diff --git a/cmd/run.go b/cmd/run.go index 52d9524f..e3041fe4 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -23,6 +23,7 @@ type osVmConfig struct { RemoveVm bool // Kill the running VM when it exits RemoveDiskImage bool // After exit of the VM, remove the disk image Quiet bool + TLSVerify bool } var ( @@ -52,6 +53,7 @@ func init() { runCmd.Flags().BoolVar(&vmConfig.Quiet, "quiet", false, "Suppress output from bootc disk creation and VM boot console") runCmd.Flags().StringVar(&diskImageConfigInstance.RootSizeMax, "root-size-max", "", "Maximum size of root filesystem in bytes; optionally accepts M, G, T suffixes") runCmd.Flags().StringVar(&diskImageConfigInstance.DiskSize, "disk-size", "", "Allocate a disk image of this size in bytes; optionally accepts M, G, T suffixes") + runCmd.Flags().BoolVar(&vmConfig.TLSVerify, "tls-verify", true, "Require HTTPS and verify certificates when accessing the registry") } func doRun(flags *cobra.Command, args []string) error { @@ -71,6 +73,10 @@ func doRun(flags *cobra.Command, args []string) error { // create the disk image idOrName := args[0] bootcDisk := bootc.NewBootcDisk(idOrName, machine.Ctx, user) + + // skip tls verification if tls-verfiy flag is set to false + bootcDisk.SkipTLSVerify = !vmConfig.TLSVerify + err = bootcDisk.Install(vmConfig.Quiet, diskImageConfigInstance) if err != nil { diff --git a/pkg/bootc/bootc_disk.go b/pkg/bootc/bootc_disk.go index e5294ced..ae2a1f05 100644 --- a/pkg/bootc/bootc_disk.go +++ b/pkg/bootc/bootc_disk.go @@ -56,6 +56,7 @@ type BootcDisk struct { Directory string file *os.File bootcInstallContainerId string + SkipTLSVerify bool } // create singleton for easy cleanup @@ -106,7 +107,7 @@ func (p *BootcDisk) GetCreatedAt() time.Time { func (p *BootcDisk) Install(quiet bool, config DiskImageConfig) (err error) { p.CreatedAt = time.Now() - err = p.pullImage() + err = p.pullImage(p.SkipTLSVerify) if err != nil { return } @@ -261,8 +262,8 @@ func (p *BootcDisk) bootcInstallImageToDisk(quiet bool, diskConfig DiskImageConf } // pullImage fetches the container image if not present -func (p *BootcDisk) pullImage() error { - imageData, err := utils.PullAndInspect(p.Ctx, p.ImageNameOrId) +func (p *BootcDisk) pullImage(skipTLSVerify bool) error { + imageData, err := utils.PullAndInspect(p.Ctx, p.ImageNameOrId, skipTLSVerify) if err != nil { return err } diff --git a/pkg/utils/podman.go b/pkg/utils/podman.go index 7e2663e5..a47d2cac 100644 --- a/pkg/utils/podman.go +++ b/pkg/utils/podman.go @@ -5,13 +5,13 @@ import ( "encoding/json" "errors" "fmt" - "github.com/containers/podman/v5/pkg/bindings/images" - "github.com/containers/podman/v5/pkg/domain/entities/types" "os" "os/exec" "strings" "github.com/containers/podman/v5/pkg/bindings" + "github.com/containers/podman/v5/pkg/bindings/images" + "github.com/containers/podman/v5/pkg/domain/entities/types" "github.com/containers/podman/v5/pkg/machine" "github.com/containers/podman/v5/pkg/machine/define" "github.com/containers/podman/v5/pkg/machine/env" @@ -31,9 +31,9 @@ type machineInfo struct { } // PullAndInspect inpects the image, pulling in if the image if required -func PullAndInspect(ctx context.Context, imageNameOrId string) (*types.ImageInspectReport, error) { +func PullAndInspect(ctx context.Context, imageNameOrId string, skipTLSVerify bool) (*types.ImageInspectReport, error) { pullPolicy := "missing" - _, err := images.Pull(ctx, imageNameOrId, &images.PullOptions{Policy: &pullPolicy}) + _, err := images.Pull(ctx, imageNameOrId, &images.PullOptions{Policy: &pullPolicy, SkipTLSVerify: &skipTLSVerify}) if err != nil { return nil, fmt.Errorf("failed to pull image: %w", err) }