Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>

cmd/podman/containers/create.go

@@ -8,6 +8,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/common/pkg/config"
 	cutil "github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/transports/alltransports"
@@ -346,7 +347,7 @@ func PullImage(imageName string, cliVals *entities.ContainerCreateOptions) (stri
 		skipTLSVerify = types.NewOptionalBool(!cliVals.TLSVerify.Value())
 	}
 
-	decConfig, err := util.DecryptConfig(cliVals.DecryptionKeys)
+	decConfig, err := cli.DecryptConfig(cliVals.DecryptionKeys)
 	if err != nil {
 		return "unable to obtain decryption config", err
 	}

cmd/podman/images/pull.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/image/v5/types"
@@ -164,7 +165,7 @@ func imagePull(cmd *cobra.Command, args []string) error {
 		pullOptions.Password = creds.Password
 	}
 
-	decConfig, err := util.DecryptConfig(pullOptions.DecryptionKeys)
+	decConfig, err := cli.DecryptConfig(pullOptions.DecryptionKeys)
 	if err != nil {
 		return fmt.Errorf("unable to obtain decryption config: %w", err)
 	}

cmd/podman/images/push.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/containers/buildah/pkg/cli"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/image/v5/types"
@@ -198,7 +199,7 @@ func imagePush(cmd *cobra.Command, args []string) error {
 	}
 	defer signingCleanup()
 
-	encConfig, encLayers, err := util.EncryptConfig(pushOptions.EncryptionKeys, pushOptions.EncryptLayers)
+	encConfig, encLayers, err := cli.EncryptConfig(pushOptions.EncryptionKeys, pushOptions.EncryptLayers)
 	if err != nil {
 		return fmt.Errorf("unable to obtain encryption config: %w", err)
 	}

pkg/util/utils.go

@@ -18,8 +18,6 @@ import (
 	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/types"
-	encconfig "github.com/containers/ocicrypt/config"
-	enchelpers "github.com/containers/ocicrypt/helpers"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/pkg/errorhandling"
 	"github.com/containers/podman/v4/pkg/namespaces"
@@ -617,40 +615,6 @@ func SizeOfPath(path string) (uint64, error) {
 	return uint64(size), err
 }
 
-// EncryptConfig translates encryptionKeys into an EncriptionsConfig structure
-func EncryptConfig(encryptionKeys []string, encryptLayers []int) (*encconfig.EncryptConfig, *[]int, error) {
-	var encLayers *[]int
-	var encConfig *encconfig.EncryptConfig
-
-	if len(encryptionKeys) > 0 {
-		// encryption
-		encLayers = &encryptLayers
-		ecc, err := enchelpers.CreateCryptoConfig(encryptionKeys, []string{})
-		if err != nil {
-			return nil, nil, fmt.Errorf("invalid encryption keys: %w", err)
-		}
-		cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{ecc})
-		encConfig = cc.EncryptConfig
-	}
-	return encConfig, encLayers, nil
-}
-
-// DecryptConfig translates decryptionKeys into a DescriptionConfig structure
-func DecryptConfig(decryptionKeys []string) (*encconfig.DecryptConfig, error) {
-	var decryptConfig *encconfig.DecryptConfig
-	if len(decryptionKeys) > 0 {
-		// decryption
-		dcc, err := enchelpers.CreateCryptoConfig([]string{}, decryptionKeys)
-		if err != nil {
-			return nil, fmt.Errorf("invalid decryption keys: %w", err)
-		}
-		cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{dcc})
-		decryptConfig = cc.DecryptConfig
-	}
-
-	return decryptConfig, nil
-}
-
 // ParseRestartPolicy parses the value given to the --restart flag and returns the policy
 // and restart retries value
 func ParseRestartPolicy(policy string) (string, uint, error) {