Skip to content

Commit

Permalink
configure the insecure flag to allow access to registries with self-s…
Browse files Browse the repository at this point in the history
…igned certificate

Signed-off-by: Jose R. Gonzalez <[email protected]>
  • Loading branch information
komish authored and bcrochet committed Feb 6, 2023
1 parent 2be289b commit 3d00049
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion internal/engine/engine.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"bytes"
"context"
"crypto/md5"
"crypto/tls"
"encoding/json"
"fmt"
"io"
Expand Down Expand Up @@ -102,7 +103,18 @@ func (c *CraneEngine) ExecuteChecks(ctx context.Context) error {
}

if c.Insecure {
options = append(options, crane.Insecure)
// Adding WithTransport opt is a workaround to allow for access to HTTPS
// container registries with self-signed or non-trusted certificates.
//
// See https://github.com/google/go-containerregistry/issues/1553 for more context. If this issue
// is resolved, then this workaround can likely be removed or adjusted to use new features in the
// go-containerregistry project.
rt := remote.DefaultTransport.(*http.Transport).Clone()
rt.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true, //nolint: gosec
}

options = append(options, crane.Insecure, crane.WithTransport(rt))
}

// pull the image and save to fs
Expand Down Expand Up @@ -674,6 +686,7 @@ func New(ctx context.Context,
IsBundle: isBundle,
IsScratch: isScratch,
Platform: platform,
Insecure: insecure,
}, nil
}

Expand Down

0 comments on commit 3d00049

Please sign in to comment.