From 0bd1bdd744f68dc42ac64678972fede992a7189e Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Date: Fri, 29 Sep 2023 14:42:26 +0400
Subject: [PATCH] chore: allow insecure access to installer base image (imager)

This allows to force pull over insecure from non-local endpoints.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
---
 pkg/imager/profile/input.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/pkg/imager/profile/input.go b/pkg/imager/profile/input.go
index af7ee39aaa..a3ab295edc 100644
--- a/pkg/imager/profile/input.go
+++ b/pkg/imager/profile/input.go
@@ -48,6 +48,8 @@ type FileAsset struct {
 type ContainerAsset struct {
 	// ImageRef is a reference to the container image.
 	ImageRef string `yaml:"imageRef"`
+	// ForceInsecure forces insecure registry communication.
+	ForceInsecure bool `yaml:"forceInsecure,omitempty"`
 	// TarballPath is a path to the .tar format container image contents.
 	//
 	// If TarballPath is set, ImageRef is ignored.
@@ -154,10 +156,19 @@ func (c *ContainerAsset) Pull(ctx context.Context, arch string, printf func(stri
 
 	printf("pulling %s...", c.ImageRef)
 
-	img, err := crane.Pull(c.ImageRef, crane.WithPlatform(&v1.Platform{
-		Architecture: arch,
-		OS:           "linux",
-	}), crane.WithContext(ctx))
+	opts := []crane.Option{
+		crane.WithPlatform(&v1.Platform{
+			Architecture: arch,
+			OS:           "linux",
+		}),
+		crane.WithContext(ctx),
+	}
+
+	if c.ForceInsecure {
+		opts = append(opts, crane.Insecure)
+	}
+
+	img, err := crane.Pull(c.ImageRef, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("error pulling image %s: %w", c.ImageRef, err)
 	}