how to instruct buildah to trust the self-signed certificate

[learnersbox]

Hi Experts,

I just started with buildah, using ubuntu.
A simple command is difficult it seems...

@Alpha:~$ x1 = $(buildah from ubuntu)
Resolved "ubuntu" as an alias (/etc/containers/registries.conf.d/shortnames.conf)
Trying to pull docker.io/library/ubuntu:latest...
initializing source docker://ubuntu:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": x509: certificate signed by unknown authority
ERRO[0000] exit status 125
x1: command not found

How do I make this work ?

Best regards,

[TomSweeneyRedHat]

@vrothberg any tips/hints?

[nalind]

Adding a --tls-verify=false after from, i.e., using buildah from --tls-verify=false ubuntu should tell buildah to not require that its connection to the registry be encrypted (it likely still will be, but whatever) and to not require that the server's certificate is both signed by a trusted authority and identifies itself as belonging to the server that buildah tried to connect to (which is how we trust that the server on the other end of the encrypted connection is actually the one we intended to connect to).

Though, if this is a fully updated system, it's worth figuring out why the certificate the server is presenting isn't signed by an authority that the client OS's default configuration is set up to trust by default, as this error would also pop up if you connected to a malicious server that was attempting to impersonate "registry-1.docker.io".