From a6cf2f42935a6051304171d4d3f099ecdadb4c6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
Date: Fri, 23 Jul 2021 15:46:00 +0200
Subject: [PATCH] Add the --tls-verify option to (skopeo logout)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The current implementation can actually contact the registry (if
logout fails with "not logged in" but there are .docker/config.json
credentials present), so provide a non-deprecated way to disable TLS.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
---
 cmd/skopeo/logout.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/skopeo/logout.go b/cmd/skopeo/logout.go
index b47ccffb..839bbb6f 100644
--- a/cmd/skopeo/logout.go
+++ b/cmd/skopeo/logout.go
@@ -4,12 +4,14 @@ import (
 	"io"
 
 	"github.com/containers/common/pkg/auth"
+	"github.com/containers/image/v5/types"
 	"github.com/spf13/cobra"
 )
 
 type logoutOptions struct {
 	global     *globalOptions
 	logoutOpts auth.LogoutOptions
+	tlsVerify  optionalBool
 }
 
 func logoutCmd(global *globalOptions) *cobra.Command {
@@ -24,12 +26,17 @@ func logoutCmd(global *globalOptions) *cobra.Command {
 		Example: `skopeo logout quay.io`,
 	}
 	adjustUsage(cmd)
-	cmd.Flags().AddFlagSet(auth.GetLogoutFlags(&opts.logoutOpts))
+	flags := cmd.Flags()
+	optionalBoolFlag(flags, &opts.tlsVerify, "tls-verify", "require HTTPS and verify certificates when accessing the registry")
+	flags.AddFlagSet(auth.GetLogoutFlags(&opts.logoutOpts))
 	return cmd
 }
 
 func (opts *logoutOptions) run(args []string, stdout io.Writer) error {
 	opts.logoutOpts.Stdout = stdout
 	sys := opts.global.newSystemContext()
+	if opts.tlsVerify.present {
+		sys.DockerInsecureSkipTLSVerify = types.NewOptionalBool(!opts.tlsVerify.value)
+	}
 	return auth.Logout(sys, &opts.logoutOpts, args)
 }