containers/image
1
0
Fork 0
mirror of https://github.com/containers/image.git synced 2025-04-18 19:44:05 +03:00
Code
5,779 Commits 40 Branches 101 Tags
Commit Graph

5779 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Qi Wang
a1af69ad90 policy.json BYOPKI signature verification API 
Signed-off-by: Qi Wang <qiwan@redhat.com>
 2025-02-19 10:03:59 -05:00
Miloslav Trmač
c30cc7a547
Merge pull request #2719 from containers/renovate/golangci-golangci-lint-1.x 
Update dependency golangci/golangci-lint to v1.64.5
 2025-02-17 19:26:18 +01:00
renovate[bot]
73f20a7977
Update dependency golangci/golangci-lint to v1.64.5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-17 17:54:59 +00:00
Miloslav Trmač
35dcd38edc
Merge pull request #2720 from containers/renovate/github.com-sigstore-sigstore-1.x 
Update module github.com/sigstore/sigstore to v1.8.14
 2025-02-17 18:54:34 +01:00
renovate[bot]
0f9d1a54b4
Update module github.com/sigstore/sigstore to v1.8.14 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-15 11:03:50 +00:00
Miloslav Trmač
aa915b75e8
Merge pull request #2716 from containers/renovate/golangci-golangci-lint-1.x 
Update dependency golangci/golangci-lint to v1.64.4
 2025-02-13 01:43:52 +01:00
renovate[bot]
68166ea3af
Update dependency golangci/golangci-lint to v1.64.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-12 23:40:59 +00:00
Miloslav Trmač
eb1b51e314
Merge pull request #2715 from containers/renovate/golangci-golangci-lint-1.x 
Update dependency golangci/golangci-lint to v1.64.3
 2025-02-13 00:40:29 +01:00
renovate[bot]
17d7b76b2a
Update dependency golangci/golangci-lint to v1.64.3 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-12 20:53:56 +00:00
Miloslav Trmač
904a727070
Merge pull request #2697 from containers/renovate/github.com-sigstore-rekor-1.x 
Update module github.com/sigstore/rekor to v1.3.9
 2025-02-12 21:53:14 +01:00
renovate[bot]
fb22c013dd
Update module github.com/sigstore/rekor to v1.3.9 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-12 20:29:46 +00:00
Miloslav Trmač
7d81a8ff71
Merge pull request #2711 from containers/renovate/github.com-vbauerster-mpb-v8-8.x 
Update module github.com/vbauerster/mpb/v8 to v8.9.2
 2025-02-12 21:28:42 +01:00
renovate[bot]
cb5f088a29
Update module github.com/vbauerster/mpb/v8 to v8.9.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-12 19:56:46 +00:00
Miloslav Trmač
4d3c482dd0
Merge pull request #2712 from containers/renovate/golang.org-x-crypto-0.x 
Update module golang.org/x/crypto to v0.33.0
 2025-02-12 20:55:34 +01:00
renovate[bot]
708576d4a7
Update module golang.org/x/crypto to v0.33.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-12 15:53:53 +00:00
Miloslav Trmač
e7feaf5bb0
Merge pull request #2714 from Luap99/reflink 
use new ReflinkOrCopy() from c/storage
 2025-02-12 16:52:21 +01:00
Miloslav Trmač
6d26de0daa
Merge pull request #2695 from brbayes-msft/brbayes/docker-media-types 
Add docker media types in OCI formats
 2025-02-12 16:49:04 +01:00
Paul Holzinger
090def9b54
use new ReflinkOrCopy() from c/storage 
c/storage now exposes the same function in pkg/fileutils[1] so use that
and rmeove the internal package to avoid duplication.

[1] 3f4b77d388

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-02-12 11:18:40 +01:00
Paul Holzinger
b6c644f06b
update c/storage to latest main 
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-02-12 11:18:30 +01:00
Brandyn Bayes
5771973764 Add docker media types in OCI formats 
Signed-off-by: Brandyn Bayes <brbayes@microsoft.com>
 2025-02-11 15:30:56 -08:00
Miloslav Trmač
8d501c721b
Merge pull request #2708 from containers/renovate/golang.org-x-term-0.x 
Update module golang.org/x/term to v0.29.0
 2025-02-08 03:34:25 +01:00
renovate[bot]
d234825300
Update module golang.org/x/term to v0.29.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-08 02:11:35 +00:00
Miloslav Trmač
83521564e7
Merge pull request #2707 from containers/renovate/golang.org-x-sys-0.x 
Update module golang.org/x/sys to v0.30.0
 2025-02-08 03:10:08 +01:00
renovate[bot]
ca7ec145af
Update module golang.org/x/sys to v0.30.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-08 01:32:47 +00:00
Miloslav Trmač
637dba9358
Merge pull request #2706 from containers/renovate/golang.org-x-sync-0.x 
Update module golang.org/x/sync to v0.11.0
 2025-02-08 02:31:15 +01:00
renovate[bot]
17324b583c
Update module golang.org/x/sync to v0.11.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-08 00:13:31 +00:00
Miloslav Trmač
92a1cdf983
Merge pull request #2705 from containers/renovate/golang.org-x-oauth2-0.x 
Update module golang.org/x/oauth2 to v0.26.0
 2025-02-08 01:12:21 +01:00
renovate[bot]
64e396f149
Update module golang.org/x/oauth2 to v0.26.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-04 17:24:39 +00:00
Miloslav Trmač
bdbd79ec2f
Merge pull request #2703 from containers/renovate/major-ci-vm-image 
Update dependency containers/automation_images to v20250131
 2025-02-03 23:31:58 +01:00
renovate[bot]
76f34af00c
Update dependency containers/automation_images to v20250131 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-02-03 17:25:06 +00:00
Miloslav Trmač
7bcadcb156
Merge pull request #2699 from containers/renovate/github.com-vbatts-tar-split-0.x 
Update module github.com/vbatts/tar-split to v0.12.1
 2025-01-31 21:06:06 +01:00
renovate[bot]
b0756726c5
Update module github.com/vbatts/tar-split to v0.12.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-31 13:48:43 +00:00
Miloslav Trmač
46ec7937d7
Merge pull request #2700 from TomSweeneyRedHat/dev/tsweeney/v5.34.0 
Bump c/storage to v1.57.1, c/image to v5.34.0, then to v5.35.0-dev
 2025-01-31 14:47:40 +01:00
tomsweeneyredhat
51a5d96532 Bump to c/image v5.34.0 
Bump to c/image v5.34.0 in preparation for Podman v5.4

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
v5.34.0 		2025-01-30 17:51:14 -05:00
tomsweeneyredhat
46ad33b51a Bump to c/image v5.35.0-dev 
Bump c/image back to a dev version, v5.35.0-dev

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2025-01-30 17:51:14 -05:00
tomsweeneyredhat
771660e099 Bump c/storage to v1.57.1 
Bumping c/storage to v1.57.1 in preparation for Podman v5.4.

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2025-01-30 17:50:44 -05:00
Miloslav Trmač
7f0e59d15a
Merge pull request #2696 from Luap99/ENOENT 
ignore ENOENT errors when parsing .d files
 2025-01-27 21:50:30 +01:00
Paul Holzinger
3f17e2e843
ignore ENOENT errors when parsing .crt files 
As always listing files in a dir to then read them is racy as the file
might have been removed in the meantime. Thus we must ignore ENOENT
errors when the file is opened.

Now here the code already did not cause an hard error but it will cause
a spurious warning in such case. There is really no need to log that as
it can cause flakes for podman.

Now there is the case here for .cert and .key files where both files
must be present for a valid config. Ignoring ENOENT there seems wrong as
it would hide a common misconfiguration where only one of the files
exists. That mean the race can still cause a failure when these files
are removed from the dir.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-01-27 18:40:55 +01:00
Paul Holzinger
c9771a80f7
ignore ENOENT errors when parsing registries.conf.d files 
As always listing files in a dir to then read them is racy as the file
might have been removed in the meantime. Thus we must ignore ENOENT
errors when the file is opened.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-01-27 18:26:49 +01:00
Paul Holzinger
1294122947
ignore ENOENT errors when parsing registries.d files 
As always listing files in a dir to then read them is racy as the file
might have been removed in the meantime. Thus we must ignore ENOENT
errors when the file is opened.

This is not just a theoretical problem, the reason I am here is because
it caused a flake in the podman CI[1]:
... open /etc/containers/registries.d/podman-test-only-temporary-addition.yaml: no such file or directory

[1] https://api.cirrus-ci.com/v1/artifact/task/6673405799301120/html/int-podman-fedora-40-root-host-boltdb.log.html#t--Podman-push-podman-push-to-local-registry-with-authorization--1

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-01-27 18:26:40 +01:00
Miloslav Trmač
b5c6aff95c
Merge pull request #2693 from containers/renovate/github.com-docker-docker-27.x 
Update module github.com/docker/docker to v27.5.1+incompatible
 2025-01-23 00:36:52 +01:00
renovate[bot]
1683fc262b
Update module github.com/docker/docker to v27.5.1+incompatible 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-22 20:14:20 +00:00
Miloslav Trmač
16f7e1e0e1
Merge pull request #2692 from containers/renovate/github.com-docker-cli-27.x 
Update module github.com/docker/cli to v27.5.1+incompatible
 2025-01-22 21:13:36 +01:00
renovate[bot]
30f0d87dbe
Update module github.com/docker/cli to v27.5.1+incompatible 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-01-22 19:36:01 +00:00
Miloslav Trmač
b10f5bdaa7
Merge pull request #2691 from mtrmac/into-main 
Merge tag 'v5.33.1' into `main`
 2025-01-22 20:35:21 +01:00
Miloslav Trmač
9400a7d191 Merge tag 'v5.33.1' into into-main 
... so that Go understands the main branch is ahead.
 2025-01-22 20:03:53 +01:00
Colin Walters
a45ebe065b
Merge pull request #2689 from mtrmac/validate-sigstore-digests 
Validate digests of data downloaded while fetching sigstore attachments
 2025-01-21 18:16:49 -05:00
Miloslav Trmač
ccd291ec72 Validate digests of data downloaded while fetching sigstore attachments 
This is not a security vulnerability because the registry can just as well
send a manifest modified to match, but doing this correctly protects us
in case this function were used for other purposes in the future.

Fixes #2687.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2025-01-21 22:53:05 +01:00
Miloslav Trmač
77582bba67
Merge pull request #2613 from mtrmac/wip-authentic 
Expect UncompressedDigest to be set for partial pulls, enforce DiffID match
 2025-01-21 22:47:14 +01:00
Miloslav Trmač
2e79eabb43 Enforce that DiffID of a layer matches the config 
- If a layer has a TOC digest (i.e. could possibly be pulled partially),
  and c/storage has computed the uncompressed digest, require that
  the config's RootFS.DiffIDs exists and matches. This fixes the
  "view ambiguity" of partially-pulled layers.
- For _all_ layers, if RootFS.DiffIDs exists and we know the layer's
  uncompressed digest, also require the RootFS.DiffIDs value to match.
  This might be a compatibility break, but Docker requires these
  values anyway.
- We happen to allow setting DiffIDs to empty values, if the layer does
  not have a TOC digest (so there is no risk of "view ambiguity").

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2025-01-21 22:13:32 +01:00