-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support insecure registries #461
Comments
@ravanelli is going to look at this during the sprint. Let us know if that is ok. |
Awesome 🎉 Happy to join a call and talk about it/mentor |
Thanks @cgwalters, I'm totally new to bootc and also to Rust. I was looking around and seems you mentioned this part: https://github.com/containers/bootc/blob/main/lib/src/spec.rs#L63 |
That's signature verification which is different from TLS. I stubbed this out to start
This will also likely require a change to...oh no wait we already have https://github.com/containers/containers-image-proxy-rs/blob/28155f45bf635edcbaf5b4e3540f3e3c54a13bd2/src/imageproxy.rs#L127 (Edit yeah let's also call it |
@cgwalters I wonder if you could clarify if the path I'm going is the right one?
If I understood it, I need to pass the new |
- Introduce 'insecure-disable-tls-verification' parameter for enabling TLS verification skipping Signed-off-by: Renata <rravanel@redhat.com>
- Introduce 'insecure-disable-tls-verification' parameter for enabling TLS verification skipping Signed-off-by: Renata <rravanel@redhat.com>
- Introduce 'insecure-disable-tls-verification' parameter for enabling TLS verification skipping - Fix Issue: containers#461 Signed-off-by: Renata <rravanel@redhat.com>
- Introduce 'insecure-disable-tls-verification' parameter for skipping TLS verification; - Fix Issue: containers#461. Signed-off-by: Renata <rravanel@redhat.com>
Hey, has any progress happened on this topic? We are looking into local insecure registries for E2E testing a fleet management system based on bootc. |
We don't have a `--tls-verify=false` flag because: - It's a bad idea to make it too easy to do - When you *do* do it, you want it to be persistent/global anyways so a global config file is righ Closes: containers#461 Signed-off-by: Colin Walters <walters@verbum.org>
We don't have a `--tls-verify=false` flag because: - It's a bad idea to make it too easy to do - When you *do* do it, you want it to be persistent/global anyways so a global config file is righ Closes: containers#461 Signed-off-by: Colin Walters <walters@verbum.org>
I'd resisted doing this a lot, but there are enough local dev/test scenarios where it'd be useful to be able to fetch from an insecure registry.
This would probably be a simple new
insecure: true
flag in the host image spec which we end up passing down into the ostree-ext/skopeo stack.The text was updated successfully, but these errors were encountered: