feat: add TLS verification

Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com>

backend/builder/image_builder/image_builder.py

@@ -311,9 +311,6 @@ def _build_container_args(dockerfile_mount_path: str, image_tag: str) -> list[st
 
     if REGISTRY_SCHEME == "http":
         args.append("--insecure")
-    # TODO: add verification before release
-    else:
-        args.append("--skip-tls-verify")
 
     if KANIKO_MIRROR:
         args.append(f"--registry-mirror={REGISTRY}")

backend/image_transfer/decoder.py

@@ -56,8 +56,7 @@ def push_payload(
     """
     authenticator = Authenticator()
 
-    # TODO: add verification before release
-    with DXFBase(host=registry, auth=authenticator.auth, tlsverify=False, insecure=not secure) as dxf_base:
+    with DXFBase(host=registry, auth=authenticator.auth, insecure=not secure) as dxf_base:
         with safezip.ZipFile(zip_file, "r") as zip_file:
             return list(load_zip_images_in_registry(dxf_base, zip_file, strict))
 

backend/image_transfer/encoder.py

@@ -149,8 +149,7 @@ def make_payload(
 
     authenticator = Authenticator()
 
-    # TODO: add verification before release
-    with DXFBase(host=registry, auth=authenticator.auth, tlsverify=False, insecure=not secure) as dxf_base:
+    with DXFBase(host=registry, auth=authenticator.auth, insecure=not secure) as dxf_base:
         with safezip.ZipFile(zip_file, "w") as zip_file_opened:
             create_zip_from_docker_images(
                 dxf_base,

backend/substrapp/docker_registry.py

@@ -67,8 +67,6 @@ def get_request_docker_api(
         f"{REGISTRY_SCHEME}://{REGISTRY}/v2/{path}",
         headers=headers,
         timeout=HTTP_CLIENT_TIMEOUT_SECONDS,
-        # TODO: add verification before release
-        verify=False,  # nosec B501
     )
 
     response.raise_for_status()