manifest/inspect: add support for tls-verify and authfile

Add flags for `manifest inspect` i.e `--tls-verify` and `--authfile` Signed-off-by: Aditya R <arajan@redhat.com>
2026-02-05 09:45:38 +01:00 · 2023-07-27 22:17:28 +05:30
parent 071f851da2
commit d27a823568
2 changed files with 24 additions and 2 deletions
--- a/cmd/buildah/manifest.go
+++ b/cmd/buildah/manifest.go
@@ -42,7 +42,10 @@ type manifestAnnotateOpts = struct {
 	os, arch, variant, osVersion      string
 	features, osFeatures, annotations []string
 }
-type manifestInspectOpts = struct{}
+type manifestInspectOpts = struct {
+	authfile  string
+	tlsVerify bool
+}

 func init() {
 	var (
@@ -199,6 +202,9 @@ func init() {
 		Example: `buildah manifest inspect mylist:v1.11`,
 		Args:    cobra.MinimumNArgs(1),
 	}
+	flags = manifestInspectCommand.Flags()
+	flags.StringVar(&manifestInspectOpts.authfile, "authfile", auth.GetDefaultAuthFile(), "path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
+	flags.BoolVar(&manifestInspectOpts.tlsVerify, "tls-verify", true, "require HTTPS and verify certificates when accessing the registry. TLS verification cannot be used when talking to an insecure registry.")
 	manifestInspectCommand.SetUsageTemplate(UsageTemplate())
 	manifestCommand.AddCommand(manifestInspectCommand)

@@ -696,6 +702,11 @@ func manifestAnnotateCmd(c *cobra.Command, args []string, opts manifestAnnotateO
 }

 func manifestInspectCmd(c *cobra.Command, args []string, opts manifestInspectOpts) error {
+	if c.Flag("authfile").Changed {
+		if err := auth.CheckAuthFile(opts.authfile); err != nil {
+			return err
+		}
+	}
 	imageSpec := ""
 	switch len(args) {
 	case 0:
@@ -831,7 +842,7 @@ func manifestPushCmd(c *cobra.Command, args []string, opts pushOptions) error {
 		return errors.New("At least a source list ID must be specified")
 	case 1:
 		listImageSpec = args[0]
-		destSpec = "docker://"+listImageSpec
+		destSpec = "docker://" + listImageSpec
 	case 2:
 		listImageSpec = args[0]
 		destSpec = args[1]
--- a/docs/buildah-manifest-inspect.1.md
+++ b/docs/buildah-manifest-inspect.1.md
@@ -16,6 +16,17 @@ Displays the manifest list or image index stored using the specified image name.

 A formatted JSON representation of the manifest list or image index.

+## OPTIONS
+
+**--authfile** *path*
+
+Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `buildah login`.
+If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
+
+**--tls-verify** *bool-value*
+
+Require HTTPS and verification of certificates when talking to container registries (defaults to true).  TLS verification cannot be used when talking to an insecure registry.
+
 ## EXAMPLE

 ```