From 65bde5de890e359e0c1bdfa4c31c0aa5409e7388 Mon Sep 17 00:00:00 2001
From: Natalie Arellano <narellano@vmware.com>
Date: Fri, 15 Nov 2024 11:06:02 -0500
Subject: [PATCH] Fix https://github.com/buildpacks/lifecycle/issues/1425 by
 providing insecure registries when we access the run image

Signed-off-by: Natalie Arellano <narellano@vmware.com>
---
 cmd/lifecycle/exporter.go | 42 ++++++++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 14 deletions(-)

diff --git a/cmd/lifecycle/exporter.go b/cmd/lifecycle/exporter.go
index 06929fe53..b2e7f67d2 100644
--- a/cmd/lifecycle/exporter.go
+++ b/cmd/lifecycle/exporter.go
@@ -313,7 +313,7 @@ func (e *exportCmd) initDaemonAppImage(analyzedMD files.Analyzed, logger log.Log
 }
 
 func (e *exportCmd) initRemoteAppImage(analyzedMD files.Analyzed) (imgutil.Image, string, error) {
-	var opts = []imgutil.ImageOption{
+	var appOpts = []imgutil.ImageOption{
 		remote.FromBaseImage(e.RunImageRef),
 	}
 
@@ -324,43 +324,57 @@ func (e *exportCmd) initRemoteAppImage(analyzedMD files.Analyzed) (imgutil.Image
 		}
 		if extendedConfig != nil {
 			cmd.DefaultLogger.Debugf("Using config from extensions...")
-			opts = append(opts, remote.WithConfig(extendedConfig))
+			appOpts = append(appOpts, remote.WithConfig(extendedConfig))
 		}
 	}
 
 	if e.supportsHistory() {
-		opts = append(opts, remote.WithHistory())
+		appOpts = append(appOpts, remote.WithHistory())
 	}
 
-	opts = append(opts, image.GetInsecureOptions(e.InsecureRegistries)...)
+	appOpts = append(appOpts, image.GetInsecureOptions(e.InsecureRegistries)...)
 
 	if analyzedMD.PreviousImageRef() != "" {
 		cmd.DefaultLogger.Infof("Reusing layers from image '%s'", analyzedMD.PreviousImageRef())
-		opts = append(opts, remote.WithPreviousImage(analyzedMD.PreviousImageRef()))
+		appOpts = append(appOpts, remote.WithPreviousImage(analyzedMD.PreviousImageRef()))
 	}
 
 	if !e.customSourceDateEpoch().IsZero() {
-		opts = append(opts, remote.WithCreatedAt(e.customSourceDateEpoch()))
+		appOpts = append(appOpts, remote.WithCreatedAt(e.customSourceDateEpoch()))
 	}
 
 	appImage, err := remote.NewImage(
 		e.OutputImageRef,
 		e.keychain,
-		opts...,
+		appOpts...,
 	)
 	if err != nil {
 		return nil, "", cmd.FailErr(err, "create new app image")
 	}
 
-	runImage, err := remote.NewImage(e.RunImageRef, e.keychain, remote.FromBaseImage(e.RunImageRef))
-	if err != nil {
-		return nil, "", cmd.FailErr(err, "access run image")
-	}
-	runImageID, err := runImage.Identifier()
+	runImageID, err := func() (string, error) {
+		runImage, err := remote.NewImage(
+			e.RunImageRef,
+			e.keychain,
+			append(
+				image.GetInsecureOptions(e.InsecureRegistries),
+				remote.FromBaseImage(e.RunImageRef),
+			)...,
+		)
+		if err != nil {
+			return "", fmt.Errorf("failed to access run image: %w", err)
+		}
+		runImageID, err := runImage.Identifier()
+		if err != nil {
+			return "", fmt.Errorf("failed to get run image identifier: %w", err)
+		}
+		return runImageID.String(), nil
+	}()
 	if err != nil {
-		return nil, "", cmd.FailErr(err, "get run image reference")
+		return nil, "", cmd.FailErr(err, "get run image ID")
 	}
-	return appImage, runImageID.String(), nil
+
+	return appImage, runImageID, nil
 }
 
 func (e *exportCmd) initLayoutAppImage(analyzedMD files.Analyzed) (imgutil.Image, string, error) {