1 files changed, 34 insertions, 0 deletions

diff --git a/libpod/common/docker_registry_options.go b/libpod/common/docker_registry_options.go
new file mode 100644
index 000000000..24fa5c03e
--- /dev/null
+++ b/libpod/common/docker_registry_options.go
@@ -0,0 +1,34 @@
+package common
+
+import "github.com/containers/image/types"
+
+// DockerRegistryOptions encapsulates settings that affect how we connect or
+// authenticate to a remote registry.
+type DockerRegistryOptions struct {
+	// DockerRegistryCreds is the user name and password to supply in case
+	// we need to pull an image from a registry, and it requires us to
+	// authenticate.
+	DockerRegistryCreds *types.DockerAuthConfig
+	// DockerCertPath is the location of a directory containing CA
+	// certificates which will be used to verify the registry's certificate
+	// (all files with names ending in ".crt"), and possibly client
+	// certificates and private keys (pairs of files with the same name,
+	// except for ".cert" and ".key" suffixes).
+	DockerCertPath string
+	// DockerInsecureSkipTLSVerify turns off verification of TLS
+	// certificates and allows connecting to registries without encryption.
+	DockerInsecureSkipTLSVerify bool
+}
+
+// GetSystemContext constructs a new system context from the given signaturePolicy path and the
+// values in the DockerRegistryOptions
+func (o DockerRegistryOptions) GetSystemContext(signaturePolicyPath, authFile string) *types.SystemContext {
+	sc := &types.SystemContext{
+		SignaturePolicyPath:         signaturePolicyPath,
+		DockerAuthConfig:            o.DockerRegistryCreds,
+		DockerCertPath:              o.DockerCertPath,
+		DockerInsecureSkipTLSVerify: o.DockerInsecureSkipTLSVerify,
+		AuthFilePath:                authFile,
+	}
+	return sc
+}