feat: add --insecure for login command to skip tls verify

cmd/login.go

@@ -63,6 +63,7 @@ func init() {
 	flags.StringVarP(&loginConfig.Password, "password", "p", "", "Password for login")
 	flags.BoolVar(&loginConfig.PasswordStdin, "password-stdin", true, "Take the password from stdin by default")
 	flags.BoolVar(&loginConfig.PlainHTTP, "plain-http", false, "Allow http connections to registry")
+	flags.BoolVar(&loginConfig.Insecure, "insecure", false, "Allow insecure connections to registry")
 
 	if err := viper.BindPFlags(flags); err != nil {
 		panic(fmt.Errorf("bind cache login flags to viper: %w", err))

pkg/backend/login.go

@@ -18,11 +18,15 @@ package backend
 
 import (
 	"context"
+	"crypto/tls"
+	"net/http"
 
-	"github.com/CloudNativeAI/modctl/pkg/config"
 	"oras.land/oras-go/v2/registry/remote"
 	"oras.land/oras-go/v2/registry/remote/auth"
 	"oras.land/oras-go/v2/registry/remote/credentials"
+	"oras.land/oras-go/v2/registry/remote/retry"
+
+	"github.com/CloudNativeAI/modctl/pkg/config"
 )
 
 // Login logs into a registry.
@@ -38,6 +42,19 @@ func (b *backend) Login(ctx context.Context, registry, username, password string
 		return err
 	}
 
+	httpClient := &http.Client{
+		Transport: retry.NewTransport(&http.Transport{
+			TLSClientConfig: &tls.Config{
+				InsecureSkipVerify: cfg.Insecure,
+			},
+		}),
+	}
+	reg.Client = &auth.Client{
+		Cache:      auth.NewCache(),
+		Credential: credentials.Credential(store),
+		Client:     httpClient,
+	}
+
 	if cfg.PlainHTTP {
 		reg.PlainHTTP = true
 	}

pkg/config/login.go

@@ -23,6 +23,7 @@ type Login struct {
 	Password      string
 	PasswordStdin bool
 	PlainHTTP     bool
+	Insecure      bool
 }
 
 func NewLogin() *Login {
@@ -31,6 +32,7 @@ func NewLogin() *Login {
 		Password:      "",
 		PasswordStdin: true,
 		PlainHTTP:     false,
+		Insecure:      false,
 	}
 }