Add support for configuring tls verification with machine init

This patch adds a new --tls-verify flag to the `podman machine init` sub command which matches many of our other commands. This allows the user to optionally control whether TLS verification is enabled or disabled for download of the machine image. The default remains to leave the TLS verification decision to the backend library which defaults to enabling it, this patch just allows the user to explicitly set it on the CLI. Fixes: #26517 Signed-off-by: Lewis Roy <lewis@redhat.com>
2025-11-29 17:48:05 +08:00 · 2025-08-01 22:37:45 +10:00
parent 0c4c9e4fbc
commit 67ec2037c0
10 changed files with 108 additions and 34 deletions
--- a/pkg/machine/shim/diskpull/diskpull.go
+++ b/pkg/machine/shim/diskpull/diskpull.go
@@ -4,19 +4,20 @@ import (
 	"context"
 	"strings"

+	"github.com/containers/image/v5/types"
 	"github.com/containers/podman/v5/pkg/machine/define"
 	"github.com/containers/podman/v5/pkg/machine/ocipull"
 	"github.com/containers/podman/v5/pkg/machine/stdpull"
 )

-func GetDisk(userInputPath string, dirs *define.MachineDirs, imagePath *define.VMFile, vmType define.VMType, name string) error {
+func GetDisk(userInputPath string, dirs *define.MachineDirs, imagePath *define.VMFile, vmType define.VMType, name string, skipTlsVerify types.OptionalBool) error {
 	var (
 		err    error
 		mydisk ocipull.Disker
 	)

 	if userInputPath == "" || strings.HasPrefix(userInputPath, "docker://") {
-		mydisk, err = ocipull.NewOCIArtifactPull(context.Background(), dirs, userInputPath, name, vmType, imagePath)
+		mydisk, err = ocipull.NewOCIArtifactPull(context.Background(), dirs, userInputPath, name, vmType, imagePath, skipTlsVerify)
 	} else {
 		if strings.HasPrefix(userInputPath, "http") {
 			// TODO probably should use tempdir instead of datadir
@@ -28,5 +29,6 @@ func GetDisk(userInputPath string, dirs *define.MachineDirs, imagePath *define.V
 	if err != nil {
 		return err
 	}
+
 	return mydisk.Get()
 }