Releases: containers/image
Releases · containers/image
v5.26.1
v5.26.0
What's Changed
- Release 5.25.0 by @mtrmac in #1909
- fix(deps): update module github.com/docker/docker to v23.0.3+incompatible by @renovate in #1910
- fix(deps): update module golang.org/x/term to v0.7.0 by @renovate in #1911
- fix(deps): update module github.com/klauspost/compress to v1.16.4 by @renovate in #1912
- fix(deps): update module github.com/sigstore/sigstore to v1.6.1 by @renovate in #1913
- chore(deps): update dependency containers/automation_images to v20230405 by @renovate in #1914
- fix(deps): update module golang.org/x/crypto to v0.8.0 by @renovate in #1915
- fix(deps): update module golang.org/x/oauth2 to v0.7.0 by @renovate in #1916
- fix(deps): update module github.com/containers/storage to v1.46.1 by @renovate in #1917
- fix(deps): update module github.com/sigstore/sigstore to v1.6.2 by @renovate in #1918
- Don't completely silently ignore non-OCI manifests in OCI layouts by @mtrmac in #1922
- fix(deps): update module github.com/klauspost/compress to v1.16.5 by @renovate in #1925
- fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0 by @renovate in #1924
- fix(deps): update module github.com/docker/docker to v23.0.4+incompatible by @renovate in #1926
- Simplify the tarball: transport by @mtrmac in #1923
- fix(deps): update module github.com/sigstore/sigstore to v1.6.3 by @renovate in #1928
- Fix conversion determination when encrypting by @mtrmac in #1930
- fix(deps): update golang.org/x/exp digest to 47ecfdc by @renovate in #1934
- Update the docker-daemon: client, and docker/docker dependency by @mtrmac in #1937
- chore(deps): update dependency containers/automation_images to v20230426 by @renovate in #1939
- fix(deps): update module github.com/sylabs/sif/v2 to v2.11.3 by @renovate in #1936
- fix(deps): update module github.com/klauspost/pgzip to v1.2.6 by @renovate in #1941
- fix(deps): update module golang.org/x/sync to v0.2.0 by @renovate in #1942
- fix(deps): update module golang.org/x/term to v0.8.0 by @renovate in #1943
- fix(deps): update module github.com/sigstore/fulcio to v1.3.1 by @renovate in #1935
- fix(deps): update module github.com/sigstore/rekor to v1.1.1 by @renovate in #1940
- fix(deps): update module github.com/sigstore/sigstore to v1.6.4 by @renovate in #1945
- Update github.com/opencontainers/image-spec to v1.1.0-rc3 by @mtrmac in #1944
- fix(deps): update module golang.org/x/oauth2 to v0.8.0 by @renovate in #1949
- fix(deps): update module github.com/docker/docker to v23.0.6+incompatible by @renovate in #1931
- fix(deps): update module golang.org/x/crypto to v0.9.0 by @renovate in #1950
- Use a pointer receiver for internal/set.Set by @mtrmac in #1951
- fix(deps): update module github.com/docker/distribution to v2.8.2+incompatible by @renovate in #1955
- fix(deps): update module github.com/sylabs/sif/v2 to v2.11.4 by @renovate in #1956
- fix(deps): update module github.com/docker/docker to v24 by @renovate in #1958
- fix(deps): update module github.com/sirupsen/logrus to v1.9.2 by @renovate in #1957
- chore(deps): update dependency containers/automation_images to v20230517 by @renovate in #1959
- fix(deps): update module github.com/stretchr/testify to v1.8.3 by @renovate in #1960
- fix(deps): update module github.com/docker/docker to v24.0.1+incompatible by @renovate in #1961
- fix(deps): update module github.com/docker/docker to v24.0.2+incompatible by @renovate in #1965
- fix(deps): update module github.com/imdario/mergo to v0.3.16 by @renovate in #1967
- fix(deps): update module github.com/sigstore/rekor to v1.2.1 by @renovate in #1966
- Clean up auth.json documentation by @mtrmac in #1964
- fix(deps): update module github.com/stretchr/testify to v1.8.4 by @renovate in #1969
- fix(deps): update module github.com/burntsushi/toml to v1.3.0 by @renovate in #1970
- fix(deps): update module github.com/sigstore/sigstore to v1.6.5 by @renovate in #1971
- manifest: prepare internal
EditInstancesby @flouthoc in #1896 - fix(deps): update github.com/sigstore/rekor digest to 4c81ff2 by @renovate in #1974
- fix(deps): update github.com/cyberphone/json-canonicalization digest to 504adb8 by @renovate in #1973
- fix(deps): update golang.org/x/exp digest to 2e198f4 by @renovate in #1975
- chore(deps): update dependency containers/automation_images to v20230601 by @renovate in #1978
- copy/multiple: use more flexible
EditInstancesinstead ofUpdateInstancesby @flouthoc in #1883 - fix(deps): update module github.com/sirupsen/logrus to v1.9.3 by @renovate in #1981
- Use x/exp/slices, and other small cleanups by @mtrmac in #1977
- copy/multiple: split selection of images to be copied in
copyMultipleImagesby @flouthoc in #1982 - fix(deps): update module github.com/burntsushi/toml to v1.3.1 by @renovate in #1984
- fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.3 by @renovate in #1985
- fix(deps): update module github.com/hashicorp/go-retryablehttp to v0.7.4 by @renovate in #1986
- Don't claim that libostree is required by default. by @mtrmac in #1989
- fix(deps): update module github.com/burntsushi/toml to v1.3.2 by @renovate in #1990
- fix(deps): update module github.com/go-openapi/swag to v0.22.4 by @renovate in #1991
- fix(deps): update module golang.org/x/term to v0.9.0 by @renovate in #1993
- Stop having an opinion on TLS version by @mtrmac in #1963
- fix(deps): update module github.com/klauspost/compress to v1.16.6 by @renovate in #1994
- fix(deps): update module golang.org/x/crypto to v0.10.0 by @renovate in #1995
- fix(deps): update module github.com/sylabs/sif/v2 to v2.11.5 by @renovate in #1997
- fix(deps): update module golang.org/x/oauth2 to v0.9.0 by @renovate in #1996
- fix(deps): update module golang.org/x/sync to v0.3.0 by @renovate in #1999
- chore(deps): update dependency containers/automation_images to v20230614 by @renovate in #2000
- Don't store signatures if there is none of them by @mike-sul in #2001
- fix(deps): update module github.com/sigstore/sigstore to v1.7.0 by @renovate in #2002
- fix(deps): update module github.com/imdario/mergo to v1 by @mtrmac in #2006
- Clarify how
ociandoci-archiveparse colons by @mtrmac in #2007 - fix(deps): update module github.com/sigstore/sigstore to v1.7.1 by @renovate in #2008
- fix(deps): update module github.com/containers/storage to v1.47.0 by @renovate in #2011
- list,oci_index: automatically add inbuilt annotations on add by @flouthoc in #1992
New Contributors
Full Changelog: v5.25.0...v5.26.0
Contributors
renovate, mtrmac, and 2 other contributors
Assets 2
v5.25.0
What's Changed
- Release v5.24.0 by @mtrmac in #1814
- fix(deps): update module github.com/theupdateframework/go-tuf to v0.5.2 by @renovate in #1815
- Migrate from ghodss/yaml to gopkg.in/yaml.v3 by @mtrmac in #1818
- build(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 by @dependabot in #1820
- Add a more specific error message on invalid docker-config-in-OCI-image images by @mtrmac in #1822
- Update to github.com/vbauerster/mpb/v8 by @mtrmac in #1821
- Cirrus: Use human-readable CI VM Images by @cevich in #1817
- Update to docker/docker v23.0.0 by @mtrmac in #1825
- Update to Go 1.18 by @mtrmac in #1827
- Update to golangci-lint 1.51.0 by @mtrmac in #1824
- Update golang.org/x/exp digest to 46f607a by @renovate in #1829
- Update module github.com/sylabs/sif/v2 to v2.9.1 by @renovate in #1830
- Update module github.com/vbauerster/mpb/v8 to v8.1.6 by @renovate in #1831
- Reconnecting blob reader by @mtrmac in #1816
- manifest: introduce
internal/manifestwith private types and freeze publicmanifest.Listby @flouthoc in #1791 - fix(deps): update module golang.org/x/term to v0.5.0 by @renovate in #1833
- fix(deps): update module github.com/opencontainers/selinux to v1.11.0 by @renovate in #1835
- [CI:DOCS] Disable dependabot by @cevich in #1837
- fix(deps): update module golang.org/x/crypto to v0.6.0 by @renovate in #1838
- Run codespell on codebase by @rhatdan in #1841
- fix(deps): update module golang.org/x/oauth2 to v0.5.0 by @renovate in #1840
- fix(deps): update module github.com/docker/docker to v23.0.1+incompatible by @renovate in #1823
- Remove a direct use of golang.org/x/net/http2 by @mtrmac in #1843
- Merge pullSource tests as table driven format by @QiWang19 in #1826
- Relax retry heuristics by @mtrmac in #1847
- Simplify bodyReader.errorIfNotReconnecting by @mtrmac in #1850
- Update letsencrypt/boulder after letsencrypt/boulder#6651 by @mtrmac in #1849
- More warning fixes by @mtrmac in #1846
- Merge release branch into main by @mtrmac in #1842
- Update module github.com/sigstore/fulcio to v1.1.0 by @renovate in #1853
- Make it clear that cleartext signatures are not accepted in simple signing by @mtrmac in #1854
- Make some symbols in internal packages package-private by @mtrmac in #1855
- distribution: remove use of deprecated dial.DualStack by @giuseppe in #1856
- fix(deps): update module github.com/sylabs/sif/v2 to v2.9.2 by @renovate in #1857
- fix(deps): update module github.com/vbauerster/mpb/v8 to v8.2.0 by @renovate in #1858
- Fix builds of the ostree transport by @mtrmac in #1860
- [release-5.24] Backport retries heuristics updates by @mtrmac in #1859
- Merge release branch into
mainby @mtrmac in #1861 - fix(deps): update module github.com/sigstore/sigstore to v1.5.2 by @renovate in #1862
- fix(deps): update module github.com/containers/storage to v1.45.4 by @renovate in #1863
- fix(deps): update module github.com/stretchr/testify to v1.8.2 by @renovate in #1865
- fix(deps): update module github.com/sylabs/sif/v2 to v2.10.0 by @renovate in #1864
- fix(deps): update module github.com/klauspost/compress to v1.16.0 by @renovate in #1866
- fix(deps): update module github.com/vbauerster/mpb/v8 to v8.2.1 by @renovate in #1868
- manifest,zstd: give priority to
zstdcompressed images when pulling image from a manifest list by @flouthoc in #1789 - client: enable HTTP(S) keep-alive by @giuseppe in #1867
- fix(deps): update module github.com/sigstore/sigstore to v1.6.0 by @renovate in #1870
- fix(deps): update module golang.org/x/term to v0.6.0 by @renovate in #1871
- fix(deps): update module golang.org/x/crypto to v0.7.0 by @renovate in #1872
- fix(deps): update module golang.org/x/oauth2 to v0.6.0 by @renovate in #1873
- Split
copy/copy.gointo three files by @mtrmac in #1878 - fix(deps): update module github.com/sylabs/sif/v2 to v2.11.0 by @renovate in #1879
- copy: move
c.compression*toimageCopierby @flouthoc in #1881 - Remove some inaccurate comments by @mtrmac in #1880
- fix(deps): update module github.com/vbauerster/mpb/v8 to v8.3.0 by @renovate in #1882
- fix(deps): update module github.com/klauspost/compress to v1.16.3 by @renovate in #1885
- fix(deps): update golang.org/x/exp digest to 522b1b5 by @renovate in #1844
- Don't claim auth.json contains encrypted information by @mtrmac in #1884
- fix(deps): update module github.com/imdario/mergo to v0.3.14 by @renovate in #1887
- fix(deps): update module github.com/go-openapi/strfmt to v0.21.5 by @renovate in #1889
- refactor(docs): Disambiguate sigstoreSigned documentation by @Delet0r in #1890
- fix(deps): update module github.com/sylabs/sif/v2 to v2.11.1 by @renovate in #1891
- Cirrus: Replace Ubuntu container w/ Debian VM by @cevich in #1886
- Don’t discard annotations on blob reuse and partial pulls by @mtrmac in #1892
- chore(deps): update dependency containers/automation_images to v20230320 by @renovate in #1893
- fix(deps): update module github.com/imdario/mergo to v0.3.15 by @renovate in #1895
- fix(deps): update module github.com/vbatts/tar-split to v0.11.3 by @renovate in #1897
- fix(deps): update module github.com/go-openapi/strfmt to v0.21.7 by @renovate in #1898
- fix(deps): update module github.com/docker/docker to v23.0.2+incompatible by @renovate in #1900
- fix(deps): update module github.com/sigstore/rekor to v1.1.0 by @renovate in #1901
- Allow using cosign-generated private keys with a "SIGSTORE" type by @mtrmac in #1902
- chore(deps): update dependency containers/automation_images to v20230330 by @renovate in #1905
- Add ability to verify a signature with a set of fingerprints by @Jamstah in #1904
- fix(deps): update golang.org/x/exp digest to 10a5072 by @renovate in #1906
- Update, and support, Fulcio v1.2.0 by @mtrmac in #1903
- Add FIXMEs about handling of zstd:chunked blob annotations on blob changes by @mtrmac in #1894
- Vendor in latest containers/storage by @rhatdan in #1908
New Contributors
Full Changelog: v5.24.2...v5.25.0
Contributors
giuseppe, Jamstah, and 8 other contributors
Assets 2
v5.24.2
v5.24.1
v5.24.0
Now supports both creating and verifying sigstore signatures that use
Fulcio and Rekor.
A New API for signing images during copy.
docker-archive: now can read non-seekable streams.
Improved error messages for registry errors.
- Introduce oci/{archive,layout}.ImageNotFoundError
- Don't use any default path fallbacks if the user specified a path
- Introduce signature/sigstore.NewSigner
- Introduce signature/simplesigning.NewSigner
- Add pkg/cli/sigstore
- Add functional-option NewPRSigstoreSigned
- Add signature/sigstore.GenerateKeyPair
- Avoid confusion about 404 on lookaside
- Heuristically warn about lookaside servers serving HTML
- Add a limit for the total number of signatures in lookaside
- Update the public.ecr.aws error with current data
- Add a test for isManifestUnknownError
- Consolidate handleErrorResponse calls to registryHTTPResponseToError
- Discard any but the first element of errcode.Errors
- Add more detailed error tests
- Make invalid HTTP bodies unwrappable as unexpectedHTTPResponseError
- Use registryHTTPResponseToError on /tags/list failure
- Simplify error messages using the default error text
- Use registryHttpResponseToError in many more places
- set directory transport destination as thread-safe
- Recognize invalid error responses of registry.redhat.io
- Make the pseudo-config used in sigstore attachments a bit more valid
- Convert TestSignatureStorageBaseURL to table-based
- Don't call net/url.URL.Parse when we mean net/url.Parse
- Rename all "url" variables to something else
- Fix documentation comment of the stubs package
- Simplify ociReference.getManifestDescriptor
- Simplify ociReference.getManifestDescriptor a bit
- Fix typos
- Remove unnecessary conversions
- Actually test the caller-requested function
- Remove ineffective assignments
- Fix an always-true condition
- Fix unordered list formatting in containers-policy.json(5)
- docker/reference: reduce regex compilations
- docker/reference/regexp.go: constify strings
- docker/reference.literal: return QuoteMeta directly
- docker/reference.expression: use strings.Join()
- Run (gofmt -s)
- Don't incorrectly report success on failure paths
- Clarify the semantics of the optional.creator field in simple signature payload
- Call x509.SystemCertPool directly instead of tlsconfig.SystemCertPool
- Remove sockets.DialerFromEnvironment
- Use io.SeekStart instead of a hard-coded 0
- Add support for non-seekable files in docker-archive: sources
- Add comments to BlobInfo to warn against adding more edit fields
- Split test data from TestV1RegistriesConfNonempty and TestV2RegistriesConfNonempty
- Reject files mixing v1 and v2 registries.conf, even with empty fields
- Fix a typo
- Move the "human-readable description" of a helper into setAuthToCredHelper
- Correctly report a credHelpers location in SetCredentials
- Add missing documentation of build tags
- Fix comments about exponential backoff with Retry-After
- storage source: Don't store small blobs on disk in GetBlob()
- config: use
authPathstruct consistently - config: Make parsing function a method on authFile
- storage: Immediately unlink tmpfile
- Don't duplicate the getPathToAuth rules for user-specified paths in getAuthPaths
- Move killGPGAgent into a helper package
- Terminate the GPG agent spawned by c/image/signature tests
- Speed up pkg/blobcache tests
- Turn copy.TestCreateSignature into a table-based test
- Reorder the tests in copy.TestCreateSignature
- Add a test case for signing dir: with an explicit identity
- Fix a documentation typo
- Return a generic signature.Signature from SignDockerManifestWithPrivateKeyFileUnstable
- Introduce Signer = internal/signer.Signer, and internal/signer.SignerImplementation
- Introduce signature/sigstore/internal.SigstoreSigner
- Make SigstoreSigner implement signer.SignerImplementation
- Rename signature/sigstore/sign.go to signer.go
- Consolidate the two signing implementations to copier.createSignatureWithSigner
- Refactor copy.Image to sign using []*signer.Signer
- Add copy.Options.Signers
- Don't use GPG in copy.TestCreateSignatures
- Make sure value types also implement json.Marshaler
- Add signature/internal.UntrustedRekor{SET,Payload}
- Refactor SigstoreSigner.SignImageManifest a bit
- Rekor upload
- Move the docker client User-Agent value to a shared subpackage
- Add Fulcio with OIDC authentication
- Add Fulcio with user-provided OIDC token
- Drop dead code that causes a regex compilation on init
- Do not preallocate regex in init program
- Replace copy&pasted code by a shared modifiedJSON function
- Add VerifyRekorSET
- manifest: pull Variant from an OCI config
- Remove left-over logging from test development
- Cirrus: Use F37 CI VM Image
- Add Fulcio certificate acceptance logic
- Split loadBytesFromDataOrPath and prepareTrustRoot in prSigstoreSigned
- Make a part of TestPRSigstoreSignedIsSignatureAccepted table-driven
- Split sigstore configuration parsing and API into separate files
- Add tests to reject neither of keyPath / keyData being set
- Add support for Fulcio and Rekor to sigstoreSigned
v5.23.1
v5.22.1
v5.23.0
Image.Inspect now provides more information.
Improved support for registries that require authentication, notably for the search operation.
- Cirrus: Use the latest imgts container
- Cirrus: Update CI VM images
- Replace use of deprecated io/ioutil
- Reformat with Go 1.19's gofmt
- Use c/image's reference package
- Rename archiveImageDestination.writer to file
- Introduce archiveImageDestination.closeWriter
- Use an *archive.Writer in dockerArchiveReference and dockerArchiveDestination
- Inline openArchiveForWriting into archive.Writer
- Automaticaly delete a docker-archive if we didn't write a complete image
- Update a test dependency to avoid override problems
- docker_client: Handle "invalid_scope" errors
- Document limitations of transports for remote podman client
- Remove github.com/docker/distribution/registry/client package
- Log invalid and empty credential helper entries
v5.22.0
copy.Image can now copy non-image OCI artifacts.
Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only).
Now requires Go 1.17.
GPGME now must be new enough to be visible via pkg-config.
github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is}
might need to be used instead of pkg/errors.Cause).
Changes default paths on FreeBSD.
- Remove unused Makefile variables
- Config files should live in /usr/local on FreeBSD
- docker: validate received parts
- Use go env to fetch the go path
- docker: add workaround for CloudFront
- Improve errors messages when image missing from list
- Stop calling gpgme-config
- Fix codespell errors
- Make sure github.com/opencontainers/runc >= 1.1.2 is used
- Cirrus: use Ubuntu 22.04 LTS
- Merge pull request #1576 from mtrmac/private-image
- Merge pull request #1577 from mtrmac/mocks
- Merge pull request #1571 from mtrmac/go1.17
- Merge pull request #1578 from mtrmac/sourced-image-struct
- Fix error on parallel multiple image pullings with additionallayerstore
- Merge pull request #1579 from mtrmac/copy-layers-refactor
- Reject OCI artifacts in manifest.OCI1.ImageID
- Reject OCI artifacts in manifest.OCI1.Inspect
- Refuse to convert non-image OCI artifacts to Docker formats
- Reject OCI artifacts in image.manifestOCI1.OCIConfig
- Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image
- Use an updated CI image
- Use strings.ReplaceAll instead of strings.Replace(..., -1)
- Move the main helper removal case to the main path on RemoveAllAuthentication
- Merge pull request #1588 from mtrmac/pkg_errors
- Merge pull request #1589 from mtrmac/private-dest-impls
- Merge pull request #1590 from mtrmac/private-src-impls
- Merge pull request #1592 from mtrmac/blobcache-wrap-private
- Use "io.ReadAll" instead of "os.ReadAll"
- Merge pull request #1596 from mtrmac/cosign-payload
- Generalize copy.Image to be able to copy signatures with any format
- Merge pull request #1593 from mtrmac/cosign-sigs
- Introduce signature.Cosign as a format
- Add use-cosign-attachments to registries.d/*.yaml
- Add support for reading and writing Cosign attachments, incl. signatures
- Merge pull request #1595 from mtrmac/cosign-docker
- Add support for creating Cosign signatures
- Fix a long-standing incorrect comment
- Fix JSON syntax in the policy.json(5) man page
- Correctly decode Cosign-generated payloads
- Add Cosign verification support
- s/sigstore/lookaside/g in comments and documentation
- Refer to lookasideStorage instead of signatureStorage in code
- Add lookaside and lookaside-staging, hide sigstore and sigstore-staging
- Merge pull request #1605 from mtrmac/sigstore
- Fix a typo in error messages
- Remove a copy&pasted test entry
- Add context to some test failures
- Use more valid data in TestPRSignedByIsSignatureAuthorAccepted
- Generalize keyPath/keyData exclusivity checks
- Remove repetition in tests
- Accept multiple keyrings in newEphemeralGPGSigningMechanism
- Allow accepting multiple GPG keyrings via signedBy.keyPaths
- Switch to golang native error wrapping
- Point out use-sigstore-registries in sigstoreSigned documentation
- Use .pub extension for public keys in sigstoreSigned examples
- copy: print copy info once when writer==io.Discard
- Silence a "potentially unused parameter" warning
- Read signatures from UnparsedImage instead of ImageSource directly
- Consolidate reading messages, and checking for support, into a helper
- build(deps): bump github.com/containers/storage from 1.40.0 to 1.40.2
- build(deps): bump github.com/docker/docker
- build(deps): bump github.com/klauspost/compress from 1.15.2 to 1.15.3
- build(deps): bump github.com/klauspost/compress from 1.15.3 to 1.15.4
- build(deps): bump github.com/docker/docker
- build(deps): bump github.com/proglottis/gpgme from 0.1.1 to 0.1.2
- build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2
- build(deps): bump github.com/imdario/mergo from 0.3.12 to 0.3.13
- build(deps): bump github.com/klauspost/compress from 1.15.4 to 1.15.5
- build(deps): bump github.com/sylabs/sif/v2 from 2.7.0 to 2.7.1
- build(deps): bump github.com/klauspost/compress from 1.15.5 to 1.15.6
- build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
- build(deps): bump github.com/docker/docker
- build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4
- build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
- build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
- build(deps): bump github.com/klauspost/compress from 1.15.6 to 1.15.7
- build(deps): bump github.com/proglottis/gpgme from 0.1.2 to 0.1.3
- build(deps): bump github.com/klauspost/compress from 1.15.7 to 1.15.8
- build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
- build(deps): bump github.com/theupdateframework/go-tuf
- build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0