12 files changed, 99 insertions, 61 deletions

diff --git a/cmd/podman/build.go b/cmd/podman/build.go
index 24be9bb46..6e70c6540 100644
--- a/cmd/podman/build.go
+++ b/cmd/podman/build.go
@@ -43,7 +43,7 @@ var (
 			return buildCmd(&buildCommand)
 		},
 		Example: `podman build .
-  podman build --cert-dir ~/auth --creds=username:password -t imageName -f Dockerfile.simple .
+  podman build --creds=username:password -t imageName -f Dockerfile.simple .
   podman build --layers --force-rm --tag imageName .`,
 	}
 )
@@ -72,6 +72,7 @@ func init() {
 	flags.AddFlagSet(&budFlags)
 	flags.AddFlagSet(&layerFlags)
 	flags.AddFlagSet(&fromAndBugFlags)
+	flags.MarkHidden("signature-policy")
 }
 
 func getDockerfiles(files []string) []string {
diff --git a/cmd/podman/common.go b/cmd/podman/common.go
index c0bcaa5c5..5e26d9bfd 100644
--- a/cmd/podman/common.go
+++ b/cmd/podman/common.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/containers/buildah"
@@ -163,6 +164,10 @@ func getCreateFlags(c *cliconfig.PodmanCommand) {
 		"Attach to STDIN, STDOUT or STDERR (default [])",
 	)
 	createFlags.String(
+		"authfile", getAuthFile(""),
+		"Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override",
+	)
+	createFlags.String(
 		"blkio-weight", "",
 		"Block IO weight (relative weight) accepts a weight value between 10 and 1000.",
 	)
@@ -553,7 +558,18 @@ func getAuthFile(authfile string) string {
 	if authfile != "" {
 		return authfile
 	}
-	return os.Getenv("REGISTRY_AUTH_FILE")
+	if remote {
+		return ""
+	}
+	authfile = os.Getenv("REGISTRY_AUTH_FILE")
+	if authfile != "" {
+		return authfile
+	}
+	runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
+	if runtimeDir != "" {
+		return filepath.Join(runtimeDir, "containers/auth.json")
+	}
+	return ""
 }
 
 // scrubServer removes 'http://' or 'https://' from the front of the
diff --git a/cmd/podman/load.go b/cmd/podman/load.go
index f3bbed48f..0c41eb792 100644
--- a/cmd/podman/load.go
+++ b/cmd/podman/load.go
@@ -40,8 +40,11 @@ func init() {
 	flags := loadCommand.Flags()
 	flags.StringVarP(&loadCommand.Input, "input", "i", "", "Read from specified archive file (default: stdin)")
 	flags.BoolVarP(&loadCommand.Quiet, "quiet", "q", false, "Suppress the output")
-	flags.StringVar(&loadCommand.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file (not usually used)")
-
+	// Disabled flags for the remote client
+	if !remote {
+		flags.StringVar(&loadCommand.SignaturePolicy, "signature-policy", "", "Pathname of signature policy file (not usually used)")
+		flags.MarkHidden("signature-policy")
+	}
 }
 
 // loadCmd gets the image/file to be loaded from the command line
diff --git a/cmd/podman/login.go b/cmd/podman/login.go
index 9f9631d0d..3a78adadc 100644
--- a/cmd/podman/login.go
+++ b/cmd/podman/login.go
@@ -32,25 +32,30 @@ var (
 			return loginCmd(&loginCommand)
 		},
 		Example: `podman login -u testuser -p testpassword localhost:5000
-  podman login --authfile authdir/myauths.json quay.io
   podman login -u testuser -p testpassword localhost:5000`,
 	}
 )
 
 func init() {
+	if !remote {
+		_loginCommand.Example = fmt.Sprintf("%s\n  podman login --authfile authdir/myauths.json quay.io", _loginCommand.Example)
+
+	}
 	loginCommand.Command = _loginCommand
 	loginCommand.SetHelpTemplate(HelpTemplate())
 	loginCommand.SetUsageTemplate(UsageTemplate())
 	flags := loginCommand.Flags()
 
-	flags.StringVar(&loginCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
-	flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry")
 	flags.BoolVar(&loginCommand.GetLogin, "get-login", true, "Return the current login user for the registry")
 	flags.StringVarP(&loginCommand.Password, "password", "p", "", "Password for registry")
-	flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 	flags.StringVarP(&loginCommand.Username, "username", "u", "", "Username for registry")
 	flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin")
-
+	// Disabled flags for the remote client
+	if !remote {
+		flags.StringVar(&loginCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&loginCommand.CertDir, "cert-dir", "", "Pathname of a directory containing TLS certificates and keys used to connect to the registry")
+		flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+	}
 }
 
 // loginCmd uses the authentication package to store a user's authenticated credentials
@@ -64,9 +69,8 @@ func loginCmd(c *cliconfig.LoginValues) error {
 		return errors.Errorf("please specify a registry to login to")
 	}
 	server := registryFromFullName(scrubServer(args[0]))
-	authfile := getAuthFile(c.Authfile)
 
-	sc := image.GetSystemContext("", authfile, false)
+	sc := image.GetSystemContext("", c.Authfile, false)
 	if c.Flag("tls-verify").Changed {
 		sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
 	}
diff --git a/cmd/podman/logout.go b/cmd/podman/logout.go
index ec581a098..5df838bba 100644
--- a/cmd/podman/logout.go
+++ b/cmd/podman/logout.go
@@ -24,20 +24,23 @@ var (
 			logoutCommand.Remote = remoteclient
 			return logoutCmd(&logoutCommand)
 		},
-		Example: `podman logout docker.io
-  podman logout --authfile authdir/myauths.json docker.io
+		Example: `podman logout quay.io
   podman logout --all`,
 	}
 )
 
 func init() {
+	if !remote {
+		_logoutCommand.Example = fmt.Sprintf("%s\n  podman logout --authfile authdir/myauths.json quay.io", _logoutCommand.Example)
+
+	}
 	logoutCommand.Command = _logoutCommand
 	logoutCommand.SetHelpTemplate(HelpTemplate())
 	logoutCommand.SetUsageTemplate(UsageTemplate())
 	flags := logoutCommand.Flags()
 	flags.BoolVarP(&logoutCommand.All, "all", "a", false, "Remove the cached credentials for all registries in the auth file")
-	flags.StringVar(&logoutCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
-
+	flags.StringVar(&logoutCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+	markFlagHiddenForRemoteClient("authfile", flags)
 }
 
 // logoutCmd uses the authentication package to remove the authenticated of a registry
@@ -54,9 +57,8 @@ func logoutCmd(c *cliconfig.LogoutValues) error {
 	if len(args) == 1 {
 		server = scrubServer(args[0])
 	}
-	authfile := getAuthFile(c.Authfile)
 
-	sc := image.GetSystemContext("", authfile, false)
+	sc := image.GetSystemContext("", c.Authfile, false)
 
 	if c.All {
 		if err := config.RemoveAllAuthentication(sc); err != nil {
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index 8d824eacb..b0f4a44eb 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -47,22 +47,28 @@ var (
 			playKubeCommand.Remote = remoteclient
 			return playKubeCmd(&playKubeCommand)
 		},
-		Example: `podman play kube demo.yml
-  podman play kube --cert-dir /mycertsdir --tls-verify=true --quiet myWebPod`,
+		Example: `podman play kube demo.yml`,
 	}
 )
 
 func init() {
+	if !remote {
+		_playKubeCommand.Example = fmt.Sprintf("%s\n  podman play kube --cert-dir /mycertsdir --tls-verify=true --quiet myWebPod", _playKubeCommand.Example)
+	}
 	playKubeCommand.Command = _playKubeCommand
 	playKubeCommand.SetHelpTemplate(HelpTemplate())
 	playKubeCommand.SetUsageTemplate(UsageTemplate())
 	flags := playKubeCommand.Flags()
-	flags.StringVar(&playKubeCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
-	flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 	flags.StringVar(&playKubeCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
 	flags.BoolVarP(&playKubeCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
-	flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
-	flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+	// Disabled flags for the remote client
+	if !remote {
+		flags.StringVar(&playKubeCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
+		flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+		flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+		flags.MarkHidden("signature-policy")
+	}
 }
 
 func playKubeCmd(c *cliconfig.KubePlayValues) error {
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index f6a5beb17..115f437d8 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -36,28 +36,31 @@ var (
 			return pullCmd(&pullCommand)
 		},
 		Example: `podman pull imageName
-  podman pull --cert-dir image/certs --authfile temp-auths/myauths.json docker://docker.io/myrepo/finaltest
   podman pull fedora:latest`,
 	}
 )
 
 func init() {
+
+	if !remote {
+		_pullCommand.Example = fmt.Sprintf("%s\n  podman pull --cert-dir image/certs --authfile temp-auths/myauths.json docker://docker.io/myrepo/finaltest", _pullCommand.Example)
+
+	}
 	pullCommand.Command = _pullCommand
 	pullCommand.SetHelpTemplate(HelpTemplate())
 	pullCommand.SetUsageTemplate(UsageTemplate())
 	flags := pullCommand.Flags()
 	flags.BoolVar(&pullCommand.AllTags, "all-tags", false, "All tagged images in the repository will be pulled")
-	flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 	flags.StringVar(&pullCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
 	flags.BoolVarP(&pullCommand.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
-
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&pullCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&pullCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&pullCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 		flags.StringVar(&pullCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 		flags.BoolVar(&pullCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+		flags.MarkHidden("signature-policy")
 	}
-
 }
 
 // pullCmd gets the data from the command line and calls pullImage
@@ -138,8 +141,6 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
 		return nil
 	}
 
-	authfile := getAuthFile(c.String("authfile"))
-
 	// FIXME: the default pull consults the registries.conf's search registries
 	// while the all-tags pull does not. This behavior must be fixed in the
 	// future and span across c/buildah, c/image and c/libpod to avoid redundant
@@ -148,7 +149,7 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
 	// See https://bugzilla.redhat.com/show_bug.cgi?id=1701922 for background
 	// information.
 	if !c.Bool("all-tags") {
-		newImage, err := runtime.New(getContext(), imgArg, c.SignaturePolicy, authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
+		newImage, err := runtime.New(getContext(), imgArg, c.SignaturePolicy, c.Authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
 		if err != nil {
 			return errors.Wrapf(err, "error pulling image %q", imgArg)
 		}
@@ -158,7 +159,7 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
 
 	// FIXME: all-tags should use the libpod backend instead of baking its own bread.
 	spec := imgArg
-	systemContext := image.GetSystemContext("", authfile, false)
+	systemContext := image.GetSystemContext("", c.Authfile, false)
 	srcRef, err := alltransports.ParseImageName(spec)
 	if err != nil {
 		dockerTransport := "docker://"
@@ -186,7 +187,7 @@ func pullCmd(c *cliconfig.PullValues) (retError error) {
 	var foundIDs []string
 	foundImage := true
 	for _, name := range names {
-		newImage, err := runtime.New(getContext(), name, c.String("signature-policy"), authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
+		newImage, err := runtime.New(getContext(), name, c.SignaturePolicy, c.Authfile, writer, &dockerRegistryOptions, image.SigningOptions{}, true, nil)
 		if err != nil {
 			logrus.Errorf("error pulling image %q", name)
 			foundImage = false
diff --git a/cmd/podman/push.go b/cmd/podman/push.go
index ee14b15e2..497820156 100644
--- a/cmd/podman/push.go
+++ b/cmd/podman/push.go
@@ -35,18 +35,20 @@ var (
 			return pushCmd(&pushCommand)
 		},
 		Example: `podman push imageID docker://registry.example.com/repository:tag
-  podman push imageID oci-archive:/path/to/layout:image:tag
-  podman push --authfile temp-auths/myauths.json alpine docker://docker.io/myrepo/alpine`,
+  podman push imageID oci-archive:/path/to/layout:image:tag`,
 	}
 )
 
 func init() {
+	if !remote {
+		_pushCommand.Example = fmt.Sprintf("%s\n  podman push --authfile temp-auths/myauths.json alpine docker://docker.io/myrepo/alpine", _pushCommand.Example)
+
+	}
+
 	pushCommand.Command = _pushCommand
 	pushCommand.SetHelpTemplate(HelpTemplate())
 	pushCommand.SetUsageTemplate(UsageTemplate())
 	flags := pushCommand.Flags()
-	flags.MarkHidden("signature-policy")
-	flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 	flags.StringVar(&pushCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
 	flags.StringVarP(&pushCommand.Format, "format", "f", "", "Manifest type (oci, v2s1, or v2s2) to use when pushing an image using the 'dir:' transport (default is manifest type of source)")
 	flags.BoolVarP(&pushCommand.Quiet, "quiet", "q", false, "Don't output progress information when pushing images")
@@ -55,10 +57,12 @@ func init() {
 
 	// Disabled flags for the remote client
 	if !remote {
-		flags.StringVar(&pushCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&pushCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&pushCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 		flags.BoolVar(&pushCommand.Compress, "compress", false, "Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type as source)")
 		flags.StringVar(&pushCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
 		flags.BoolVar(&pushCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+		flags.MarkHidden("signature-policy")
 	}
 }
 
@@ -138,7 +142,5 @@ func pushCmd(c *cliconfig.PushValues) error {
 		SignBy:           signBy,
 	}
 
-	authfile := getAuthFile(c.Authfile)
-
-	return runtime.Push(getContext(), srcName, destName, manifestType, authfile, c.SignaturePolicy, writer, c.Compress, so, &dockerRegistryOptions, nil)
+	return runtime.Push(getContext(), srcName, destName, manifestType, c.Authfile, c.SignaturePolicy, writer, c.Compress, so, &dockerRegistryOptions, nil)
 }
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 01b12d282..7d84d716b 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -36,6 +36,8 @@ func init() {
 	flags.SetInterspersed(false)
 	flags.Bool("sig-proxy", true, "Proxy received signals to the process")
 	getCreateFlags(&runCommand.PodmanCommand)
+	markFlagHiddenForRemoteClient("authfile", flags)
+	flags.MarkHidden("signature-policy")
 }
 
 func runCmd(c *cliconfig.RunValues) error {
diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go
index e87b88992..59cbc7aa4 100644
--- a/cmd/podman/runlabel.go
+++ b/cmd/podman/runlabel.go
@@ -45,8 +45,6 @@ func init() {
 	runlabelCommand.SetHelpTemplate(HelpTemplate())
 	runlabelCommand.SetUsageTemplate(UsageTemplate())
 	flags := runlabelCommand.Flags()
-	flags.StringVar(&runlabelCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
-	flags.StringVar(&runlabelCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
 	flags.StringVar(&runlabelCommand.Creds, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
 	flags.BoolVar(&runlabelCommand.Display, "display", false, "Preview the command that the label would run")
 	flags.BoolVar(&runlabelCommand.Replace, "replace", false, "Replace existing container with a new one from the image")
@@ -61,10 +59,17 @@ func init() {
 
 	flags.BoolP("pull", "p", false, "Pull the image if it does not exist locally prior to executing the label contents")
 	flags.BoolVarP(&runlabelCommand.Quiet, "quiet", "q", false, "Suppress output information when installing images")
-	flags.StringVar(&runlabelCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
-	flags.BoolVar(&runlabelCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+	// Disabled flags for the remote client
+	if !remote {
+		flags.StringVar(&runlabelCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.StringVar(&runlabelCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys")
+		flags.StringVar(&runlabelCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)")
+		flags.BoolVar(&runlabelCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
 
-	flags.MarkDeprecated("pull", "podman will pull if not found in local storage")
+		flags.MarkDeprecated("pull", "podman will pull if not found in local storage")
+		flags.MarkHidden("signature-policy")
+	}
+	markFlagHiddenForRemoteClient("authfile", flags)
 }
 
 // installCmd gets the data from the command line and calls installImage
@@ -137,8 +142,7 @@ func runlabelCmd(c *cliconfig.RunlabelValues) error {
 		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
 	}
 
-	authfile := getAuthFile(c.Authfile)
-	runLabel, imageName, err := shared.GetRunlabel(label, runlabelImage, ctx, runtime, true, c.Creds, dockerRegistryOptions, authfile, c.SignaturePolicy, stdOut)
+	runLabel, imageName, err := shared.GetRunlabel(label, runlabelImage, ctx, runtime, true, c.Creds, dockerRegistryOptions, c.Authfile, c.SignaturePolicy, stdOut)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index b236f3055..ba04002f6 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -43,12 +43,15 @@ func init() {
 	searchCommand.SetHelpTemplate(HelpTemplate())
 	searchCommand.SetUsageTemplate(UsageTemplate())
 	flags := searchCommand.Flags()
-	flags.StringVar(&searchCommand.Authfile, "authfile", "", "Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json. Use REGISTRY_AUTH_FILE environment variable to override")
 	flags.StringSliceVarP(&searchCommand.Filter, "filter", "f", []string{}, "Filter output based on conditions provided (default [])")
 	flags.StringVar(&searchCommand.Format, "format", "", "Change the output format to a Go template")
 	flags.IntVar(&searchCommand.Limit, "limit", 0, "Limit the number of results")
 	flags.BoolVar(&searchCommand.NoTrunc, "no-trunc", false, "Do not truncate the output")
-	flags.BoolVar(&searchCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+	// Disabled flags for the remote client
+	if !remote {
+		flags.StringVar(&searchCommand.Authfile, "authfile", getAuthFile(""), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+		flags.BoolVar(&searchCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
+	}
 }
 
 func searchCmd(c *cliconfig.SearchValues) error {
@@ -70,7 +73,7 @@ func searchCmd(c *cliconfig.SearchValues) error {
 		NoTrunc:  c.NoTrunc,
 		Limit:    c.Limit,
 		Filter:   *filter,
-		Authfile: getAuthFile(c.Authfile),
+		Authfile: c.Authfile,
 	}
 	if c.Flag("tls-verify").Changed {
 		searchOptions.InsecureSkipTLSVerify = types.NewOptionalBool(!c.TlsVerify)
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index faaecdb6b..ed7b49c68 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -414,7 +414,6 @@ type BuildInfo (
     remoteIntermediateCtrs: bool,
     reportWriter: string,
     runtimeArgs: []string,
-    signaturePolicyPath: string,
     squash: bool
 )
 
@@ -467,13 +466,9 @@ type PodContainerErrorData (
 type Runlabel(
     image: string,
     authfile: string,
-    certDir: string,
-    creds: string,
     display: bool,
     name: string,
     pull: bool,
-    signaturePolicyPath: string,
-    tlsVerify: ?bool,
     label: string,
     extraArgs: []string,
     opts: [string]string
@@ -759,11 +754,10 @@ method InspectImage(name: string) -> (image: string)
 # [ImageNotFound](#ImageNotFound) error is returned.
 method HistoryImage(name: string) -> (history: []ImageHistory)
 
-# PushImage takes three input arguments: the name or ID of an image, the fully-qualified destination name of the image,
-# and a boolean as to whether tls-verify should be used (with false disabling TLS, not affecting the default behavior).
+# PushImage takes two input arguments: the name or ID of an image, the fully-qualified destination name of the image,
 # It will return an [ImageNotFound](#ImageNotFound) error if
 # the image cannot be found in local storage; otherwise it will return a [MoreResponse](#MoreResponse)
-method PushImage(name: string, tag: string, tlsverify: ?bool, signaturePolicy: string, creds: string, certDir: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
+method PushImage(name: string, tag: string, compress: bool, format: string, removeSignatures: bool, signBy: string) -> (reply: MoreResponse)
 
 # TagImage takes the name or ID of an image in local storage as well as the desired tag name.  If the image cannot
 # be found, an [ImageNotFound](#ImageNotFound) error will be returned; otherwise, the ID of the image is returned on success.
@@ -784,7 +778,7 @@ method RemoveImage(name: string, force: bool) -> (image: string)
 # SearchImages searches available registries for images that contain the
 # contents of "query" in their name. If "limit" is given, limits the amount of
 # search results per registry.
-method SearchImages(query: string, limit: ?int, tlsVerify: ?bool, filter: ImageSearchFilter) -> (results: []ImageSearchResult)
+method SearchImages(query: string, limit: ?int, filter: ImageSearchFilter) -> (results: []ImageSearchResult)
 
 # DeleteUnusedImages deletes any images not associated with a container.  The IDs of the deleted images are returned
 # in a string array.
@@ -825,7 +819,7 @@ method ExportImage(name: string, destination: string, compress: bool, tags: []st
 # PullImage pulls an image from a repository to local storage.  After a successful pull, the image id and logs
 # are returned as a [MoreResponse](#MoreResponse).  This connection also will handle a WantsMores request to send
 # status as it occurs.
-method PullImage(name: string, certDir: string, creds: string, signaturePolicy: string, tlsVerify: ?bool) -> (reply: MoreResponse)
+method PullImage(name: string) -> (reply: MoreResponse)
 
 # CreatePod creates a new empty pod.  It uses a [PodCreate](#PodCreate) type for input.
 # On success, the ID of the newly created pod will be returned.