From 5f7d4ee73fdf53f912d7e31c24daf5f4c8a93327 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 13 Feb 2019 14:08:53 -0700
Subject: Add tlsVerify bool to SearchImage for varlink

Cockpit wants to be able to search images on systems without
tlsverify turned on.

tlsverify should be an optional parameter, if not set then we default
to the system defaults defined in /etc/containers/registries.conf.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 pkg/varlinkapi/images.go | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'pkg')

diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go
index 534419f6f..b3090d2dd 100644
--- a/pkg/varlinkapi/images.go
+++ b/pkg/varlinkapi/images.go
@@ -313,7 +313,7 @@ func (i *LibpodAPI) HistoryImage(call iopodman.VarlinkCall, name string) error {
 }
 
 // PushImage pushes an local image to registry
-func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
+func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVerify *bool, signaturePolicy, creds, certDir string, compress bool, format string, removeSignatures bool, signBy string) error {
 	var (
 		registryCreds *types.DockerAuthConfig
 		manifestType  string
@@ -337,8 +337,8 @@ func (i *LibpodAPI) PushImage(call iopodman.VarlinkCall, name, tag string, tlsVe
 		DockerRegistryCreds: registryCreds,
 		DockerCertPath:      certDir,
 	}
-	if !tlsVerify {
-		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+	if tlsVerify != nil {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
 	}
 	if format != "" {
 		switch format {
@@ -441,8 +441,11 @@ func (i *LibpodAPI) RemoveImage(call iopodman.VarlinkCall, name string, force bo
 
 // SearchImages searches all registries configured in /etc/containers/registries.conf for an image
 // Requires an image name and a search limit as int
-func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64) error {
+func (i *LibpodAPI) SearchImages(call iopodman.VarlinkCall, query string, limit *int64, tlsVerify *bool) error {
 	sc := image.GetSystemContext("", "", false)
+	if tlsVerify != nil {
+		sc.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
+	}
 	registries, err := sysreg.GetRegistries()
 	if err != nil {
 		return call.ReplyErrorOccurred(fmt.Sprintf("unable to get system registries: %q", err))
@@ -583,7 +586,7 @@ func (i *LibpodAPI) ExportImage(call iopodman.VarlinkCall, name, destination str
 }
 
 // PullImage pulls an image from a registry to the image store.
-func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify bool) error {
+func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, creds, signaturePolicy string, tlsVerify *bool) error {
 	var (
 		registryCreds *types.DockerAuthConfig
 		imageID       string
@@ -600,8 +603,8 @@ func (i *LibpodAPI) PullImage(call iopodman.VarlinkCall, name string, certDir, c
 		DockerRegistryCreds: registryCreds,
 		DockerCertPath:      certDir,
 	}
-	if tlsVerify {
-		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!tlsVerify)
+	if tlsVerify != nil {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*tlsVerify)
 	}
 
 	so := image.SigningOptions{}
@@ -644,8 +647,8 @@ func (i *LibpodAPI) ContainerRunlabel(call iopodman.VarlinkCall, input iopodman.
 	dockerRegistryOptions := image.DockerRegistryOptions{
 		DockerCertPath: input.CertDir,
 	}
-	if !input.TlsVerify {
-		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.OptionalBoolTrue
+	if input.TlsVerify != nil {
+		dockerRegistryOptions.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!*input.TlsVerify)
 	}
 
 	stdErr := os.Stderr
-- 
cgit v1.2.3-54-g00ecf