1 files changed, 32 insertions, 6 deletions
diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go
index 49c76f40b..a2e68aff1 100644
--- a/cmd/podman/manifest/push.go
+++ b/cmd/podman/manifest/push.go
@@ -1,17 +1,26 @@
 package manifest
 
 import (
-	"context"
-
 	"github.com/containers/common/pkg/auth"
+	"github.com/containers/image/v5/types"
 	"github.com/containers/libpod/cmd/podman/registry"
 	"github.com/containers/libpod/pkg/domain/entities"
+	"github.com/containers/libpod/pkg/util"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 )
 
+// manifestPushOptsWrapper wraps entities.ManifestPushOptions and prevents leaking
+// CLI-only fields into the API types.
+type manifestPushOptsWrapper struct {
+	entities.ManifestPushOptions
+
+	TLSVerifyCLI   bool // CLI only
+	CredentialsCLI string
+}
+
 var (
-	manifestPushOpts = entities.ManifestPushOptions{}
+	manifestPushOpts = manifestPushOptsWrapper{}
 	pushCmd          = &cobra.Command{
 		Use:     "push [flags] SOURCE DESTINATION",
 		Short:   "Push a manifest list or image index to a registry",
@@ -33,12 +42,12 @@ func init() {
 	flags.BoolVar(&manifestPushOpts.All, "all", false, "also push the images in the list")
 	flags.StringVar(&manifestPushOpts.Authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
 	flags.StringVar(&manifestPushOpts.CertDir, "cert-dir", "", "use certificates at the specified path to access the registry")
-	flags.StringVar(&manifestPushOpts.Creds, "creds", "", "use `[username[:password]]` for accessing the registry")
+	flags.StringVar(&manifestPushOpts.CredentialsCLI, "creds", "", "use `[username[:password]]` for accessing the registry")
 	flags.StringVar(&manifestPushOpts.DigestFile, "digestfile", "", "after copying the image, write the digest of the resulting digest to the file")
 	flags.StringVarP(&manifestPushOpts.Format, "format", "f", "", "manifest type (oci or v2s2) to attempt to use when pushing the manifest list (default is manifest type of source)")
 	flags.BoolVarP(&manifestPushOpts.RemoveSignatures, "remove-signatures", "", false, "don't copy signatures when pushing images")
 	flags.StringVar(&manifestPushOpts.SignBy, "sign-by", "", "sign the image using a GPG key with the specified `FINGERPRINT`")
-	flags.BoolVar(&manifestPushOpts.TlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
+	flags.BoolVar(&manifestPushOpts.TLSVerifyCLI, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry")
 	flags.BoolVarP(&manifestPushOpts.Quiet, "quiet", "q", false, "don't output progress information when pushing lists")
 	if registry.IsRemote() {
 		_ = flags.MarkHidden("authfile")
@@ -59,7 +68,24 @@ func push(cmd *cobra.Command, args []string) error {
 	if destSpec == "" {
 		return errors.Errorf(`invalid destination "%s"`, destSpec)
 	}
-	if err := registry.ImageEngine().ManifestPush(context.Background(), args, manifestPushOpts); err != nil {
+
+	if manifestPushOpts.CredentialsCLI != "" {
+		creds, err := util.ParseRegistryCreds(manifestPushOpts.CredentialsCLI)
+		if err != nil {
+			return err
+		}
+		manifestPushOpts.Username = creds.Username
+		manifestPushOpts.Password = creds.Password
+	}
+
+	// TLS verification in c/image is controlled via a `types.OptionalBool`
+	// which allows for distinguishing among set-true, set-false, unspecified
+	// which is important to implement a sane way of dealing with defaults of
+	// boolean CLI flags.
+	if cmd.Flags().Changed("tls-verify") {
+		manifestPushOpts.SkipTLSVerify = types.NewOptionalBool(!manifestPushOpts.TLSVerifyCLI)
+	}
+	if err := registry.ImageEngine().ManifestPush(registry.Context(), args, manifestPushOpts.ManifestPushOptions); err != nil {
 		return errors.Wrapf(err, "error pushing manifest %s to %s", listImageSpec, destSpec)
 	}
 	return nil