From d1b90b399d65c10fe5139680d36abd8c70c948cf Mon Sep 17 00:00:00 2001
From: Andrew Melnick <meln5674@kettering.edu>
Date: Sat, 16 Nov 2024 13:07:36 -0700
Subject: [PATCH 1/2] Add fields for TLS material to destination config

Signed-off-by: Andrew Melnick <meln5674@kettering.edu>
---
 docs/containers.conf.5.md          | 13 +++++++++++++
 pkg/config/config.go               |  7 +++++++
 pkg/config/containers.conf         |  8 ++++++++
 pkg/config/containers.conf-freebsd |  7 +++++++
 4 files changed, 35 insertions(+)

diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
index 1c3a2460f..f76d981cd 100644
--- a/docs/containers.conf.5.md
+++ b/docs/containers.conf.5.md
@@ -907,11 +907,24 @@ URI to access the Podman service
 - **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock
 - **rootful local**  - unix:///run/podman/podman.sock
 - **rootful remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock
+- **tcp/tls remote** - tcp://10.10.1.136:9443
 
 **identity="~/.ssh/id_rsa**
 
 Path to file containing ssh identity key
 
+**tls_cert_file="~/certs/podman/tls.crt"**
+
+Path to PEM file containing TLS client certificate
+
+**tls_key_file="~/certs/podman/tls.key"**
+
+Path to PEM file containing TLS client certificate private key
+
+**tls_ca_file="~/certs/podman/ca.crt"**
+
+Path to PEM file containing TLS certificate authority (CA) bundle
+
 **[engine.volume_plugins]**
 
 A table of all the enabled volume plugins on the system. Volume plugins can be
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 7a625efe0..8b9a39634 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -701,6 +701,13 @@ type Destination struct {
 	// Identity file with ssh key, optional
 	Identity string `json:",omitempty" toml:"identity,omitempty"`
 
+	// Path to TLS client certificate PEM file, optional
+	TLSCertFile string `json:",omitempty" toml:"tls_cert_file,omitempty"`
+	// Path to TLS client certificate private key PEM file, optional
+	TLSKeyFile string `json:",omitempty" toml:"tls_key_file,omitempty"`
+	// Path to TLS certificate authority PEM file, optional
+	TLSCAFile string `json:",omitempty" toml:"tls_ca_file,omitempty"`
+
 	// isMachine describes if the remote destination is a machine.
 	IsMachine bool `json:",omitempty" toml:"is_machine,omitempty"`
 }
diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
index 0d22bcf38..94cf8f9e0 100644
--- a/pkg/config/containers.conf
+++ b/pkg/config/containers.conf
@@ -766,10 +766,18 @@ default_sysctls = [
 #       rootful "unix:///run/podman/podman.sock (Default)
 #       remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
 #       remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock
+#       tcp/tls remote tcp://10.10.1.136:9443
 #
 #    uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock"
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
+#    Path to PEM file containing TLS client certificate
+#    tls_cert_file = "~/certs/podman/tls.crt"
+#    Path to PEM file containing TLS client certificate private key
+#    tls_key_file = "~/certs/podman/tls.key"
+#    Path to PEM file containing TLS certificate authority (CA) bundle
+#    tls_ca_file = "~/certs/podman/ca.crt"
+
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #
diff --git a/pkg/config/containers.conf-freebsd b/pkg/config/containers.conf-freebsd
index f5b51dd22..4dbdd956c 100644
--- a/pkg/config/containers.conf-freebsd
+++ b/pkg/config/containers.conf-freebsd
@@ -587,10 +587,17 @@ default_sysctls = [
 #       rootful "unix:///run/podman/podman.sock (Default)
 #       remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
 #       remote rootful ssh://root@10.10.1.136:22/run/podman/podman.sock
+#       tcp/tls remote tcp://10.10.1.136:9443
 #
 #    uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock"
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
+#    Path to PEM file containing TLS client certificate
+#    tls_cert_file = "~/certs/podman/tls.crt"
+#    Path to PEM file containing TLS client certificate private key
+#    tls_key_file = "~/certs/podman/tls.key"
+#    Path to PEM file containing TLS certificate authority (CA) bundle
+#    tls_ca_file = "~/certs/podman/ca.crt"
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #

From fc20da2be3c0579cacafd14e3655bfee9e841578 Mon Sep 17 00:00:00 2001
From: Andrew Melnick <meln5674@kettering.edu>
Date: Fri, 13 Dec 2024 09:39:39 -0700
Subject: [PATCH 2/2] Use absolute paths for TLS config field docs

Signed-off-by: Andrew Melnick <meln5674@kettering.edu>
---
 docs/containers.conf.5.md          | 6 +++---
 pkg/config/containers.conf         | 6 +++---
 pkg/config/containers.conf-freebsd | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
index f76d981cd..1e0ba3f47 100644
--- a/docs/containers.conf.5.md
+++ b/docs/containers.conf.5.md
@@ -913,15 +913,15 @@ URI to access the Podman service
 
 Path to file containing ssh identity key
 
-**tls_cert_file="~/certs/podman/tls.crt"**
+**tls_cert_file="/path/to/certs/podman/tls.crt"**
 
 Path to PEM file containing TLS client certificate
 
-**tls_key_file="~/certs/podman/tls.key"**
+**tls_key_file="/path/to/certs/podman/tls.key"**
 
 Path to PEM file containing TLS client certificate private key
 
-**tls_ca_file="~/certs/podman/ca.crt"**
+**tls_ca_file="/path/to/certs/podman/ca.crt"**
 
 Path to PEM file containing TLS certificate authority (CA) bundle
 
diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
index 94cf8f9e0..d3c927a99 100644
--- a/pkg/config/containers.conf
+++ b/pkg/config/containers.conf
@@ -772,11 +772,11 @@ default_sysctls = [
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
 #    Path to PEM file containing TLS client certificate
-#    tls_cert_file = "~/certs/podman/tls.crt"
+#    tls_cert_file = "/path/to/certs/podman/tls.crt"
 #    Path to PEM file containing TLS client certificate private key
-#    tls_key_file = "~/certs/podman/tls.key"
+#    tls_key_file = "/path/to/certs/podman/tls.key"
 #    Path to PEM file containing TLS certificate authority (CA) bundle
-#    tls_ca_file = "~/certs/podman/ca.crt"
+#    tls_ca_file = "/path/to/certs/podman/ca.crt"
 
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
diff --git a/pkg/config/containers.conf-freebsd b/pkg/config/containers.conf-freebsd
index 4dbdd956c..3fcd76a99 100644
--- a/pkg/config/containers.conf-freebsd
+++ b/pkg/config/containers.conf-freebsd
@@ -593,11 +593,11 @@ default_sysctls = [
 #    Path to file containing ssh identity key
 #    identity = "~/.ssh/id_rsa"
 #    Path to PEM file containing TLS client certificate
-#    tls_cert_file = "~/certs/podman/tls.crt"
+#    tls_cert_file = "/path/to/certs/podman/tls.crt"
 #    Path to PEM file containing TLS client certificate private key
-#    tls_key_file = "~/certs/podman/tls.key"
+#    tls_key_file = "/path/to/certs/podman/tls.key"
 #    Path to PEM file containing TLS certificate authority (CA) bundle
-#    tls_ca_file = "~/certs/podman/ca.crt"
+#    tls_ca_file = "/path/to/certs/podman/ca.crt"
 
 # Directory for temporary files. Must be tmpfs (wiped after reboot)
 #