,8 @@ func (r *LocalRuntime) NewImageFromLocal(name string) (*ContainerImage, error) { func (r *LocalRuntime) LoadFromArchiveReference(ctx context.Context, srcRef types.ImageReference, signaturePolicyPath string, writer io.Writer) ([]*ContainerImage, error) { // TODO We need to find a way to leak certDir, creds, and the tlsverify into this function, normally this would // come from cli options but we don't want want those in here either. - imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, true) + tlsverify := true + imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, &tlsverify) if err != nil { return nil, err } @@ -179,15 +180,21 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf if label != nil { return nil, errors.New("the remote client function does not support checking a remote image for a label") } - // TODO Creds needs to be figured out here too, like above - tlsBool := dockeroptions.DockerInsecureSkipTLSVerify - // Remember SkipTlsVerify is the opposite of tlsverify - // If tlsBook is true or undefined, we do not skip - SkipTlsVerify := false - if tlsBool == types.OptionalBoolFalse { - SkipTlsVerify = true + var ( + tlsVerify bool + tlsVerifyPtr *bool + ) + if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse { + tlsVerify = true + tlsVerifyPtr = &tlsVerify + + } + if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue { + tlsVerify = false + tlsVerifyPtr = &tlsVerify } - imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, SkipTlsVerify) + + imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, tlsVerifyPtr) if err != nil { return nil, err } @@ -577,10 +584,19 @@ func (r *LocalRuntime) RemoveVolumes(ctx context.Context, c *cliconfig.VolumeRmV func (r *LocalRuntime) Push(ctx context.Context, srcName, destination, manifestMIMEType, authfile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions image.SigningOptions, dockerRegistryOptions *image.DockerRegistryOptions, additionalDockerArchiveTags []reference.NamedTagged) error { - tls := true + var ( + tls *bool + tlsVerify bool + ) if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue { - tls = false + tlsVerify = false + tls = &tlsVerify } + if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse { + tlsVerify = true + tls = &tlsVerify + } + reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, tls, signaturePolicyPath, "", dockerRegistryOptions.DockerCertPath, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy) if err != nil { return err |