From 313e5e83e92f68349d2026fc3f358f237fe93a4a Mon Sep 17 00:00:00 2001
From: baude <bbaude@redhat.com>
Date: Mon, 16 Apr 2018 13:39:00 -0500
Subject: regression: tls verify should be set on registries.conf if insecure

In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #626
Approved by: mheon
---
 cmd/podman/create.go | 2 +-
 cmd/podman/load.go   | 6 +++---
 cmd/podman/pull.go   | 6 +++++-
 cmd/podman/run.go    | 2 +-
 cmd/podman/search.go | 4 ++--
 5 files changed, 12 insertions(+), 8 deletions(-)

(limited to 'cmd')

diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index b95309980..97490d6c0 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -181,7 +181,7 @@ func createCmd(c *cli.Context) error {
 
 	rtc := runtime.GetConfig()
 
-	newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false)
+	newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false)
 	if err != nil {
 		return err
 	}
diff --git a/cmd/podman/load.go b/cmd/podman/load.go
index 941dd68d9..1fb723750 100644
--- a/cmd/podman/load.go
+++ b/cmd/podman/load.go
@@ -99,17 +99,17 @@ func loadCmd(c *cli.Context) error {
 	}
 
 	src := libpod.DockerArchive + ":" + input
-	newImage, err := runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false)
+	newImage, err := runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false)
 	if err != nil {
 		// generate full src name with specified image:tag
 		fullSrc := libpod.OCIArchive + ":" + input
 		if image != "" {
 			fullSrc = fullSrc + ":" + image
 		}
-		newImage, err = runtime.ImageRuntime().New(fullSrc, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false)
+		newImage, err = runtime.ImageRuntime().New(fullSrc, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false)
 		if err != nil {
 			src = libpod.DirTransport + ":" + input
-			newImage, err = runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false)
+			newImage, err = runtime.ImageRuntime().New(src, c.String("signature-policy"), "", writer, &libpodImage.DockerRegistryOptions{}, libpodImage.SigningOptions{}, false, false)
 			if err != nil {
 				return errors.Wrapf(err, "error pulling %q", src)
 			}
diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go
index 4ceae4596..43169635a 100644
--- a/cmd/podman/pull.go
+++ b/cmd/podman/pull.go
@@ -58,6 +58,7 @@ var (
 // pullCmd gets the data from the command line and calls pullImage
 // to copy an image from a registry to a local machine
 func pullCmd(c *cli.Context) error {
+	forceSecure := true
 	runtime, err := getRuntime(c)
 	if err != nil {
 		return errors.Wrapf(err, "could not get runtime")
@@ -98,8 +99,11 @@ func pullCmd(c *cli.Context) error {
 		DockerCertPath:              c.String("cert-dir"),
 		DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"),
 	}
+	if !c.IsSet("tls-verify") {
+		forceSecure = false
+	}
 
-	newImage, err := runtime.ImageRuntime().New(image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true)
+	newImage, err := runtime.ImageRuntime().New(image, c.String("signature-policy"), c.String("authfile"), writer, &dockerRegistryOptions, image2.SigningOptions{}, true, forceSecure)
 	if err != nil {
 		return errors.Wrapf(err, "error pulling image %q", image)
 	}
diff --git a/cmd/podman/run.go b/cmd/podman/run.go
index 2bf0668a3..ac6361070 100644
--- a/cmd/podman/run.go
+++ b/cmd/podman/run.go
@@ -59,7 +59,7 @@ func runCmd(c *cli.Context) error {
 	}
 
 	rtc := runtime.GetConfig()
-	newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false)
+	newImage, err := runtime.ImageRuntime().New(c.Args()[0], rtc.SignaturePolicyPath, "", os.Stderr, nil, image.SigningOptions{}, false, false)
 	if err != nil {
 		return errors.Wrapf(err, "unable to find image")
 	}
diff --git a/cmd/podman/search.go b/cmd/podman/search.go
index 01eaa6729..106513e34 100644
--- a/cmd/podman/search.go
+++ b/cmd/podman/search.go
@@ -9,8 +9,8 @@ import (
 	"github.com/containers/image/docker"
 	"github.com/pkg/errors"
 	"github.com/projectatomic/libpod/cmd/podman/formats"
-	"github.com/projectatomic/libpod/libpod"
 	"github.com/projectatomic/libpod/libpod/common"
+	sysreg "github.com/projectatomic/libpod/pkg/registries"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
@@ -110,7 +110,7 @@ func searchCmd(c *cli.Context) error {
 	if len(c.StringSlice("registry")) > 0 {
 		registries = c.StringSlice("registry")
 	} else {
-		registries, err = libpod.GetRegistries()
+		registries, err = sysreg.GetRegistries()
 		if err != nil {
 			return errors.Wrapf(err, "error getting registries to search")
 		}
-- 
cgit v1.2.3-54-g00ecf