From b134951d14512506500a1446c3e5600aa858ea61 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Mon, 3 Dec 2018 22:15:06 +0100 Subject: Minimally update for the DockerInsecureSkipTLSVerify type change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Following SystemContext.DockerInsecureSkipTLSVerify, make the DockerRegistryOne also an OptionalBool, and update callers. Explicitly document that --tls-verify=true and --tls-verify unset have different behavior in those commands where the behavior changed (or where it hasn't changed but the documentation needed updating). Also make the --tls-verify man page sections a tiny bit more consistent throughout. This is a minimal fix, without changing the existing "--tls-verify=true" paths nor existing manual insecure registry lookups. Signed-off-by: Miloslav Trmač --- cmd/podman/login.go | 5 ++++- cmd/podman/pull.go | 6 +++--- cmd/podman/push.go | 12 +++++------- cmd/podman/runlabel.go | 7 +++++-- cmd/podman/search.go | 3 ++- cmd/podman/varlink/io.podman.varlink | 3 ++- 6 files changed, 21 insertions(+), 15 deletions(-) (limited to 'cmd') diff --git a/cmd/podman/login.go b/cmd/podman/login.go index 33ce8635f..cfdd8005b 100644 --- a/cmd/podman/login.go +++ b/cmd/podman/login.go @@ -8,6 +8,7 @@ import ( "github.com/containers/image/docker" "github.com/containers/image/pkg/docker/config" + "github.com/containers/image/types" "github.com/containers/libpod/libpod/common" "github.com/pkg/errors" "github.com/urfave/cli" @@ -93,7 +94,9 @@ func loginCmd(c *cli.Context) error { return errors.Wrapf(err, "error getting username and password") } - sc.DockerInsecureSkipTLSVerify = !c.BoolT("tls-verify") + if c.IsSet("tls-verify") { + sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify")) + } if c.String("cert-dir") != "" { sc.DockerCertPath = c.String("cert-dir") } diff --git a/cmd/podman/pull.go b/cmd/podman/pull.go index 8fb3971bd..490b7f96f 100644 --- a/cmd/podman/pull.go +++ b/cmd/podman/pull.go @@ -104,11 +104,11 @@ func pullCmd(c *cli.Context) error { } dockerRegistryOptions := image2.DockerRegistryOptions{ - DockerRegistryCreds: registryCreds, - DockerCertPath: c.String("cert-dir"), - DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"), + DockerRegistryCreds: registryCreds, + DockerCertPath: c.String("cert-dir"), } if c.IsSet("tls-verify") { + dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify")) forceSecure = c.Bool("tls-verify") } diff --git a/cmd/podman/push.go b/cmd/podman/push.go index 331f92cd2..0015373ed 100644 --- a/cmd/podman/push.go +++ b/cmd/podman/push.go @@ -108,7 +108,6 @@ func pushCmd(c *cli.Context) error { } certPath := c.String("cert-dir") - skipVerify := !c.BoolT("tls-verify") removeSignatures := c.Bool("remove-signatures") signBy := c.String("sign-by") @@ -145,16 +144,15 @@ func pushCmd(c *cli.Context) error { } } + dockerRegistryOptions := image.DockerRegistryOptions{ + DockerRegistryCreds: registryCreds, + DockerCertPath: certPath, + } if c.IsSet("tls-verify") { + dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify")) forceSecure = c.Bool("tls-verify") } - dockerRegistryOptions := image.DockerRegistryOptions{ - DockerRegistryCreds: registryCreds, - DockerCertPath: certPath, - DockerInsecureSkipTLSVerify: skipVerify, - } - so := image.SigningOptions{ RemoveSignatures: removeSignatures, SignBy: signBy, diff --git a/cmd/podman/runlabel.go b/cmd/podman/runlabel.go index b0d87d0d9..48a296260 100644 --- a/cmd/podman/runlabel.go +++ b/cmd/podman/runlabel.go @@ -6,6 +6,7 @@ import ( "os" "strings" + "github.com/containers/image/types" "github.com/containers/libpod/cmd/podman/libpodruntime" "github.com/containers/libpod/cmd/podman/shared" "github.com/containers/libpod/libpod/image" @@ -153,8 +154,10 @@ func runlabelCmd(c *cli.Context) error { } dockerRegistryOptions := image.DockerRegistryOptions{ - DockerCertPath: c.String("cert-dir"), - DockerInsecureSkipTLSVerify: !c.BoolT("tls-verify"), + DockerCertPath: c.String("cert-dir"), + } + if c.IsSet("tls-verify") { + dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!c.BoolT("tls-verify")) } authfile := getAuthFile(c.String("authfile")) diff --git a/cmd/podman/search.go b/cmd/podman/search.go index fa11dad32..c12224666 100644 --- a/cmd/podman/search.go +++ b/cmd/podman/search.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/containers/image/docker" + "github.com/containers/image/types" "github.com/containers/libpod/cmd/podman/formats" "github.com/containers/libpod/libpod/common" sysreg "github.com/containers/libpod/pkg/registries" @@ -216,7 +217,7 @@ func getSearchOutput(term string, regAndSkipTLS map[string]bool, opts searchOpts var paramsArr []searchParams for reg, skipTLS := range regAndSkipTLS { // set the SkipTLSVerify bool depending on the registry being searched through - sc.DockerInsecureSkipTLSVerify = skipTLS + sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(skipTLS) results, err := docker.SearchRegistry(context.TODO(), sc, reg, term, limit) if err != nil { logrus.Errorf("error searching registry %q: %v", reg, err) diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index b081b60a3..486f4e60c 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -610,7 +610,8 @@ method InspectImage(name: string) -> (image: string) method HistoryImage(name: string) -> (history: []ImageHistory) # PushImage takes three input arguments: the name or ID of an image, the fully-qualified destination name of the image, -# and a boolean as to whether tls-verify should be used. It will return an [ImageNotFound](#ImageNotFound) error if +# and a boolean as to whether tls-verify should be used (with false disabling TLS, not affecting the default behavior). +# It will return an [ImageNotFound](#ImageNotFound) error if # the image cannot be found in local storage; otherwise the ID of the image will be returned on success. method PushImage(name: string, tag: string, tlsverify: bool) -> (image: string) -- cgit v1.2.3-54-g00ecf