From 3d1e4060819be8ae28f99da945ab4df23bf9638d Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Sun, 24 Apr 2022 07:00:08 -0400
Subject: Pass --tls-verify option in podman -remote build

Fixes: https://github.com/containers/podman/issues/13979

[NO NEW TESTS NEEDED] Buildah has a test for this.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/api/handlers/compat/images_build.go |  6 ++++++
 pkg/bindings/images/build.go            | 13 +++++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

(limited to 'pkg')

diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 08646202a..1a24f1ae3 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -123,6 +123,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		Tags                   []string `schema:"t"`
 		Target                 string   `schema:"target"`
 		Timestamp              int64    `schema:"timestamp"`
+		TLSVerify              bool     `schema:"tlsVerify"`
 		Ulimits                string   `schema:"ulimits"`
 		UnsetEnvs              []string `schema:"unsetenv"`
 		Secrets                string   `schema:"secrets"`
@@ -491,6 +492,11 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 	}
 	utils.PossiblyEnforceDockerHub(r, systemContext)
 
+	if _, found := r.URL.Query()["tlsVerify"]; found {
+		systemContext.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
+		systemContext.OCIInsecureSkipTLSVerify = !query.TLSVerify
+		systemContext.DockerDaemonInsecureSkipTLSVerify = !query.TLSVerify
+	}
 	// Channels all mux'ed in select{} below to follow API build protocol
 	stdout := channel.NewWriter(make(chan []byte))
 	defer stdout.Close()
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index 15900a2ed..1729bd922 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -312,10 +312,15 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO
 	var (
 		headers http.Header
 	)
-	if options.SystemContext != nil && options.SystemContext.DockerAuthConfig != nil {
-		headers, err = auth.MakeXRegistryAuthHeader(options.SystemContext, options.SystemContext.DockerAuthConfig.Username, options.SystemContext.DockerAuthConfig.Password)
-	} else {
-		headers, err = auth.MakeXRegistryConfigHeader(options.SystemContext, "", "")
+	if options.SystemContext != nil {
+		if options.SystemContext.DockerAuthConfig != nil {
+			headers, err = auth.MakeXRegistryAuthHeader(options.SystemContext, options.SystemContext.DockerAuthConfig.Username, options.SystemContext.DockerAuthConfig.Password)
+		} else {
+			headers, err = auth.MakeXRegistryConfigHeader(options.SystemContext, "", "")
+		}
+		if options.SystemContext.DockerInsecureSkipTLSVerify == types.OptionalBoolTrue {
+			params.Set("tlsVerify", "false")
+		}
 	}
 	if err != nil {
 		return nil, err
-- 
cgit v1.2.3-54-g00ecf