Skip to content

Commit 31bc358

Browse files
Merge pull request #12451 from vrothberg/backport-12064
[v3.4] container create: fix --tls-verify parsing
2 parents 67d5b21 + 47a8e7c commit 31bc358

File tree

11 files changed

+205
-14
lines changed

11 files changed

+205
-14
lines changed

cmd/podman/common/create.go

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55

66
"github.com/containers/common/pkg/auth"
77
"github.com/containers/common/pkg/completion"
8+
commonFlag "github.com/containers/common/pkg/flag"
89
"github.com/containers/podman/v3/cmd/podman/registry"
910
"github.com/containers/podman/v3/libpod/define"
1011
"github.com/containers/podman/v3/pkg/domain/entities"
@@ -606,12 +607,9 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
606607
)
607608
_ = cmd.RegisterFlagCompletionFunc(timeoutFlagName, completion.AutocompleteNone)
608609

609-
// Flag for TLS verification, so that `run` and `create` commands can make use of it.
610-
// Make sure to use `=` while using this flag i.e `--tls-verify=false/true`
611-
tlsVerifyFlagName := "tls-verify"
612-
createFlags.BoolVar(
610+
commonFlag.OptionalBoolFlag(createFlags,
613611
&cf.TLSVerify,
614-
tlsVerifyFlagName, true,
612+
"tls-verify",
615613
"Require HTTPS and verify certificates when contacting registries for pulling images",
616614
)
617615

cmd/podman/containers/create.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -292,6 +292,11 @@ func PullImage(imageName string, cliVals entities.ContainerCreateOptions) (strin
292292
}
293293
}
294294

295+
skipTLSVerify := types.OptionalBoolUndefined
296+
if cliVals.TLSVerify.Present() {
297+
skipTLSVerify = types.NewOptionalBool(!cliVals.TLSVerify.Value())
298+
}
299+
295300
pullReport, pullErr := registry.ImageEngine().Pull(registry.GetContext(), imageName, entities.ImagePullOptions{
296301
Authfile: cliVals.Authfile,
297302
Quiet: cliVals.Quiet,
@@ -300,7 +305,7 @@ func PullImage(imageName string, cliVals entities.ContainerCreateOptions) (strin
300305
Variant: cliVals.Variant,
301306
SignaturePolicy: cliVals.SignaturePolicy,
302307
PullPolicy: pullPolicy,
303-
SkipTLSVerify: types.NewOptionalBool(!cliVals.TLSVerify), // If Flag changed for TLS Verification
308+
SkipTLSVerify: skipTLSVerify,
304309
})
305310
if pullErr != nil {
306311
return "", pullErr

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ require (
1212
github.com/containernetworking/cni v0.8.1
1313
github.com/containernetworking/plugins v0.9.1
1414
github.com/containers/buildah v1.23.1
15-
github.com/containers/common v0.44.3
15+
github.com/containers/common v0.44.4
1616
github.com/containers/conmon v2.0.20+incompatible
1717
github.com/containers/image/v5 v5.16.0
1818
github.com/containers/ocicrypt v1.1.2

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -247,8 +247,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD
247247
github.com/containers/buildah v1.23.1 h1:Tpc9DsRuU+0Oofewpxb6OJVNQjCu7yloN/obUqzfDTY=
248248
github.com/containers/buildah v1.23.1/go.mod h1:4WnrN0yrA7ab0ppgunixu2WM1rlD2rG8QLJAKbEkZlQ=
249249
github.com/containers/common v0.44.2/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
250-
github.com/containers/common v0.44.3 h1:Wx+mJT+gH/ie86JdZUmVnZwTieXw86UE6JOYuCNTV1g=
251-
github.com/containers/common v0.44.3/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
250+
github.com/containers/common v0.44.4 h1:R9ggz2RmbNzu7gdxBHMr4p57fywTwuoZ67jgjt8/RFg=
251+
github.com/containers/common v0.44.4/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo=
252252
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
253253
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
254254
github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI=

pkg/domain/entities/pods.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55
"strings"
66
"time"
77

8+
commonFlag "github.com/containers/common/pkg/flag"
89
"github.com/containers/podman/v3/libpod/define"
910
"github.com/containers/podman/v3/pkg/specgen"
1011
"github.com/containers/podman/v3/pkg/util"
@@ -235,7 +236,7 @@ type ContainerCreateOptions struct {
235236
Sysctl []string
236237
Systemd string
237238
Timeout uint
238-
TLSVerify bool
239+
TLSVerify commonFlag.OptionalBool
239240
TmpFS []string
240241
TTY bool
241242
Timezone string

test/e2e/push_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ var _ = Describe("Podman push", func() {
146146
session = podmanTest.Podman([]string{"logs", "registry"})
147147
session.WaitWithDefaultTimeout()
148148

149-
push := podmanTest.Podman([]string{"push", "--format=v2s2", "--creds=podmantest:test", ALPINE, "localhost:5000/tlstest"})
149+
push := podmanTest.Podman([]string{"push", "--tls-verify=true", "--format=v2s2", "--creds=podmantest:test", ALPINE, "localhost:5000/tlstest"})
150150
push.WaitWithDefaultTimeout()
151151
Expect(push).To(ExitWithError())
152152

@@ -163,7 +163,7 @@ var _ = Describe("Podman push", func() {
163163

164164
if !IsRemote() {
165165
// remote does not support --cert-dir
166-
push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"})
166+
push = podmanTest.Podman([]string{"push", "--tls-verify=true", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"})
167167
push.WaitWithDefaultTimeout()
168168
Expect(push).To(ExitWithError())
169169
}

test/e2e/run_test.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,12 @@ var _ = Describe("Podman run", func() {
186186
run.WaitWithDefaultTimeout()
187187
Expect(run).Should(Exit(0))
188188
Expect(podmanTest.NumberOfContainers()).To(Equal(3))
189+
190+
// Now registries.conf will be consulted where localhost:5000
191+
// is set to be insecure.
192+
run = podmanTest.Podman([]string{"run", ALPINE})
193+
run.WaitWithDefaultTimeout()
194+
Expect(run).Should(Exit(0))
189195
})
190196

191197
It("podman run a container with a --rootfs", func() {

test/registries.conf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,3 +15,9 @@ location="mirror.gcr.io"
1515
[[registry]]
1616
prefix="docker.io/library"
1717
location="quay.io/libpod"
18+
19+
# For testing #11933 to make sure that registries.conf is consulted unless
20+
# --tls-verify is used during container creation.
21+
[[registry]]
22+
location="localhost:5000"
23+
insecure=true

vendor/github.com/containers/common/pkg/flag/flag.go

Lines changed: 174 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/containers/common/version/version.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)