diff --git a/image/directory/directory_test.go b/image/directory/directory_test.go index 8d2c31002e..26e19a20fb 100644 --- a/image/directory/directory_test.go +++ b/image/directory/directory_test.go @@ -15,7 +15,7 @@ func TestDestinationReference(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - dest, err := ref.NewImageDestination("", true) + dest, err := ref.NewImageDestination(nil) require.NoError(t, err) ref2 := dest.Reference() assert.Equal(t, tmpDir, ref2.StringWithinTransport()) @@ -26,12 +26,12 @@ func TestGetPutManifest(t *testing.T) { defer os.RemoveAll(tmpDir) man := []byte("test-manifest") - dest, err := ref.NewImageDestination("", true) + dest, err := ref.NewImageDestination(nil) require.NoError(t, err) err = dest.PutManifest(man) assert.NoError(t, err) - src, err := ref.NewImageSource("", true) + src, err := ref.NewImageSource(nil) require.NoError(t, err) m, mt, err := src.GetManifest(nil) assert.NoError(t, err) @@ -45,12 +45,12 @@ func TestGetPutBlob(t *testing.T) { digest := "digest-test" blob := []byte("test-blob") - dest, err := ref.NewImageDestination("", true) + dest, err := ref.NewImageDestination(nil) require.NoError(t, err) err = dest.PutBlob(digest, bytes.NewReader(blob)) assert.NoError(t, err) - src, err := ref.NewImageSource("", true) + src, err := ref.NewImageSource(nil) require.NoError(t, err) rc, size, err := src.GetBlob(digest) assert.NoError(t, err) @@ -96,7 +96,7 @@ func TestPutBlobDigestFailure(t *testing.T) { return 0, fmt.Errorf(digestErrorString) }) - dest, err := ref.NewImageDestination("", true) + dest, err := ref.NewImageDestination(nil) require.NoError(t, err) err = dest.PutBlob(blobDigest, reader) assert.Error(t, err) @@ -111,7 +111,7 @@ func TestGetPutSignatures(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - dest, err := ref.NewImageDestination("", true) + dest, err := ref.NewImageDestination(nil) require.NoError(t, err) signatures := [][]byte{ []byte("sig1"), @@ -120,7 +120,7 @@ func TestGetPutSignatures(t *testing.T) { err = dest.PutSignatures(signatures) assert.NoError(t, err) - src, err := ref.NewImageSource("", true) + src, err := ref.NewImageSource(nil) require.NoError(t, err) sigs, err := src.GetSignatures() assert.NoError(t, err) @@ -131,7 +131,7 @@ func TestDelete(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - src, err := ref.NewImageSource("", true) + src, err := ref.NewImageSource(nil) require.NoError(t, err) err = src.Delete() assert.Error(t, err) @@ -141,7 +141,7 @@ func TestSourceReference(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - src, err := ref.NewImageSource("", true) + src, err := ref.NewImageSource(nil) require.NoError(t, err) ref2 := src.Reference() assert.Equal(t, tmpDir, ref2.StringWithinTransport()) diff --git a/image/directory/directory_transport.go b/image/directory/directory_transport.go index c5547f7c56..7b12c0068c 100644 --- a/image/directory/directory_transport.go +++ b/image/directory/directory_transport.go @@ -128,18 +128,18 @@ func (ref dirReference) PolicyConfigurationNamespaces() []string { } // NewImage returns a types.Image for this reference. -func (ref dirReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) { +func (ref dirReference) NewImage(ctx *types.SystemContext) (types.Image, error) { src := newImageSource(ref) return image.FromSource(src, nil), nil } // NewImageSource returns a types.ImageSource for this reference. -func (ref dirReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { +func (ref dirReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { return newImageSource(ref), nil } // NewImageDestination returns a types.ImageDestination for this reference. -func (ref dirReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { +func (ref dirReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { return newImageDestination(ref), nil } diff --git a/image/directory/directory_transport_test.go b/image/directory/directory_transport_test.go index cba4c0d625..9403185779 100644 --- a/image/directory/directory_transport_test.go +++ b/image/directory/directory_transport_test.go @@ -149,21 +149,21 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) { func TestReferenceNewImage(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - _, err := ref.NewImage("/this/doesn't/exist", true) + _, err := ref.NewImage(nil) assert.NoError(t, err) } func TestReferenceNewImageSource(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - _, err := ref.NewImageSource("/this/doesn't/exist", true) + _, err := ref.NewImageSource(nil) assert.NoError(t, err) } func TestReferenceNewImageDestination(t *testing.T) { ref, tmpDir := refToTempDir(t) defer os.RemoveAll(tmpDir) - _, err := ref.NewImageDestination("/this/doesn't/exist", true) + _, err := ref.NewImageDestination(nil) assert.NoError(t, err) } diff --git a/image/doc.go b/image/doc.go index 870bb408dd..3f990071c9 100644 --- a/image/doc.go +++ b/image/doc.go @@ -13,7 +13,7 @@ // if err != nil { // panic(err) // } -// img, err := ref.NewImage("", true) +// img, err := ref.NewImage(nil) // if err != nil { // panic(err) // } diff --git a/image/docker/docker_client.go b/image/docker/docker_client.go index acaca313fa..fd016565c2 100644 --- a/image/docker/docker_client.go +++ b/image/docker/docker_client.go @@ -14,6 +14,7 @@ import ( "time" "github.com/Sirupsen/logrus" + "github.com/containers/image/types" "github.com/docker/docker/pkg/homedir" ) @@ -44,7 +45,7 @@ type dockerClient struct { } // newDockerClient returns a new dockerClient instance for refHostname (a host a specified in the Docker image reference, not canonicalized to dockerRegistry) -func newDockerClient(refHostname, certPath string, tlsVerify bool) (*dockerClient, error) { +func newDockerClient(ctx *types.SystemContext, refHostname string) (*dockerClient, error) { var registry string if refHostname == dockerHostname { registry = dockerRegistry @@ -56,17 +57,17 @@ func newDockerClient(refHostname, certPath string, tlsVerify bool) (*dockerClien return nil, err } var tr *http.Transport - if certPath != "" || !tlsVerify { + if ctx != nil && (ctx.DockerCertPath != "" || ctx.DockerInsecureSkipTLSVerify) { tlsc := &tls.Config{} - if certPath != "" { - cert, err := tls.LoadX509KeyPair(filepath.Join(certPath, "cert.pem"), filepath.Join(certPath, "key.pem")) + if ctx.DockerCertPath != "" { + cert, err := tls.LoadX509KeyPair(filepath.Join(ctx.DockerCertPath, "cert.pem"), filepath.Join(ctx.DockerCertPath, "key.pem")) if err != nil { return nil, fmt.Errorf("Error loading x509 key pair: %s", err) } tlsc.Certificates = append(tlsc.Certificates, cert) } - tlsc.InsecureSkipVerify = !tlsVerify + tlsc.InsecureSkipVerify = ctx.DockerInsecureSkipTLSVerify tr = &http.Transport{ TLSClientConfig: tlsc, } diff --git a/image/docker/docker_image.go b/image/docker/docker_image.go index 1a5b39187f..233c87ef7e 100644 --- a/image/docker/docker_image.go +++ b/image/docker/docker_image.go @@ -18,8 +18,8 @@ type Image struct { // newImage returns a new Image interface type after setting up // a client to the registry hosting the given image. -func newImage(ref dockerReference, certPath string, tlsVerify bool) (types.Image, error) { - s, err := newImageSource(ref, certPath, tlsVerify) +func newImage(ctx *types.SystemContext, ref dockerReference) (types.Image, error) { + s, err := newImageSource(ctx, ref) if err != nil { return nil, err } diff --git a/image/docker/docker_image_dest.go b/image/docker/docker_image_dest.go index 86a38e64a5..1e5ab49877 100644 --- a/image/docker/docker_image_dest.go +++ b/image/docker/docker_image_dest.go @@ -17,9 +17,9 @@ type dockerImageDestination struct { c *dockerClient } -// newImageDestination creates a new ImageDestination for the specified image reference and connection specification. -func newImageDestination(ref dockerReference, certPath string, tlsVerify bool) (types.ImageDestination, error) { - c, err := newDockerClient(ref.ref.Hostname(), certPath, tlsVerify) +// newImageDestination creates a new ImageDestination for the specified image reference. +func newImageDestination(ctx *types.SystemContext, ref dockerReference) (types.ImageDestination, error) { + c, err := newDockerClient(ctx, ref.ref.Hostname()) if err != nil { return nil, err } diff --git a/image/docker/docker_image_src.go b/image/docker/docker_image_src.go index 9284fd4222..8c4e70154b 100644 --- a/image/docker/docker_image_src.go +++ b/image/docker/docker_image_src.go @@ -27,9 +27,9 @@ type dockerImageSource struct { c *dockerClient } -// newImageSource creates a new ImageSource for the specified image reference and connection specification. -func newImageSource(ref dockerReference, certPath string, tlsVerify bool) (*dockerImageSource, error) { - c, err := newDockerClient(ref.ref.Hostname(), certPath, tlsVerify) +// newImageSource creates a new ImageSource for the specified image reference. +func newImageSource(ctx *types.SystemContext, ref dockerReference) (*dockerImageSource, error) { + c, err := newDockerClient(ctx, ref.ref.Hostname()) if err != nil { return nil, err } diff --git a/image/docker/docker_transport.go b/image/docker/docker_transport.go index 68cb0060b8..03224387b4 100644 --- a/image/docker/docker_transport.go +++ b/image/docker/docker_transport.go @@ -116,18 +116,18 @@ func (ref dockerReference) PolicyConfigurationNamespaces() []string { } // NewImage returns a types.Image for this reference. -func (ref dockerReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) { - return newImage(ref, certPath, tlsVerify) +func (ref dockerReference) NewImage(ctx *types.SystemContext) (types.Image, error) { + return newImage(ctx, ref) } // NewImageSource returns a types.ImageSource for this reference. -func (ref dockerReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { - return newImageSource(ref, certPath, tlsVerify) +func (ref dockerReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { + return newImageSource(ctx, ref) } // NewImageDestination returns a types.ImageDestination for this reference. -func (ref dockerReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { - return newImageDestination(ref, certPath, tlsVerify) +func (ref dockerReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { + return newImageDestination(ctx, ref) } // tagOrDigest returns a tag or digest from the reference. diff --git a/image/docker/docker_transport_test.go b/image/docker/docker_transport_test.go index cc2078e75b..d5950809b8 100644 --- a/image/docker/docker_transport_test.go +++ b/image/docker/docker_transport_test.go @@ -160,21 +160,21 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) { func TestReferenceNewImage(t *testing.T) { ref, err := ParseReference("//busybox") require.NoError(t, err) - _, err = ref.NewImage("", true) + _, err = ref.NewImage(nil) assert.NoError(t, err) } func TestReferenceNewImageSource(t *testing.T) { ref, err := ParseReference("//busybox") require.NoError(t, err) - _, err = ref.NewImageSource("", true) + _, err = ref.NewImageSource(nil) assert.NoError(t, err) } func TestReferenceNewImageDestination(t *testing.T) { ref, err := ParseReference("//busybox") require.NoError(t, err) - _, err = ref.NewImageDestination("", true) + _, err = ref.NewImageDestination(nil) assert.NoError(t, err) } diff --git a/image/oci/oci_dest_test.go b/image/oci/oci_dest_test.go index 5d672bd3c8..f7b2aed334 100644 --- a/image/oci/oci_dest_test.go +++ b/image/oci/oci_dest_test.go @@ -44,7 +44,7 @@ func TestPutBlobDigestFailure(t *testing.T) { return 0, fmt.Errorf(digestErrorString) }) - dest, err := ref.NewImageDestination("", true) + dest, err := ref.NewImageDestination(nil) require.NoError(t, err) err = dest.PutBlob(blobDigest, reader) assert.Error(t, err) diff --git a/image/oci/oci_transport.go b/image/oci/oci_transport.go index be96a85e77..61288a32bf 100644 --- a/image/oci/oci_transport.go +++ b/image/oci/oci_transport.go @@ -165,17 +165,17 @@ func (ref ociReference) PolicyConfigurationNamespaces() []string { } // NewImage returns a types.Image for this reference. -func (ref ociReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) { +func (ref ociReference) NewImage(ctx *types.SystemContext) (types.Image, error) { return nil, errors.New("Full Image support not implemented for oci: image names") } // NewImageSource returns a types.ImageSource for this reference. -func (ref ociReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { +func (ref ociReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { return nil, errors.New("Reading images not implemented for oci: image names") } // NewImageDestination returns a types.ImageDestination for this reference. -func (ref ociReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { +func (ref ociReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { return newImageDestination(ref), nil } diff --git a/image/oci/oci_transport_test.go b/image/oci/oci_transport_test.go index 4636805e92..90a3a3a1ba 100644 --- a/image/oci/oci_transport_test.go +++ b/image/oci/oci_transport_test.go @@ -205,21 +205,21 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) { func TestReferenceNewImage(t *testing.T) { ref, tmpDir := refToTempOCI(t) defer os.RemoveAll(tmpDir) - _, err := ref.NewImage("/this/doesn't/exist", true) + _, err := ref.NewImage(nil) assert.Error(t, err) } func TestReferenceNewImageSource(t *testing.T) { ref, tmpDir := refToTempOCI(t) defer os.RemoveAll(tmpDir) - _, err := ref.NewImageSource("/this/doesn't/exist", true) + _, err := ref.NewImageSource(nil) assert.Error(t, err) } func TestReferenceNewImageDestination(t *testing.T) { ref, tmpDir := refToTempOCI(t) defer os.RemoveAll(tmpDir) - _, err := ref.NewImageDestination("/this/doesn't/exist", true) + _, err := ref.NewImageDestination(nil) assert.NoError(t, err) } diff --git a/image/openshift/openshift.go b/image/openshift/openshift.go index 75080b223e..7d981ba544 100644 --- a/image/openshift/openshift.go +++ b/image/openshift/openshift.go @@ -171,24 +171,22 @@ func (c *openshiftClient) dockerRegistryHostPart() string { type openshiftImageSource struct { client *openshiftClient // Values specific to this image - certPath string // Only for parseDockerImageSource - tlsVerify bool // Only for parseDockerImageSource + ctx *types.SystemContext // State docker types.ImageSource // The Docker Registry endpoint, or nil if not resolved yet imageStreamImageName string // Resolved image identifier, or "" if not known yet } -// newImageSource creates a new ImageSource for the specified reference and connection specification. -func newImageSource(ref openshiftReference, certPath string, tlsVerify bool) (types.ImageSource, error) { +// newImageSource creates a new ImageSource for the specified reference. +func newImageSource(ctx *types.SystemContext, ref openshiftReference) (types.ImageSource, error) { client, err := newOpenshiftClient(ref) if err != nil { return nil, err } return &openshiftImageSource{ - client: client, - certPath: certPath, - tlsVerify: tlsVerify, + client: client, + ctx: ctx, }, nil } @@ -270,7 +268,7 @@ func (s *openshiftImageSource) ensureImageIsResolved() error { if err != nil { return err } - d, err := dockerRef.NewImageSource(s.certPath, s.tlsVerify) + d, err := dockerRef.NewImageSource(s.ctx) if err != nil { return err } @@ -286,8 +284,8 @@ type openshiftImageDestination struct { imageStreamImageName string // "" if not yet known } -// newImageDestination creates a new ImageDestination for the specified reference and connection specification. -func newImageDestination(ref openshiftReference, certPath string, tlsVerify bool) (types.ImageDestination, error) { +// newImageDestination creates a new ImageDestination for the specified reference. +func newImageDestination(ctx *types.SystemContext, ref openshiftReference) (types.ImageDestination, error) { client, err := newOpenshiftClient(ref) if err != nil { return nil, err @@ -301,7 +299,7 @@ func newImageDestination(ref openshiftReference, certPath string, tlsVerify bool if err != nil { return nil, err } - docker, err := dockerRef.NewImageDestination(certPath, tlsVerify) + docker, err := dockerRef.NewImageDestination(ctx) if err != nil { return nil, err } diff --git a/image/openshift/openshift_transport.go b/image/openshift/openshift_transport.go index 96b5f085bd..f7c2879d40 100644 --- a/image/openshift/openshift_transport.go +++ b/image/openshift/openshift_transport.go @@ -154,16 +154,16 @@ func (ref openshiftReference) PolicyConfigurationNamespaces() []string { } // NewImage returns a types.Image for this reference. -func (ref openshiftReference) NewImage(certPath string, tlsVerify bool) (types.Image, error) { +func (ref openshiftReference) NewImage(ctx *types.SystemContext) (types.Image, error) { return nil, errors.New("Full Image support not implemented for atomic: image names") } // NewImageSource returns a types.ImageSource for this reference. -func (ref openshiftReference) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { - return newImageSource(ref, certPath, tlsVerify) +func (ref openshiftReference) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { + return newImageSource(ctx, ref) } // NewImageDestination returns a types.ImageDestination for this reference. -func (ref openshiftReference) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { - return newImageDestination(ref, certPath, tlsVerify) +func (ref openshiftReference) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { + return newImageDestination(ctx, ref) } diff --git a/image/openshift/openshift_transport_test.go b/image/openshift/openshift_transport_test.go index 17aba5f6be..d57a3d58b3 100644 --- a/image/openshift/openshift_transport_test.go +++ b/image/openshift/openshift_transport_test.go @@ -113,7 +113,7 @@ func TestReferencePolicyConfigurationNamespaces(t *testing.T) { func TestReferenceNewImage(t *testing.T) { ref, err := NewReference(testBaseURL, "ns", "stream", "notlatest") require.NoError(t, err) - _, err = ref.NewImage("", true) + _, err = ref.NewImage(nil) assert.Error(t, err) } diff --git a/image/signature/policy_eval_signedby_test.go b/image/signature/policy_eval_signedby_test.go index 34376efd3b..7abf800029 100644 --- a/image/signature/policy_eval_signedby_test.go +++ b/image/signature/policy_eval_signedby_test.go @@ -25,7 +25,7 @@ func dirImageMock(t *testing.T, dir, dockerReference string) types.Image { func dirImageMockWithRef(t *testing.T, dir string, ref types.ImageReference) types.Image { srcRef, err := directory.NewReference(dir) require.NoError(t, err) - src, err := srcRef.NewImageSource("", true) + src, err := srcRef.NewImageSource(nil) require.NoError(t, err) return image.FromSource(&dirImageSourceMock{ ImageSource: src, diff --git a/image/signature/policy_eval_simple_test.go b/image/signature/policy_eval_simple_test.go index 3f23bdf789..788f414f45 100644 --- a/image/signature/policy_eval_simple_test.go +++ b/image/signature/policy_eval_simple_test.go @@ -34,13 +34,13 @@ func (ref nameOnlyImageReferenceMock) PolicyConfigurationIdentity() string { func (ref nameOnlyImageReferenceMock) PolicyConfigurationNamespaces() []string { panic("unexpected call to a mock function") } -func (ref nameOnlyImageReferenceMock) NewImage(certPath string, tlsVerify bool) (types.Image, error) { +func (ref nameOnlyImageReferenceMock) NewImage(ctx *types.SystemContext) (types.Image, error) { panic("unexpected call to a mock function") } -func (ref nameOnlyImageReferenceMock) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { +func (ref nameOnlyImageReferenceMock) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { panic("unexpected call to a mock function") } -func (ref nameOnlyImageReferenceMock) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { +func (ref nameOnlyImageReferenceMock) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { panic("unexpected call to a mock function") } diff --git a/image/signature/policy_eval_test.go b/image/signature/policy_eval_test.go index a4a87afb66..406ee7260a 100644 --- a/image/signature/policy_eval_test.go +++ b/image/signature/policy_eval_test.go @@ -90,13 +90,13 @@ func (ref pcImageReferenceMock) PolicyConfigurationNamespaces() []string { } return policyconfiguration.DockerReferenceNamespaces(ref.ref) } -func (ref pcImageReferenceMock) NewImage(certPath string, tlsVerify bool) (types.Image, error) { +func (ref pcImageReferenceMock) NewImage(ctx *types.SystemContext) (types.Image, error) { panic("unexpected call to a mock function") } -func (ref pcImageReferenceMock) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { +func (ref pcImageReferenceMock) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { panic("unexpected call to a mock function") } -func (ref pcImageReferenceMock) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { +func (ref pcImageReferenceMock) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { panic("unexpected call to a mock function") } diff --git a/image/signature/policy_reference_match_test.go b/image/signature/policy_reference_match_test.go index e342ea0559..fafa2dd71f 100644 --- a/image/signature/policy_reference_match_test.go +++ b/image/signature/policy_reference_match_test.go @@ -101,13 +101,13 @@ func (ref refImageReferenceMock) PolicyConfigurationIdentity() string { func (ref refImageReferenceMock) PolicyConfigurationNamespaces() []string { panic("unexpected call to a mock function") } -func (ref refImageReferenceMock) NewImage(certPath string, tlsVerify bool) (types.Image, error) { +func (ref refImageReferenceMock) NewImage(ctx *types.SystemContext) (types.Image, error) { panic("unexpected call to a mock function") } -func (ref refImageReferenceMock) NewImageSource(certPath string, tlsVerify bool) (types.ImageSource, error) { +func (ref refImageReferenceMock) NewImageSource(ctx *types.SystemContext) (types.ImageSource, error) { panic("unexpected call to a mock function") } -func (ref refImageReferenceMock) NewImageDestination(certPath string, tlsVerify bool) (types.ImageDestination, error) { +func (ref refImageReferenceMock) NewImageDestination(ctx *types.SystemContext) (types.ImageDestination, error) { panic("unexpected call to a mock function") } diff --git a/image/types/types.go b/image/types/types.go index c02ba96ba9..fabc593f49 100644 --- a/image/types/types.go +++ b/image/types/types.go @@ -71,11 +71,11 @@ type ImageReference interface { PolicyConfigurationNamespaces() []string // NewImage returns a types.Image for this reference. - NewImage(certPath string, tlsVerify bool) (Image, error) + NewImage(ctx *SystemContext) (Image, error) // NewImageSource returns a types.ImageSource for this reference. - NewImageSource(certPath string, tlsVerify bool) (ImageSource, error) + NewImageSource(ctx *SystemContext) (ImageSource, error) // NewImageDestination returns a types.ImageDestination for this reference. - NewImageDestination(certPath string, tlsVerify bool) (ImageDestination, error) + NewImageDestination(ctx *SystemContext) (ImageDestination, error) } // ImageSource is a service, possibly remote (= slow), to download components of a single image. @@ -159,6 +159,12 @@ type SystemContext struct { // Not used for any paths specified by users in config files (even if the location of the config file _was_ affected by it). // NOTE: This does NOT affect paths starting by $HOME. RootForImplicitAbsolutePaths string + + // === Global configuration overrides === // If not "", overrides the system's default path for signature.Policy configuration. SignaturePolicyPath string + + // === docker.Transport overrides === + DockerCertPath string // If not "", a directory containing "cert.pem" and "key.pem" used when talking to a Docker Registry + DockerInsecureSkipTLSVerify bool }