From 2203f2aa934fe52fceb8fa19a4712f2ac716a93c Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 13 Jun 2023 10:11:20 -0400
Subject: [PATCH] Make Podman/Buildah use same DecryptConfig/EncryptConfig
 funcs

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 cmd/podman/containers/create.go |  3 ++-
 cmd/podman/images/pull.go       |  3 ++-
 cmd/podman/images/push.go       |  3 ++-
 pkg/util/utils.go               | 36 ---------------------------------
 4 files changed, 6 insertions(+), 39 deletions(-)

diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go
index d6a6ff3773..a3b9e3e143 100644
--- a/cmd/podman/containers/create.go
+++ b/cmd/podman/containers/create.go
@@ -8,6 +8,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/common/pkg/config"
 	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/transports/alltransports"
@@ -346,7 +347,7 @@ func PullImage(imageName string, cliVals *entities.ContainerCreateOptions) (stri
 		skipTLSVerify = types.NewOptionalBool(!cliVals.TLSVerify.Value())
 	}
 
-	decConfig, err := util.DecryptConfig(cliVals.DecryptionKeys)
+	decConfig, err := cli.DecryptConfig(cliVals.DecryptionKeys)
 	if err != nil {
 		return "unable to obtain decryption config", err
 	}
diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go
index 2dd1919d2a..175328da06 100644
--- a/cmd/podman/images/pull.go
+++ b/cmd/podman/images/pull.go
@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/image/v5/types"
@@ -164,7 +165,7 @@ func imagePull(cmd *cobra.Command, args []string) error {
 		pullOptions.Password = creds.Password
 	}
 
-	decConfig, err := util.DecryptConfig(pullOptions.DecryptionKeys)
+	decConfig, err := cli.DecryptConfig(pullOptions.DecryptionKeys)
 	if err != nil {
 		return fmt.Errorf("unable to obtain decryption config: %w", err)
 	}
diff --git a/cmd/podman/images/push.go b/cmd/podman/images/push.go
index f0858aee42..22e7a0c3f3 100644
--- a/cmd/podman/images/push.go
+++ b/cmd/podman/images/push.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/image/v5/types"
@@ -198,7 +199,7 @@ func imagePush(cmd *cobra.Command, args []string) error {
 	}
 	defer signingCleanup()
 
-	encConfig, encLayers, err := util.EncryptConfig(pushOptions.EncryptionKeys, pushOptions.EncryptLayers)
+	encConfig, encLayers, err := cli.EncryptConfig(pushOptions.EncryptionKeys, pushOptions.EncryptLayers)
 	if err != nil {
 		return fmt.Errorf("unable to obtain encryption config: %w", err)
 	}
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
index e20746aeba..dff8721bdd 100644
--- a/pkg/util/utils.go
+++ b/pkg/util/utils.go
@@ -18,8 +18,6 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/types"
-	encconfig "github.com/containers/ocicrypt/config"
-	enchelpers "github.com/containers/ocicrypt/helpers"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/errorhandling"
 	"github.com/containers/podman/v4/pkg/namespaces"
@@ -617,40 +615,6 @@ func SizeOfPath(path string) (uint64, error) {
 	return uint64(size), err
 }
 
-// EncryptConfig translates encryptionKeys into an EncriptionsConfig structure
-func EncryptConfig(encryptionKeys []string, encryptLayers []int) (*encconfig.EncryptConfig, *[]int, error) {
-	var encLayers *[]int
-	var encConfig *encconfig.EncryptConfig
-
-	if len(encryptionKeys) > 0 {
-		// encryption
-		encLayers = &encryptLayers
-		ecc, err := enchelpers.CreateCryptoConfig(encryptionKeys, []string{})
-		if err != nil {
-			return nil, nil, fmt.Errorf("invalid encryption keys: %w", err)
-		}
-		cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{ecc})
-		encConfig = cc.EncryptConfig
-	}
-	return encConfig, encLayers, nil
-}
-
-// DecryptConfig translates decryptionKeys into a DescriptionConfig structure
-func DecryptConfig(decryptionKeys []string) (*encconfig.DecryptConfig, error) {
-	var decryptConfig *encconfig.DecryptConfig
-	if len(decryptionKeys) > 0 {
-		// decryption
-		dcc, err := enchelpers.CreateCryptoConfig([]string{}, decryptionKeys)
-		if err != nil {
-			return nil, fmt.Errorf("invalid decryption keys: %w", err)
-		}
-		cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{dcc})
-		decryptConfig = cc.DecryptConfig
-	}
-
-	return decryptConfig, nil
-}
-
 // ParseRestartPolicy parses the value given to the --restart flag and returns the policy
 // and restart retries value
 func ParseRestartPolicy(policy string) (string, uint, error) {