nydusify convert failed when push layer to registry

[zvier]

Something wrong when I use nydusify convert generate a nydus image from an OCI image.

First, I use the nydusify convert simply like this:

nydusify convert --source registry.xxx.com/docker-test/systemd:oci --target registry.xxx.com/docker-test/systemd:nydus

The error message is: Failed to convert: Parse source image: Parse source image: resolve image: failed to do request: Head "https://registry.xxx.com/v2/docker-test/systemd/manifests/oci": x509: certificate signed by unknown authority

After read the help document, I add the --source-insecure true and --target-insecure true

nydusify convert --source registry.xxx.com/docker-test/systemd:oci --target registry.xxx.com/docker-test/systemd:nydus --source-insecure true  --target-insecure true

Then, the above phase error was gone away, but return error when push nydus layer to registry.

Failed to convert: Push Nydus layer in wait: Push Nydus bootstrap layer: Push bootstrap layer: failed to do request: Head "https://registry.xxx.com/v2/docker-test/systemd/blobs/sha256:5b4474303c71bcab696cb7c8933db0152f1f00f90d09667b392b5d2d2bc7dba5": x509: certificate signed by unknown authority

[imeoer]

Please retry with nydusify convert --source registry.xxx.com/docker-test/systemd:oci --target registry.xxx.com/docker-test/systemd:nydus --source-insecure --target-insecure (no true flag value.)

[zvier]

Please retry with nydusify convert --source registry.xxx.com/docker-test/systemd:oci --target registry.xxx.com/docker-test/systemd:nydus --source-insecure --target-insecure (no true flag value.)

This worked well.

[imeoer]

It's a good issue, we'd better remind the user that true should not be added to the boolean flag.

[jiangliu]

It's a good issue, we'd better remind the user that true should not be added to the boolean flag.

Add a value to --target-insecure and set its default to true?

[adamqqqplay]

Moved to #867 for further discussion.