Allow skipping TLS verification

cmd/run.go

@@ -23,6 +23,7 @@ type osVmConfig struct {
 	RemoveVm        bool // Kill the running VM when it exits
 	RemoveDiskImage bool // After exit of the VM, remove the disk image
 	Quiet           bool
+	TLSVerify       bool
 }
 
 var (
@@ -52,6 +53,7 @@ func init() {
 	runCmd.Flags().BoolVar(&vmConfig.Quiet, "quiet", false, "Suppress output from bootc disk creation and VM boot console")
 	runCmd.Flags().StringVar(&diskImageConfigInstance.RootSizeMax, "root-size-max", "", "Maximum size of root filesystem in bytes; optionally accepts M, G, T suffixes")
 	runCmd.Flags().StringVar(&diskImageConfigInstance.DiskSize, "disk-size", "", "Allocate a disk image of this size in bytes; optionally accepts M, G, T suffixes")
+	runCmd.Flags().BoolVar(&vmConfig.TLSVerify, "tls-verify", true, "Require HTTPS and verify certificates when accessing the registry")
 }
 
 func doRun(flags *cobra.Command, args []string) error {
@@ -71,6 +73,10 @@ func doRun(flags *cobra.Command, args []string) error {
 	// create the disk image
 	idOrName := args[0]
 	bootcDisk := bootc.NewBootcDisk(idOrName, machine.Ctx, user)
+
+	// skip tls verification if tls-verfiy flag is set to false
+	bootcDisk.SkipTLSVerify = !vmConfig.TLSVerify
+
 	err = bootcDisk.Install(vmConfig.Quiet, diskImageConfigInstance)
 
 	if err != nil {

pkg/bootc/bootc_disk.go

@@ -56,6 +56,7 @@ type BootcDisk struct {
 	Directory               string
 	file                    *os.File
 	bootcInstallContainerId string
+	SkipTLSVerify           bool
 }
 
 // create singleton for easy cleanup
@@ -106,7 +107,7 @@ func (p *BootcDisk) GetCreatedAt() time.Time {
 func (p *BootcDisk) Install(quiet bool, config DiskImageConfig) (err error) {
 	p.CreatedAt = time.Now()
 
-	err = p.pullImage()
+	err = p.pullImage(p.SkipTLSVerify)
 	if err != nil {
 		return
 	}
@@ -261,8 +262,8 @@ func (p *BootcDisk) bootcInstallImageToDisk(quiet bool, diskConfig DiskImageConf
 }
 
 // pullImage fetches the container image if not present
-func (p *BootcDisk) pullImage() error {
-	imageData, err := utils.PullAndInspect(p.Ctx, p.ImageNameOrId)
+func (p *BootcDisk) pullImage(skipTLSVerify bool) error {
+	imageData, err := utils.PullAndInspect(p.Ctx, p.ImageNameOrId, skipTLSVerify)
 	if err != nil {
 		return err
 	}

pkg/utils/podman.go

@@ -5,13 +5,13 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/containers/podman/v5/pkg/bindings/images"
-	"github.com/containers/podman/v5/pkg/domain/entities/types"
 	"os"
 	"os/exec"
 	"strings"
 
 	"github.com/containers/podman/v5/pkg/bindings"
+	"github.com/containers/podman/v5/pkg/bindings/images"
+	"github.com/containers/podman/v5/pkg/domain/entities/types"
 	"github.com/containers/podman/v5/pkg/machine"
 	"github.com/containers/podman/v5/pkg/machine/define"
 	"github.com/containers/podman/v5/pkg/machine/env"
@@ -31,9 +31,9 @@ type machineInfo struct {
 }
 
 // PullAndInspect inpects the image, pulling in if the image if required
-func PullAndInspect(ctx context.Context, imageNameOrId string) (*types.ImageInspectReport, error) {
+func PullAndInspect(ctx context.Context, imageNameOrId string, skipTLSVerify bool) (*types.ImageInspectReport, error) {
 	pullPolicy := "missing"
-	_, err := images.Pull(ctx, imageNameOrId, &images.PullOptions{Policy: &pullPolicy})
+	_, err := images.Pull(ctx, imageNameOrId, &images.PullOptions{Policy: &pullPolicy, SkipTLSVerify: &skipTLSVerify})
 	if err != nil {
 		return nil, fmt.Errorf("failed to pull image: %w", err)
 	}