Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
copy.Image can now copy non-image OCI artifacts. Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only). Now requires Go 1.17. GPGMe now must be new enough to be visible via pkg-config. github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is} might need to be used instead of pkg/errors.Cause). Changes default paths on FreeBSD. - Remove unused Makefile variables - Config files should live in /usr/local on FreeBSD - docker: validate received parts - Use go env to fetch the go path - docker: add workaround for CloudFront - Improve errors messages when image missing from list - Stop calling gpgme-config - Fix codespell errors - Make sure github.com/opencontainers/runc >= 1.1.2 is used - Cirrus: use Ubuntu 22.04 LTS - Merge pull request containers#1576 from mtrmac/private-image - Merge pull request containers#1577 from mtrmac/mocks - Merge pull request containers#1571 from mtrmac/go1.17 - Merge pull request containers#1578 from mtrmac/sourced-image-struct - Fix error on parallel multiple image pullings with additionallayerstore - Merge pull request containers#1579 from mtrmac/copy-layers-refactor - Reject OCI artifacts in manifest.OCI1.ImageID - Reject OCI artifacts in manifest.OCI1.Inspect - Refuse to convert non-image OCI artifacts to Docker formats - Reject OCI artifacts in image.manifestOCI1.OCIConfig - Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image - Use an updated CI image - Use strings.ReplaceAll instead of strings.Replace(..., -1) - Move the main helper removal case to the main path on RemoveAllAuthentication - Merge pull request containers#1588 from mtrmac/pkg_errors - Merge pull request containers#1589 from mtrmac/private-dest-impls - Merge pull request containers#1590 from mtrmac/private-src-impls - Merge pull request containers#1592 from mtrmac/blobcache-wrap-private - Use "io.ReadAll" instead of "os.ReadAll" - Merge pull request containers#1596 from mtrmac/cosign-payload - Generalize copy.Image to be able to copy signatures with any format - Merge pull request containers#1593 from mtrmac/cosign-sigs - Introduce signature.Cosign as a format - Add use-cosign-attachments to registries.d/*.yaml - Add support for reading and writing Cosign attachments, incl. signatures - Merge pull request containers#1595 from mtrmac/cosign-docker - Add support for creating Cosign signatures - Fix a long-standing incorrect comment - Fix JSON syntax in the policy.json(5) man page - Correctly decode Cosign-generated payloads - Add Cosign verification support - s/sigstore/lookaside/g in comments and documentation - Refer to lookasideStorage instead of signatureStorage in code - Add lookaside and lookaside-staging, hide sigstore and sigstore-staging - Merge pull request containers#1605 from mtrmac/sigstore - Fix a typo in error messages - Remove a copy&pasted test entry - Add context to some test failures - Use more valid data in TestPRSignedByIsSignatureAuthorAccepted - Generalize keyPath/keyData exclusivity checks - Remove repetition in tests - Accept multiple keyrings in newEphemeralGPGSigningMechanism - Allow accepting multiple GPG keyrings via signedBy.keyPaths - Switch to golang native error wrapping - Point out use-sigstore-registries in sigstoreSigned documentation - Use .pub extension for public keys in sigstoreSigned examples - copy: print copy info once when writer==io.Discard - Silence a "potentially unused parameter" warning - Read signatures from UnparsedImage instead of ImageSource directly - Consolidate reading messages, and checking for support, into a helper - build(deps): bump github.com/containers/storage from 1.40.0 to 1.40.2 - build(deps): bump github.com/docker/docker - build(deps): bump github.com/klauspost/compress from 1.15.2 to 1.15.3 - build(deps): bump github.com/klauspost/compress from 1.15.3 to 1.15.4 - build(deps): bump github.com/docker/docker - build(deps): bump github.com/proglottis/gpgme from 0.1.1 to 0.1.2 - build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2 - build(deps): bump github.com/imdario/mergo from 0.3.12 to 0.3.13 - build(deps): bump github.com/klauspost/compress from 1.15.4 to 1.15.5 - build(deps): bump github.com/sylabs/sif/v2 from 2.7.0 to 2.7.1 - build(deps): bump github.com/klauspost/compress from 1.15.5 to 1.15.6 - build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 - build(deps): bump github.com/docker/docker - build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 - build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 - build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0 - build(deps): bump github.com/klauspost/compress from 1.15.6 to 1.15.7 - build(deps): bump github.com/proglottis/gpgme from 0.1.2 to 0.1.3 - build(deps): bump github.com/klauspost/compress from 1.15.7 to 1.15.8 - build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 - build(deps): bump github.com/theupdateframework/go-tuf - build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0 Signed-off-by: Miloslav Trmač <[email protected]>
- Loading branch information