From 3d1e4060819be8ae28f99da945ab4df23bf9638d Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 24 Apr 2022 07:00:08 -0400 Subject: Pass --tls-verify option in podman -remote build Fixes: https://github.com/containers/podman/issues/13979 [NO NEW TESTS NEEDED] Buildah has a test for this. Signed-off-by: Daniel J Walsh --- pkg/api/handlers/compat/images_build.go | 6 ++++++ pkg/bindings/images/build.go | 13 +++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'pkg') diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 08646202a..1a24f1ae3 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -123,6 +123,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Tags []string `schema:"t"` Target string `schema:"target"` Timestamp int64 `schema:"timestamp"` + TLSVerify bool `schema:"tlsVerify"` Ulimits string `schema:"ulimits"` UnsetEnvs []string `schema:"unsetenv"` Secrets string `schema:"secrets"` @@ -491,6 +492,11 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { } utils.PossiblyEnforceDockerHub(r, systemContext) + if _, found := r.URL.Query()["tlsVerify"]; found { + systemContext.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify) + systemContext.OCIInsecureSkipTLSVerify = !query.TLSVerify + systemContext.DockerDaemonInsecureSkipTLSVerify = !query.TLSVerify + } // Channels all mux'ed in select{} below to follow API build protocol stdout := channel.NewWriter(make(chan []byte)) defer stdout.Close() diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 15900a2ed..1729bd922 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -312,10 +312,15 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO var ( headers http.Header ) - if options.SystemContext != nil && options.SystemContext.DockerAuthConfig != nil { - headers, err = auth.MakeXRegistryAuthHeader(options.SystemContext, options.SystemContext.DockerAuthConfig.Username, options.SystemContext.DockerAuthConfig.Password) - } else { - headers, err = auth.MakeXRegistryConfigHeader(options.SystemContext, "", "") + if options.SystemContext != nil { + if options.SystemContext.DockerAuthConfig != nil { + headers, err = auth.MakeXRegistryAuthHeader(options.SystemContext, options.SystemContext.DockerAuthConfig.Username, options.SystemContext.DockerAuthConfig.Password) + } else { + headers, err = auth.MakeXRegistryConfigHeader(options.SystemContext, "", "") + } + if options.SystemContext.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue { + params.Set("tlsVerify", "false") + } } if err != nil { return nil, err -- cgit v1.2.3-54-g00ecf