2 files changed, 51 insertions, 13 deletions
diff --git a/libpod/adapter/runtime_remote.go b/libpod/adapter/runtime_remote.go
index d0a3c5b1f..f63b5875d 100644
--- a/libpod/adapter/runtime_remote.go
+++ b/libpod/adapter/runtime_remote.go
@@ -163,7 +163,8 @@ func (r *LocalRuntime) NewImageFromLocal(name string) (*ContainerImage, error) {
 func (r *LocalRuntime) LoadFromArchiveReference(ctx context.Context, srcRef types.ImageReference, signaturePolicyPath string, writer io.Writer) ([]*ContainerImage, error) {
 	// TODO We need to find a way to leak certDir, creds, and the tlsverify into this function, normally this would
 	// come from cli options but we don't want want those in here either.
-	imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, true)
+	tlsverify := true
+	imageID, err := iopodman.PullImage().Call(r.Conn, srcRef.DockerReference().String(), "", "", signaturePolicyPath, &tlsverify)
 	if err != nil {
 		return nil, err
 	}
@@ -179,15 +180,21 @@ func (r *LocalRuntime) New(ctx context.Context, name, signaturePolicyPath, authf
 	if label != nil {
 		return nil, errors.New("the remote client function does not support checking a remote image for a label")
 	}
-	// TODO Creds needs to be figured out here too, like above
-	tlsBool := dockeroptions.DockerInsecureSkipTLSVerify
-	// Remember SkipTlsVerify is the opposite of tlsverify
-	// If tlsBook is true or undefined, we do not skip
-	SkipTlsVerify := false
-	if tlsBool == types.OptionalBoolFalse {
-		SkipTlsVerify = true
+	var (
+		tlsVerify    bool
+		tlsVerifyPtr *bool
+	)
+	if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
+		tlsVerify = true
+		tlsVerifyPtr = &tlsVerify
+
+	}
+	if dockeroptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
+		tlsVerify = false
+		tlsVerifyPtr = &tlsVerify
 	}
-	imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, SkipTlsVerify)
+
+	imageID, err := iopodman.PullImage().Call(r.Conn, name, dockeroptions.DockerCertPath, "", signaturePolicyPath, tlsVerifyPtr)
 	if err != nil {
 		return nil, err
 	}
@@ -577,10 +584,19 @@ func (r *LocalRuntime) RemoveVolumes(ctx context.Context, c *cliconfig.VolumeRmV
 
 func (r *LocalRuntime) Push(ctx context.Context, srcName, destination, manifestMIMEType, authfile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions image.SigningOptions, dockerRegistryOptions *image.DockerRegistryOptions, additionalDockerArchiveTags []reference.NamedTagged) error {
 
-	tls := true
+	var (
+		tls       *bool
+		tlsVerify bool
+	)
 	if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
-		tls = false
+		tlsVerify = false
+		tls = &tlsVerify
 	}
+	if dockerRegistryOptions.DockerInsecureSkipTLSVerify == types.OptionalBoolFalse {
+		tlsVerify = true
+		tls = &tlsVerify
+	}
+
 	reply, err := iopodman.PushImage().Send(r.Conn, varlink.More, srcName, destination, tls, signaturePolicyPath, "", dockerRegistryOptions.DockerCertPath, forceCompress, manifestMIMEType, signingOptions.RemoveSignatures, signingOptions.SignBy)
 	if err != nil {
 		return err
diff --git a/libpod/runtime.go b/libpod/runtime.go
index c975f628b..4f5d1e292 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -130,6 +130,12 @@ type RuntimeConfig struct {
 	OCIRuntime string `toml:"runtime"`
 	// OCIRuntimes are the set of configured OCI runtimes (default is runc)
 	OCIRuntimes map[string][]string `toml:"runtimes"`
+	// RuntimePath is the path to OCI runtime binary for launching
+	// containers.
+	// The first path pointing to a valid file will be used
+	// This is used only when there are no OCIRuntime/OCIRuntimes defined.  It
+	// is used only to be backward compatible with older versions of Podman.
+	RuntimePath []string `toml:"runtime_path"`
 	// ConmonPath is the path to the Conmon binary used for managing
 	// containers
 	// The first path pointing to a valid file will be used
@@ -389,7 +395,7 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
 		// If the configuration file was not found but we are running in rootless, a subset of the
 		// global config file is used.
 		for _, path := range []string{OverrideConfigPath, ConfigPath} {
-			contents, err := ioutil.ReadFile(OverrideConfigPath)
+			contents, err := ioutil.ReadFile(path)
 			if err != nil {
 				// Ignore any error, the file might not be readable by us.
 				continue
@@ -403,6 +409,7 @@ func NewRuntime(options ...RuntimeOption) (runtime *Runtime, err error) {
 			runtime.config.ConmonPath = tmpConfig.ConmonPath
 			runtime.config.ConmonEnvVars = tmpConfig.ConmonEnvVars
 			runtime.config.OCIRuntimes = tmpConfig.OCIRuntimes
+			runtime.config.RuntimePath = tmpConfig.RuntimePath
 			runtime.config.CNIPluginDir = tmpConfig.CNIPluginDir
 			runtime.config.NoPivotRoot = tmpConfig.NoPivotRoot
 			break
@@ -485,10 +492,25 @@ func NewRuntimeFromConfig(configPath string, options ...RuntimeOption) (runtime
 // Make a new runtime based on the given configuration
 // Sets up containers/storage, state store, OCI runtime
 func makeRuntime(runtime *Runtime) (err error) {
+
+	// Backward compatibility for `runtime_path`
+	if runtime.config.RuntimePath != nil {
+		// Don't print twice in rootless mode.
+		if os.Geteuid() == 0 {
+			logrus.Warningf("The configuration is using `runtime_path`, which is deprecated and will be removed in future.  Please use `runtimes` and `runtime`")
+			logrus.Warningf("If you are using both `runtime_path` and `runtime`, the configuration from `runtime_path` is used")
+		}
+
+		// Transform `runtime_path` into `runtimes` and `runtime`.
+		name := filepath.Base(runtime.config.RuntimePath[0])
+		runtime.config.OCIRuntime = name
+		runtime.config.OCIRuntimes = map[string][]string{name: runtime.config.RuntimePath}
+	}
+
 	// Find a working OCI runtime binary
 	foundRuntime := false
 	// If runtime is an absolute path, then use it as it is.
-	if runtime.config.OCIRuntime[0] == '/' {
+	if runtime.config.OCIRuntime != "" && runtime.config.OCIRuntime[0] == '/' {
 		foundRuntime = true
 		runtime.ociRuntimePath = OCIRuntimePath{Name: filepath.Base(runtime.config.OCIRuntime), Paths: []string{runtime.config.OCIRuntime}}
 	} else {