Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend the flags of the manifest add command #7576



Copy link

@flavio flavio commented Sep 9, 2020

This PR is a propagation of containers/buildah#2593 as required by this comment.

On top of extending the manifest add flags, the PR also fixes a minor issue with the manifest push command: the value provided by users via the cert-dir flag wasn't actually be used by the code.

flavio added 4 commits Sep 9, 2020
Extend the flags of `podman manifest add` to include also:

  * cert-dir
  * auth-file
  * creds
  * tls-verify

These options are useful when adding to a manifest an image that is not
part of the local image store. The image resides on a remote registry
that falls into one of these cases: it's not using tls termination, it requires
authentication or it's secured with an unknown tls certificate.

Consider the following scenario: a multi architecture manifest is created as
part of a multi-step CI pipeline running in a containerized way.
All the images referenced by the manifest live inside of a registry
secured with a self-signed tls certificate.

Without this patch the manifest creation step would have to pull all the
multi-architecture images locally via `podman pull`.

With this patch the usage of `podman pull` would not be needed because the
images' digests can be requested straight to the registry. That means the
execution of manifest creation step would be faster and result in less disk
space and network bandwidth being used.

Finally, this is a propagation of a similar fix done inside of buildah
via containers/buildah#2593

Signed-off-by: Flavio Castelli <>
Prior to this commit the value of the `--cert-dir` flag
specified for `podman manifest push` was not handled by the internal

That resulted in `podman manifest push` not reading the certificates
stored inside of the directory specified by the user.

Signed-off-by: Flavio Castelli <>
Ensure all the flags are covered by the man page.

Signed-off-by: Flavio Castelli <>
Ensure the new flags added to `manifest add` are known to bash

Signed-off-by: Flavio Castelli <>
Copy link
Contributor Author

flavio commented Sep 9, 2020

/assign @TomSweeneyRedHat

Copy link

rhatdan commented Sep 9, 2020


Copy link

rhatdan commented Sep 10, 2020

Copy link

openshift-ci-robot commented Sep 10, 2020


This pull-request has been approved by: flavio, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 10, 2020
Copy link

mheon commented Sep 10, 2020


@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Sep 10, 2020
@openshift-merge-robot openshift-merge-robot merged commit fc70360 into containers:master Sep 10, 2020
1 check was pending
@flavio flavio deleted the manifest-add-extend-flags branch Sep 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
None yet

Successfully merging this pull request may close these issues.

None yet

6 participants