From 0e58ec74747ac7fbb0dccd364765b83b212657c9 Mon Sep 17 00:00:00 2001
From: baude <bbaude@redhat.com>
Date: Wed, 9 May 2018 12:04:28 -0500
Subject: podman push should honor registries.conf

Like podman pull, when you push an image, podman should check
if the registry is listed as insecure and if so, it should
--tls-verify=false unless the user overrides this.

Signed-off-by: baude <bbaude@redhat.com>

Closes: #738
Approved by: mheon
---
 libpod/image/image.go | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'libpod/image')

diff --git a/libpod/image/image.go b/libpod/image/image.go
index db0fdab90..b7d9200ec 100644
--- a/libpod/image/image.go
+++ b/libpod/image/image.go
@@ -26,7 +26,9 @@ import (
 	"github.com/projectatomic/libpod/libpod/common"
 	"github.com/projectatomic/libpod/libpod/driver"
 	"github.com/projectatomic/libpod/pkg/inspect"
+	"github.com/projectatomic/libpod/pkg/registries"
 	"github.com/projectatomic/libpod/pkg/util"
+	"github.com/sirupsen/logrus"
 )
 
 // imageConversions is used to cache image "cast" types
@@ -426,7 +428,7 @@ func (i *Image) UntagImage(tag string) error {
 }
 
 // PushImage pushes the given image to a location described by the given path
-func (i *Image) PushImage(ctx context.Context, destination, manifestMIMEType, authFile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions SigningOptions, dockerRegistryOptions *DockerRegistryOptions) error {
+func (i *Image) PushImage(ctx context.Context, destination, manifestMIMEType, authFile, signaturePolicyPath string, writer io.Writer, forceCompress bool, signingOptions SigningOptions, dockerRegistryOptions *DockerRegistryOptions, forceSecure bool) error {
 	if destination == "" {
 		return errors.Wrapf(syscall.EINVAL, "destination image name must be specified")
 	}
@@ -458,9 +460,23 @@ func (i *Image) PushImage(ctx context.Context, destination, manifestMIMEType, au
 	if err != nil {
 		return errors.Wrapf(err, "error getting source imageReference for %q", i.InputName)
 	}
-
+	insecureRegistries, err := registries.GetInsecureRegistries()
+	if err != nil {
+		return err
+	}
 	copyOptions := getCopyOptions(writer, signaturePolicyPath, nil, dockerRegistryOptions, signingOptions, authFile, manifestMIMEType, forceCompress)
+	if strings.HasPrefix(DockerTransport, dest.Transport().Name()) {
+		imgRef, err := reference.Parse(dest.DockerReference().String())
+		if err != nil {
+			return err
+		}
+		registry := reference.Domain(imgRef.(reference.Named))
 
+		if util.StringInSlice(registry, insecureRegistries) && !forceSecure {
+			copyOptions.DestinationCtx.DockerInsecureSkipTLSVerify = true
+			logrus.Info(fmt.Sprintf("%s is an insecure registry; pushing with tls-verify=false", registry))
+		}
+	}
 	// Copy the image to the remote destination
 	err = cp.Image(ctx, policyContext, dest, src, copyOptions)
 	if err != nil {
-- 
cgit v1.2.3-54-g00ecf