Hello community,
here is the log from the commit of package libcontainers-common for
openSUSE:Factory checked in at 2020-07-30 09:58:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcontainers-common (Old)
and /work/SRC/openSUSE:Factory/.libcontainers-common.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcontainers-common"
Thu Jul 30 09:58:12 2020 rev:26 rq:823346 version:20200727
Changes:
--------
---
/work/SRC/openSUSE:Factory/libcontainers-common/libcontainers-common.changes
2020-06-23 21:03:34.525645218 +0200
+++
/work/SRC/openSUSE:Factory/.libcontainers-common.new.3592/libcontainers-common.changes
2020-07-30 09:59:11.407176310 +0200
@@ -1,0 +2,18 @@
+Tue Jul 28 13:22:02 UTC 2020 - Ralf Haferkamp <[email protected]>
+
+- Added containers/common tarball for containers.conf(5) man page
+- Install containers.conf default configuration in
+ /usr/share/containers
+- libpod repository on github got renamed to podman
+- Update to image 5.5.1
+ - Add documentation for credHelpera
+ - Add defaults for using the rootless policy path
+- Update libpod/podman to 2.0.3
+ - docs: user namespace can't be shared in pods
+ - Switch references from libpod.conf to containers.conf
+ - Allow empty host port in --publish flag
+ - update document login see config.json as valid
+- Update storage to 1.20.2
+ - Add back skip_mount_home
+
+-------------------------------------------------------------------
Old:
----
image-5.4.4.tar.xz
libpod-1.9.3.tar.xz
storage-1.19.1.tar.xz
New:
----
common-0.14.6.tar.xz
containers.conf
image-5.5.1.tar.xz
podman-2.0.3.tar.xz
storage-1.20.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcontainers-common.spec ++++++
--- /var/tmp/diff_new_pack.WBbXXo/_old 2020-07-30 09:59:27.019190307 +0200
+++ /var/tmp/diff_new_pack.WBbXXo/_new 2020-07-30 09:59:27.023190310 +0200
@@ -15,17 +15,20 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
-# libpodver - version from containers/libpod
-%define libpodver 1.9.3
+# commonver - version from containers/common
+%define commonver 0.14.6
+
+# podman - version from containers/podman
+%define podmanver 2.0.3
# storagever - version from containers/storage
-%define storagever 1.19.1
+%define storagever 1.20.2
# imagever - version from containers/image
-%define imagever 5.4.4
+%define imagever 5.5.1
Name: libcontainers-common
-Version: 20200603
+Version: 20200727
Release: 0
Summary: Configuration files common to github.com/containers
License: Apache-2.0 and GPL-3.0+
@@ -38,8 +41,10 @@
Source4: storage.conf
Source5: mounts.conf
Source6: registries.conf
-Source7: libpod-%{libpodver}.tar.xz
+Source7: podman-%{podmanver}.tar.xz
Source8: default.yaml
+Source9: common-%{commonver}.tar.xz
+Source10: containers.conf
BuildRequires: go-go-md2man
Provides: libcontainers-image
Provides: libcontainers-storage
@@ -56,7 +61,8 @@
%prep
%setup -q -T -D -b 0 -n image-%{imagever}
%setup -q -T -D -b 1 -n storage-%{storagever}
-%setup -q -T -D -b 7 -n libpod-%{libpodver}
+%setup -q -T -D -b 7 -n podman-%{podmanver}
+%setup -q -T -D -b 9 -n common-%{commonver}
# copy the LICENSE file in the build root
cd ..
cp %{SOURCE2} .
@@ -82,12 +88,16 @@
rename '.5.md' '.5' docs/*
rename '.md' '.1' docs/*
cd ..
-# compile subset of containers/libpod manpages
-cd libpod-%{libpodver}
+# compile subset of containers/podman manpages
+cd podman-%{podmanver}
go-md2man -in docs/source/markdown/containers-mounts.conf.5.md -out
docs/source/markdown/containers-mounts.conf.5
go-md2man -in pkg/hooks/docs/oci-hooks.5.md -out pkg/hooks/docs/oci-hooks.5
cd ..
+cd common-%{commonver}
+make docs
+cd ..
+
%install
cd ..
install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers
@@ -101,8 +111,9 @@
install -D -m 0644 %{SOURCE5}
%{buildroot}/%{_sysconfdir}/containers/mounts.conf
install -D -m 0644 %{SOURCE6}
%{buildroot}/%{_sysconfdir}/containers/registries.conf
install -D -m 0644 %{SOURCE8}
%{buildroot}/%{_sysconfdir}/containers/registries.d/default.yaml
-install -D -m 0644 libpod-%{libpodver}/seccomp.json
%{buildroot}/%{_datadir}/containers/seccomp.json
-install -D -m 0644 libpod-%{libpodver}/seccomp.json
%{buildroot}/%{_sysconfdir}/containers/seccomp.json
+install -D -m 0644 %{SOURCE10}
%{buildroot}/%{_datadir}/containers/containers.conf
+install -D -m 0644 podman-%{podmanver}/seccomp.json
%{buildroot}/%{_datadir}/containers/seccomp.json
+install -D -m 0644 podman-%{podmanver}/seccomp.json
%{buildroot}/%{_sysconfdir}/containers/seccomp.json
install -d %{buildroot}/%{_mandir}/man1
install -d %{buildroot}/%{_mandir}/man5
@@ -110,8 +121,9 @@
install -D -m 0644 image-%{imagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/
install -D -m 0644 storage-%{storagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/
install -D -m 0644 storage-%{storagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/
-install -D -m 0644 libpod-%{libpodver}/pkg/hooks/docs/oci-hooks.5
%{buildroot}/%{_mandir}/man5/
-install -D -m 0644
libpod-%{libpodver}/docs/source/markdown/containers-mounts.conf.5
%{buildroot}/%{_mandir}/man5/
+install -D -m 0644 podman-%{podmanver}/pkg/hooks/docs/oci-hooks.5
%{buildroot}/%{_mandir}/man5/
+install -D -m 0644
podman-%{podmanver}/docs/source/markdown/containers-mounts.conf.5
%{buildroot}/%{_mandir}/man5/
+install -D -m 0644 common-%{commonver}/docs/containers.conf.5
%{buildroot}/%{_mandir}/man5/
%post
# If installing, check if /var/lib/containers (or /var/lib in its defect) is
btrfs and set driver
@@ -140,6 +152,7 @@
%config(noreplace) %{_sysconfdir}/containers/seccomp.json
%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
%{_datadir}/containers/seccomp.json
+%{_datadir}/containers/containers.conf
%{_mandir}/man1/*.1%{?ext_man}
%{_mandir}/man5/*.5%{?ext_man}
++++++ _service ++++++
--- /var/tmp/diff_new_pack.WBbXXo/_old 2020-07-30 09:59:27.095190375 +0200
+++ /var/tmp/diff_new_pack.WBbXXo/_new 2020-07-30 09:59:27.095190375 +0200
@@ -4,24 +4,32 @@
<param name="url">https://github.com/containers/storage.git</param>
<param name="scm">git</param>
<param name="filename">storage</param>
-<param name="versionformat">1.19.1</param>
-<param name="revision">v1.19.1</param>
+<param name="versionformat">1.20.2</param>
+<param name="revision">v1.20.2</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/containers/image.git</param>
<param name="scm">git</param>
<param name="filename">image</param>
-<param name="versionformat">5.4.4</param>
-<param name="revision">v5.4.4</param>
+<param name="versionformat">5.5.1</param>
+<param name="revision">v5.5.1</param>
</service>
<service name="tar_scm" mode="disabled">
-<param name="url">https://github.com/containers/libpod.git</param>
+<param name="url">https://github.com/containers/podman.git</param>
<param name="scm">git</param>
-<param name="filename">libpod</param>
-<param name="versionformat">1.9.3</param>
-<param name="revision">v1.9.3</param>
+<param name="filename">podman</param>
+<param name="versionformat">2.0.3</param>
+<param name="revision">v2.0.3</param>
+</service>
+
+<service name="tar_scm" mode="disabled">
+<param name="url">https://github.com/containers/common.git</param>
+<param name="scm">git</param>
+<param name="filename">common</param>
+<param name="versionformat">0.14.6</param>
+<param name="revision">v0.14.6</param>
</service>
<service name="recompress" mode="disabled">
++++++ containers.conf ++++++
# The containers configuration file specifies all of the available configuration
# command-line options/flags for container engine tools like Podman & Buildah,
# but in a TOML format that can be easily modified and versioned.
# Please refer to containers.conf(5) for details of all configuration options.
# Not all container engines implement all of the options.
# All of the options have hard coded defaults and these options will override
# the built in defaults. Users can then override these options via the command
# line. Container engines will read containers.conf files in up to three
# locations in the following order:
# 1. /usr/share/containers/containers.conf
# 2. /etc/containers/containers.conf
# 3. $HOME/.config/containers/containers.conf (Rootless containers ONLY)
# Items specified in the latter containers.conf, if they exist, override the
# previous containers.conf settings, or the default settings.
[containers]
# List of devices. Specified as
# "<device-on-host>:<device-on-container>:<permissions>", for example:
# "/dev/sdc:/dev/xvdc:rwm".
# If it is empty or commented out, only the default devices will be used
#
# devices = []
# List of volumes. Specified as
# "<directory-on-host>:<directory-in-container>:<options>", for example:
# "/db:/var/lib/db:ro".
# If it is empty or commented out, no volumes will be added
#
# volumes = []
# Used to change the name of the default AppArmor profile of container engine.
#
# apparmor_profile = "container-default"
# List of annotation. Specified as
# "key=value"
# If it is empty or commented out, no annotations will be added
#
# annotations = []
# Default way to to create a cgroup namespace for the container
# Options are:
# `private` Create private Cgroup Namespace for the container.
# `host` Share host Cgroup Namespace with the container.
#
# cgroupns = "private"
# Control container cgroup configuration
# Determines whether the container will create CGroups.
# Options are:
# `enabled` Enable cgroup support within container
# `disabled` Disable cgroup support, will inherit cgroups from parent
# `no-conmon` Container engine runs run without conmon
#
# cgroups = "enabled"
# List of default capabilities for containers. If it is empty or commented out,
# the default capabilities defined in the container engine will be added.
#
# default_capabilities = [
# "AUDIT_WRITE",
# "CHOWN",
# "DAC_OVERRIDE",
# "FOWNER",
# "FSETID",
# "KILL",
# "MKNOD",
# "NET_BIND_SERVICE",
# "NET_RAW",
# "SETGID",
# "SETPCAP",
# "SETUID",
# "SYS_CHROOT",
# ]
# A list of sysctls to be set in containers by default,
# specified as "name=value",
# for example:"net.ipv4.ping_group_range = 0 1000".
#
# default_sysctls = [
# "net.ipv4.ping_group_range=0 1000",
# ]
# A list of ulimits to be set in containers by default, specified as
# "<ulimit name>=<soft limit>:<hard limit>", for example:
# "nofile=1024:2048"
# See setrlimit(2) for a list of resource names.
# Any limit not specified here will be inherited from the process launching the
# container engine.
# Ulimits has limits for non privileged container engines.
#
# default_ulimits = [
# "nofile"="1280:2560",
# ]
# List of default DNS options to be added to /etc/resolv.conf inside of the
container.
#
# dns_options = []
# List of default DNS search domains to be added to /etc/resolv.conf inside of
the container.
#
# dns_searches = []
# Set default DNS servers.
# This option can be used to override the DNS configuration passed to the
# container. The special value "none" can be specified to disable creation of
# /etc/resolv.conf in the container.
# The /etc/resolv.conf file in the image will be used without changes.
#
# dns_servers = []
# Environment variable list for the conmon process; used for passing necessary
# environment variables to conmon or the runtime.
#
# env = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
# ]
# Pass all host environment variables into the container.
#
# env_host = false
# Path to OCI hooks directories for automatically executed hooks.
#
# hooks_dir = [
# "/usr/share/containers/oci/hooks.d",
# ]
# Default proxy environment variables passed into the container.
# The environment variables passed in include:
# http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of
# these. This option is needed when host system uses a proxy but container
# should not use proxy. Proxy environment variables specified for the container
# in any other way will override the values passed from the host.
#
# http_proxy = true
# Run an init inside the container that forwards signals and reaps processes.
#
# init = false
# Container init binary, if init=true, this is the init binary to be used for
containers.
#
init_path = "/usr/bin/catatonit"
# Default way to to create an IPC namespace (POSIX SysV IPC) for the container
# Options are:
# `private` Create private IPC Namespace for the container.
# `host` Share host IPC Namespace with the container.
#
# ipcns = "private"
# Flag tells container engine to whether to use container separation using
# MAC(SELinux)labeling or not.
# Flag is ignored on label disabled systems.
#
# label = true
# Logging driver for the container. Available options: k8s-file and journald.
#
# log_driver = "k8s-file"
# Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or
# exceed conmon's read buffer. The file is truncated and re-opened so the
# limit is never exceeded.
#
# log_size_max = -1
# Default way to to create a Network namespace for the container
# Options are:
# `private` Create private Network Namespace for the container.
# `host` Share host Network Namespace with the container.
# `none` Containers do not use the network
#
# netns = "private"
# Create /etc/hosts for the container. By default, container engine manage
# /etc/hosts, automatically adding the container's own IP address.
#
# no_hosts = false
# Maximum number of processes allowed in a container.
#
# pids_limit = 2048
# Default way to to create a PID namespace for the container
# Options are:
# `private` Create private PID Namespace for the container.
# `host` Share host PID Namespace with the container.
#
# pidns = "private"
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
#
# seccomp_profile = "/usr/share/containers/seccomp.json"
# Size of /dev/shm. Specified as <number><unit>.
# Unit is optional, values:
# b (bytes), k (kilobytes), m (megabytes), or g (gigabytes).
# If the unit is omitted, the system uses bytes.
#
# shm_size = "65536k"
# Set timezone in container. Takes IANA timezones as well as "local",
# which sets the timezone in the container to match the host machine.
#
# tz = ""
# Set umask inside the container
#
# umask="0022"
# Default way to to create a UTS namespace for the container
# Options are:
# `private` Create private UTS Namespace for the container.
# `host` Share host UTS Namespace with the container.
#
# utsns = "private"
# Default way to to create a User namespace for the container
# Options are:
# `auto` Create unique User Namespace for the container.
# `host` Share host User Namespace with the container.
#
# userns = "host"
# Number of UIDs to allocate for the automatic container creation.
# UIDs are allocated from the "container" UIDs listed in
# /etc/subuid & /etc/subgid
#
# userns_size=65536
# The network table contains settings pertaining to the management of
# CNI plugins.
[network]
# Path to directory where CNI plugin binaries are located.
#
cni_plugin_dirs = ["/usr/lib/cni"]
# Path to the directory where CNI configuration files are located.
#
# network_config_dir = "/etc/cni/net.d/"
[engine]
# Cgroup management implementation used for the runtime.
# Valid options "systemd" or "cgroupfs"
#
# cgroup_manager = "systemd"
# Environment variables to pass into conmon
#
# conmon_env_vars = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# ]
# Paths to look for the conmon container manager binary
#
# conmon_path = [
# "/usr/libexec/podman/conmon",
# "/usr/local/libexec/podman/conmon",
# "/usr/local/lib/podman/conmon",
# "/usr/bin/conmon",
# "/usr/sbin/conmon",
# "/usr/local/bin/conmon",
# "/usr/local/sbin/conmon"
# ]
# Specify the keys sequence used to detach a container.
# Format is a single character [a-Z] or a comma separated sequence of
# `ctrl-<value>`, where `<value>` is one of:
# `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
#
# detach_keys = "ctrl-p,ctrl-q"
# Determines whether engine will reserve ports on the host when they are
# forwarded to containers. When enabled, when ports are forwarded to containers,
# ports are held open by as long as the container is running, ensuring that
# they cannot be reused by other programs on the host. However, this can cause
# significant memory usage if a container has many ports forwarded to it.
# Disabling this can save memory.
#
# enable_port_reservation = true
# Environment variables to be used when running the container engine (e.g.,
Podman, Buildah).
# For example "http_proxy=internal.proxy.company.com".
# Note these environment variables will not be used within the container.
# Set the env section under [containers] table, if you want to set environment
variables for the container.
# env = []
# Selects which logging mechanism to use for container engine events.
# Valid values are `journald`, `file` and `none`.
#
# events_logger = "journald"
# Default transport method for pulling and pushing for images
#
# image_default_transport = "docker://"
# Default command to run the infra container
#
# infra_command = "/pause"
# Infra (pause) container image name for pod infra containers. When running a
# pod, we start a `pause` process in a container to hold open the namespaces
# associated with the pod. This container does nothing other then sleep,
# reserving the pods resources for the lifetime of the pod.
#
# infra_image = "k8s.gcr.io/pause:3.2"
# Specify the locking mechanism to use; valid values are "shm" and "file".
# Change the default only if you are sure of what you are doing, in general
# "file" is useful only on platforms where cgo is not available for using the
# faster "shm" lock type. You may need to run "podman system renumber" after
# you change the lock type.
#
# lock_type** = "shm"
# Default engine namespace
# If engine is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
# pods in that namespace.
# The default namespace is "", which corresponds to no namespace. When no
# namespace is set, all containers and pods are visible.
#
# namespace = ""
# Whether to use chroot instead of pivot_root in the runtime
#
# no_pivot_root = false
# Number of locks available for containers and pods.
# If this is changed, a lock renumber must be performed (e.g. with the
# 'podman system renumber' command).
#
# num_locks = 2048
# Whether to pull new image before running a container
# pull_policy = "missing"
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage
# stores containers
# Uncomment to change location from this default
#
# static_dir = "/var/lib/containers/storage/libpod"
# Directory for temporary files. Must be tmpfs (wiped after reboot)
#
# tmp_dir = "/var/run/libpod"
# Directory for libpod named volumes.
# By default, this will be configured relative to where containers/storage
# stores containers.
# Uncomment to change location from this default.
#
# volume_path = "/var/lib/containers/storage/volumes"
# Default OCI runtime
#
# runtime = "runc"
# List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors.
#
# runtime_supports_json = ["crun", "runc", "kata"]
# List of the OCI runtimes that supports running containers without cgroups.
#
# runtime_supports_nocgroups = ["crun"]
# List of the OCI runtimes that supports running containers with KVM Separation.
#
# runtime_supports_kvm = ["kata"]
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
# Index to the active service
# active_service = production
# map of service destinations
# [service_destinations]
# [service_destinations.production]
# URI to access the Podman service
# Examples:
# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
# rootfull "unix://run/podman/podman.sock (Default)
# remote rootless
ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://[email protected]:22/run/podman/podman.sock
# uri="ssh://[email protected]/run/user/1001/podman/podman.sock"
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
[engine.runtimes]
# runc = [
# "/usr/bin/runc",
# "/usr/sbin/runc",
# "/usr/local/bin/runc",
# "/usr/local/sbin/runc",
# "/sbin/runc",
# "/bin/runc",
# "/usr/lib/cri-o-runc/sbin/runc",
# ]
# crun = [
# "/usr/bin/crun",
# "/usr/sbin/crun",
# "/usr/local/bin/crun",
# "/usr/local/sbin/crun",
# "/sbin/crun",
# "/bin/crun",
# "/run/current-system/sw/bin/crun",
# ]
# kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
# "/usr/local/bin/kata-runtime",
# "/usr/local/sbin/kata-runtime",
# "/sbin/kata-runtime",
# "/bin/kata-runtime",
# "/usr/bin/kata-qemu",
# "/usr/bin/kata-fc",
# ]
# The [engine.runtimes] table MUST be the last entry in this file.
# (Unless another table is added)
# TOML does not provide a way to end a table other than a further table being
# defined, so every key hereafter will be part of [runtimes] and not the main
# config.
++++++ image-5.4.4.tar.xz -> image-5.5.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/SECURITY.md new/image-5.5.1/SECURITY.md
--- old/image-5.4.4/SECURITY.md 1970-01-01 01:00:00.000000000 +0100
+++ new/image-5.5.1/SECURITY.md 2020-06-17 16:47:38.000000000 +0200
@@ -0,0 +1,3 @@
+## Security and Disclosure Information Policy for the image Project
+
+The image Project follows the [Security and Disclosure Information
Policy](https://github.com/containers/common/blob/master/SECURITY.md) for the
Containers Projects.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/copy/copy.go new/image-5.5.1/copy/copy.go
--- old/image-5.4.4/copy/copy.go 2020-05-11 13:50:05.000000000 +0200
+++ new/image-5.5.1/copy/copy.go 2020-06-17 16:47:38.000000000 +0200
@@ -659,7 +659,7 @@
// With !ic.canModifyManifest, that would just be a string of
repeated failures for the same reason,
// so let’s bail out early and with a better error message.
if !ic.canModifyManifest {
- return nil, "", "", errors.Wrap(err, "Writing manifest
failed (and converting it is not possible)")
+ return nil, "", "", errors.Wrap(err, "Writing manifest
failed (and converting it is not possible, image is signed or the destination
specifies a digest)")
}
// errs is a list of errors when trying various manifest types.
Also serves as an "upload succeeded" flag when set to nil.
@@ -757,7 +757,7 @@
}
if !ic.canModifyManifest {
- return errors.Errorf("Copying a schema1 image with an embedded
Docker reference to %s (Docker reference %s) would invalidate existing
signatures. Explicitly enable signature removal to proceed anyway",
+ return errors.Errorf("Copying a schema1 image with an embedded
Docker reference to %s (Docker reference %s) would change the manifest, which
is not possible (image is signed or the destination specifies a digest)",
transports.ImageName(ic.c.dest.Reference()),
destRef.String())
}
ic.manifestUpdates.EmbeddedDockerReference = destRef
@@ -784,7 +784,7 @@
// If we only need to check authorization, no updates required.
if updatedSrcInfos != nil && !reflect.DeepEqual(srcInfos,
updatedSrcInfos) {
if !ic.canModifyManifest {
- return errors.Errorf("Internal error: copyLayers()
needs to use an updated manifest but that was known to be forbidden")
+ return errors.Errorf("Copying this image requires
changing layer representation, which is not possible (image is signed or the
destination specifies a digest)")
}
srcInfos = updatedSrcInfos
srcInfosUpdated = true
@@ -1060,6 +1060,14 @@
logrus.Debugf("Skipping blob %s (already present):",
srcInfo.Digest)
bar := ic.c.createProgressBar(pool, srcInfo, "blob",
"skipped: already exists")
bar.SetTotal(0, true)
+
+ // Throw an event that the layer has been skipped
+ if ic.c.progress != nil && ic.c.progressInterval > 0 {
+ ic.c.progress <- types.ProgressProperties{
+ Event: types.ProgressEventSkipped,
+ Artifact: srcInfo,
+ }
+ }
return blobInfo, cachedDiffID, nil
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/docker/docker_image_src.go
new/image-5.5.1/docker/docker_image_src.go
--- old/image-5.4.4/docker/docker_image_src.go 2020-05-11 13:50:05.000000000
+0200
+++ new/image-5.5.1/docker/docker_image_src.go 2020-06-17 16:47:38.000000000
+0200
@@ -190,6 +190,7 @@
if err != nil {
return nil, "", err
}
+ logrus.Debugf("Content-Type from manifest GET is %q",
res.Header.Get("Content-Type"))
defer res.Body.Close()
if res.StatusCode != http.StatusOK {
return nil, "", errors.Wrapf(client.HandleErrorResponse(res),
"Error reading manifest %s in %s", tagOrDigest, s.physicalRef.ref.Name())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/docs/containers-auth.json.5.md
new/image-5.5.1/docs/containers-auth.json.5.md
--- old/image-5.4.4/docs/containers-auth.json.5.md 2020-05-11
13:50:05.000000000 +0200
+++ new/image-5.5.1/docs/containers-auth.json.5.md 2020-06-17
16:47:38.000000000 +0200
@@ -5,15 +5,16 @@
# DESCRIPTION
-A credentials file stored at `${XDG_RUNTIME_DIR}/containers/auth.json` in
-json format used to authenticate against container image registries.
+A credentials file in JSON format used to authenticate against container image
registries.
+On Linux it is stored at `${XDG_RUNTIME_DIR}/containers/auth.json`;
+on Windows and macOS, at `$HOME/.config/containers/auth.json`
## FORMAT
The auth.json file stores encrypted authentication information for the
user to container image registries. The file can have zero to many entries and
-is created by a `login` command from a container tool such as `podman login` or
-`buildah login`. Each entry includes the name of the registry and then an auth
+is created by a `login` command from a container tool such as `podman login`,
+`buildah login` or `skopeo login`. Each entry includes the name of the
registry and then an auth
token in the form of a base64 encoded string from the concatenation of the
username, a colon, and the password.
@@ -36,8 +37,28 @@
An entry can be removed by using a `logout` command from a container
tool such as `podman logout` or `buildah logout`.
+In addition, credential helpers can be configured for specific registries and
the credentials-helper
+software can be used to manage the credentials in a more secure way than
depending on the base64 encoded authentication
+provided by `login`. If the credential helpers are configured for specific
registries, the base64 encoded authentication will not be used
+for operations concerning credentials of the specified registries.
+
+When the credential helper is in use on a Linux platform, the auth.json file
would contain keys that specify the registry domain, and values that specify
the suffix of the program to use (i.e. everything after docker-credential-).
For example:
+
+```
+{
+ "auths": {
+ "localhost:5001": {}
+ },
+ "credHelpers": {
+ "registry.example.com": "secretservice"
+ }
+}
+```
+
+For more information on credential helpers, please reference the [GitHub
docker-credential-helpers
project](https://github.com/docker/docker-credential-helpers/releases).
+
# SEE ALSO
- buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1)
+ buildah-login(1), buildah-logout(1), podman-login(1), podman-logout(1),
skopeo-login(1), skopeo-logout(1)
# HISTORY
Feb 2020, Originally compiled by Tom Sweeney <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/docs/containers-policy.json.5.md
new/image-5.5.1/docs/containers-policy.json.5.md
--- old/image-5.4.4/docs/containers-policy.json.5.md 2020-05-11
13:50:05.000000000 +0200
+++ new/image-5.5.1/docs/containers-policy.json.5.md 2020-06-17
16:47:38.000000000 +0200
@@ -10,8 +10,7 @@
Signature verification policy files are used to specify policy, e.g. trusted
keys,
applicable when deciding whether to accept an image, or individual signatures
of that image, as valid.
-The default policy is stored (unless overridden at compile-time) at
`/etc/containers/policy.json`;
-applications performing verification may allow using a different policy
instead.
+By default, the policy is read from `$HOME/.config/containers/policy.json`, if
it exists, otherwise from `/etc/containers/policy.json`; applications
performing verification may allow using a different policy instead.
## FORMAT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/go.mod new/image-5.5.1/go.mod
--- old/image-5.4.4/go.mod 2020-05-11 13:50:05.000000000 +0200
+++ new/image-5.5.1/go.mod 2020-06-17 16:47:38.000000000 +0200
@@ -8,7 +8,7 @@
github.com/BurntSushi/toml v0.3.1
github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b
github.com/containers/ocicrypt v1.0.2
- github.com/containers/storage v1.19.1
+ github.com/containers/storage v1.20.2
github.com/docker/distribution v2.7.1+incompatible
github.com/docker/docker v1.4.2-0.20191219165747-a9416c67da9f
github.com/docker/docker-credential-helpers v0.6.3
@@ -16,33 +16,30 @@
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 //
indirect
github.com/ghodss/yaml v1.0.0
- github.com/gogo/protobuf v1.3.1 // indirect
github.com/gorilla/mux v1.7.4 // indirect
github.com/imdario/mergo v0.3.9
- github.com/klauspost/compress v1.10.5
- github.com/klauspost/pgzip v1.2.3
- github.com/kr/pretty v0.1.0 // indirect
+ github.com/klauspost/compress v1.10.8
+ github.com/klauspost/pgzip v1.2.4
github.com/morikuni/aec v1.0.0 // indirect
github.com/mtrmac/gpgme v0.1.2
- github.com/opencontainers/go-digest v1.0.0-rc1
+ github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec
v1.0.2-0.20190823105129-775207bd45b6
- github.com/opencontainers/selinux v1.5.1
+ github.com/opencontainers/selinux v1.5.2
github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913
github.com/pkg/errors v0.9.1
github.com/pquerna/ffjson v0.0.0-20190813045741-dac163c6c0a9 // indirect
github.com/sirupsen/logrus v1.6.0
- github.com/stretchr/testify v1.5.1
+ github.com/stretchr/testify v1.6.1
github.com/ulikunitz/xz v0.5.7
github.com/vbatts/tar-split v0.11.1
- github.com/vbauerster/mpb/v5 v5.0.4
+ github.com/vbauerster/mpb/v5 v5.2.2
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b //
indirect
github.com/xeipuuv/gojsonschema v1.2.0
go.etcd.io/bbolt v1.3.4
golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
- golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
+ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
- gopkg.in/yaml.v2 v2.2.8 // indirect
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/go.sum new/image-5.5.1/go.sum
--- old/image-5.4.4/go.sum 2020-05-11 13:50:05.000000000 +0200
+++ new/image-5.5.1/go.sum 2020-06-17 16:47:38.000000000 +0200
@@ -9,6 +9,8 @@
github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod
h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
github.com/Microsoft/hcsshim v0.8.7
h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg=
github.com/Microsoft/hcsshim v0.8.7/go.mod
h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
+github.com/Microsoft/hcsshim v0.8.9
h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk=
+github.com/Microsoft/hcsshim v0.8.9/go.mod
h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8=
github.com/VividCortex/ewma v1.1.1
h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
github.com/VividCortex/ewma v1.1.1/go.mod
h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
@@ -27,6 +29,8 @@
github.com/containerd/containerd v1.2.10/go.mod
h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69
h1:rG1clvJbgsUcmb50J82YUJhUMopWNtZvyMZjb+4fqGw=
github.com/containerd/containerd
v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod
h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
+github.com/containerd/containerd v1.3.2
h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA=
+github.com/containerd/containerd v1.3.2/go.mod
h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc
h1:TP+534wVlf61smEIq1nwLLAjQVEK2EADoW3CX9AuT+8=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod
h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod
h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
@@ -45,6 +49,12 @@
github.com/containers/storage v1.19.0/go.mod
h1:9Xc4rrTubn5hmtBfL+PSJH1XlfTQwR4VAG1NDUIpCts=
github.com/containers/storage v1.19.1
h1:YKIzOO12iaD5Ra0PKFS6emcygbHLmwmQOCQRU/19YAQ=
github.com/containers/storage v1.19.1/go.mod
h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ=
+github.com/containers/storage v1.19.2
h1:vhcUwEjDZiPJxaLPFsjvyavnEjFw6qQi9HAkVz1amfI=
+github.com/containers/storage v1.19.2/go.mod
h1:gYCp3jzgXkvubO0rI14QAjz5Mxm/qKJgLmHFyqayDnw=
+github.com/containers/storage v1.20.1
h1:2XE4eRIqSa6YjhAZjNwIkIKE6+Miy+5WV8l1KzY2ZKk=
+github.com/containers/storage v1.20.1/go.mod
h1:RoKzO8KSDogCT6c06rEbanZTcKYxshorB33JikEGc3A=
+github.com/containers/storage v1.20.2
h1:tw/uKRPDnmVrluIzer3dawTFG/bTJLP8IEUyHFhltYk=
+github.com/containers/storage v1.20.2/go.mod
h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod
h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod
h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/davecgh/go-spew v1.1.0/go.mod
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -113,8 +123,16 @@
github.com/klauspost/compress v1.10.4/go.mod
h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.10.5
h1:7q6vHIqubShURwQz8cQK6yIe/xC3IF0Vm7TGfqjewrc=
github.com/klauspost/compress v1.10.5/go.mod
h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.10.6
h1:SP6zavvTG3YjOosWePXFDlExpKIWMTO4SE/Y8MZB2vI=
+github.com/klauspost/compress v1.10.6/go.mod
h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.10.7
h1:7rix8v8GpI3ZBb0nSozFRgbtXKv+hOe+qfEpZqybrAg=
+github.com/klauspost/compress v1.10.7/go.mod
h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/klauspost/compress v1.10.8
h1:eLeJ3dr/Y9+XRfJT4l+8ZjmtB5RPJhucH2HeCV5+IZY=
+github.com/klauspost/compress v1.10.8/go.mod
h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/pgzip v1.2.3
h1:Ce2to9wvs/cuJ2b86/CKQoTYr9VHfpanYosZ0UBJqdw=
github.com/klauspost/pgzip v1.2.3/go.mod
h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
+github.com/klauspost/pgzip v1.2.4
h1:TQ7CNpYKovDOmqzRHKxJh0BeaBI7UdQZYc6p7pMQh1A=
+github.com/klauspost/pgzip v1.2.4/go.mod
h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod
h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2
h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod
h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -126,6 +144,10 @@
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod
h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/mattn/go-isatty v0.0.12
h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
+github.com/mattn/go-isatty v0.0.12/go.mod
h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-runewidth v0.0.9
h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
+github.com/mattn/go-runewidth v0.0.9/go.mod
h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-shellwords v1.0.10
h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
github.com/mattn/go-shellwords v1.0.10/go.mod
h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/matttproud/golang_protobuf_extensions v1.0.1
h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
@@ -144,6 +166,8 @@
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod
h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0-rc1
h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod
h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
+github.com/opencontainers/go-digest v1.0.0
h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod
h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.1
h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
github.com/opencontainers/image-spec v1.0.1/go.mod
h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6
h1:yN8BPXVwMBAm3Cuvh1L5XE8XpvYRMdsVLd82ILprhUU=
@@ -151,6 +175,8 @@
github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod
h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc9
h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU4LguQVtc=
github.com/opencontainers/runc v1.0.0-rc9/go.mod
h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+github.com/opencontainers/runc v1.0.0-rc90
h1:4+xo8mtWixbHoEm451+WJNUrq12o2/tDsyK9Vgc/NcA=
+github.com/opencontainers/runc v1.0.0-rc90/go.mod
h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700
h1:eNUVfm/RFLIi1G7flU5/ZRTHvd4kcVuzfRnL6OFlzCI=
github.com/opencontainers/runtime-spec
v0.1.2-0.20190507144316-5b71a03e2700/go.mod
h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools
v0.0.0-20181011054405-1d69bd0f9c39/go.mod
h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
@@ -160,6 +186,8 @@
github.com/opencontainers/selinux v1.5.0/go.mod
h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
github.com/opencontainers/selinux v1.5.1
h1:jskKwSMFYqyTrHEuJgQoUlTcId0av64S6EWObrIfn5Y=
github.com/opencontainers/selinux v1.5.1/go.mod
h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
+github.com/opencontainers/selinux v1.5.2
h1:F6DgIsjgBIcDksLW4D5RG9bXok6oqZ3nvMwj4ZoFu/Q=
+github.com/opencontainers/selinux v1.5.2/go.mod
h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913
h1:TnbXhKzrTOyuvWrjI8W6pcoI9XPbLHFXCdN2dtUw7Rw=
github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod
h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc=
github.com/pkg/errors v0.8.0/go.mod
h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -182,8 +210,10 @@
github.com/prometheus/common v0.4.1/go.mod
h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0
h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo=
github.com/prometheus/common v0.6.0/go.mod
h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
+github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod
h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod
h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod
h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.3
h1:CTwfnzjQ+8dS6MhHHu4YswVAD99sL2wjPqP+VkURmKE=
github.com/prometheus/procfs v0.0.3/go.mod
h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
github.com/prometheus/procfs v0.0.5
h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
github.com/prometheus/procfs v0.0.5/go.mod
h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
@@ -200,8 +230,13 @@
github.com/stretchr/objx v0.1.1/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod
h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod
h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod
h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1
h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
github.com/stretchr/testify v1.5.1/go.mod
h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.0
h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho=
+github.com/stretchr/testify v1.6.0/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.6.1
h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
+github.com/stretchr/testify v1.6.1/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod
h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2
h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8=
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod
h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
@@ -217,6 +252,10 @@
github.com/vbauerster/mpb/v5 v5.0.3/go.mod
h1:h3YxU5CSr8rZP4Q3xZPVB3jJLhWPou63lHEdr9ytH4Y=
github.com/vbauerster/mpb/v5 v5.0.4
h1:w7l/tJfHmtIOKZkU+bhbDZOUxj1kln9jy4DUOp3Tl14=
github.com/vbauerster/mpb/v5 v5.0.4/go.mod
h1:fvzasBUyuo35UyuA6sSOlVhpLoNQsp2nBdHw7OiSUU8=
+github.com/vbauerster/mpb/v5 v5.2.1
h1:KXj7OdLO6aYrmXl69Jwn60/7AsyJ6s5bx+Enk0EMcKs=
+github.com/vbauerster/mpb/v5 v5.2.1/go.mod
h1:hny8jUouUgEYP4/TYF7M9tJTvCg/xdodvarvO18KYo0=
+github.com/vbauerster/mpb/v5 v5.2.2
h1:zIICVOm+XD+uV6crpSORaL6I0Q1WqOdvxZTp+r3L9cw=
+github.com/vbauerster/mpb/v5 v5.2.2/go.mod
h1:W5Fvgw4dm3/0NhqzV8j6EacfuTe5SvnzBRwiXxDR9ww=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod
h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b
h1:6cLsL+2FW6dRAdl5iMtHgRogVCff0QpRi9653YmdcJA=
github.com/xeipuuv/gojsonpointer v0.0.0-20190809123943-df4f5c81cb3b/go.mod
h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -252,6 +291,7 @@
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7
h1:rTIdg5QFRR7XCaK4LCjBiPbx8j4DQRpdYMnGn/bJUEU=
golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod
h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -275,6 +315,8 @@
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527
h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -284,6 +326,10 @@
golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f
h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9
h1:YTzHMGlqJu67/uEo1lBv0n3wBXhXNeUbB1XfN2vmTm0=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299
h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4=
+golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod
h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
@@ -302,12 +348,16 @@
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod
h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb
h1:i1Ppqkc3WQXikh8bXiwHqAN5Rv3/qDCcRk0/Otx73BY=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod
h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873
h1:nfPFGzJkUDX6uBmpN/pSw7MbOAWegH5QDQuoXFHedLg=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod
h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/grpc v1.19.0/go.mod
h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod
h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.23.1/go.mod
h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.24.0 h1:vb/1TCsVn3DcJlQ0Gs1yB1pKI6Do2/QNwxdKqmc/b0s=
google.golang.org/grpc v1.24.0/go.mod
h1:XDChyiUovWa60DnaeDeZmSW86xtLtjtZbwvSiRnRtcA=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod
h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15
h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/square/go-jose.v2 v2.3.1
h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
@@ -317,6 +367,8 @@
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible
h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod
h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/manifest/oci.go
new/image-5.5.1/manifest/oci.go
--- old/image-5.4.4/manifest/oci.go 2020-05-11 13:50:05.000000000 +0200
+++ new/image-5.5.1/manifest/oci.go 2020-06-17 16:47:38.000000000 +0200
@@ -172,7 +172,7 @@
Architecture: v1.Architecture,
Os: v1.OS,
Layers: layerInfosToStrings(m.LayerInfos()),
- Env: d1.Config.Env,
+ Env: v1.Config.Env,
}
return i, nil
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/oci/layout/oci_dest.go
new/image-5.5.1/oci/layout/oci_dest.go
--- old/image-5.4.4/oci/layout/oci_dest.go 2020-05-11 13:50:05.000000000
+0200
+++ new/image-5.5.1/oci/layout/oci_dest.go 2020-06-17 16:47:38.000000000
+0200
@@ -279,7 +279,7 @@
// If it has the same digest as another entry in the index, we already
overwrote the file,
// so just pick up the other information.
for i, manifest := range d.index.Manifests {
- if manifest.Digest == desc.Digest {
+ if manifest.Digest == desc.Digest &&
manifest.Annotations[imgspecv1.AnnotationRefName] == "" {
// Replace it completely.
d.index.Manifests[i] = *desc
return
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/oci/layout/oci_dest_test.go
new/image-5.5.1/oci/layout/oci_dest_test.go
--- old/image-5.4.4/oci/layout/oci_dest_test.go 2020-05-11 13:50:05.000000000
+0200
+++ new/image-5.5.1/oci/layout/oci_dest_test.go 2020-06-17 16:47:38.000000000
+0200
@@ -11,6 +11,7 @@
"github.com/containers/image/v5/pkg/blobinfocache/memory"
"github.com/containers/image/v5/types"
digest "github.com/opencontainers/go-digest"
+ imgspecv1 "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -105,7 +106,31 @@
index, err := ociRef.getIndex()
assert.NoError(t, err)
- assert.Equal(t, 2, len(index.Manifests), "Unexpected number of
manifests")
+ assert.Len(t, index.Manifests, 2, "Unexpected number of manifests")
+}
+
+func TestPutTwoDifferentTags(t *testing.T) {
+ ref, tmpDir := refToTempOCI(t)
+ defer os.RemoveAll(tmpDir)
+
+ ociRef, ok := ref.(ociReference)
+ require.True(t, ok)
+
+ putTestConfig(t, ociRef, tmpDir)
+ putTestManifest(t, ociRef, tmpDir)
+
+ // add the same manifest with a different tag; it shouldn't get
overwritten
+ ref, err := NewReference(tmpDir, "zomg")
+ assert.NoError(t, err)
+ ociRef, ok = ref.(ociReference)
+ require.True(t, ok)
+ putTestManifest(t, ociRef, tmpDir)
+
+ index, err := ociRef.getIndex()
+ assert.NoError(t, err)
+ assert.Len(t, index.Manifests, 3, "Unexpected number of manifests")
+ assert.Equal(t, "imageValue",
index.Manifests[1].Annotations[imgspecv1.AnnotationRefName])
+ assert.Equal(t, "zomg",
index.Manifests[2].Annotations[imgspecv1.AnnotationRefName])
}
func putTestConfig(t *testing.T, ociRef ociReference, tmpDir string) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/pkg/docker/config/config.go
new/image-5.5.1/pkg/docker/config/config.go
--- old/image-5.4.4/pkg/docker/config/config.go 2020-05-11 13:50:05.000000000
+0200
+++ new/image-5.5.1/pkg/docker/config/config.go 2020-06-17 16:47:38.000000000
+0200
@@ -7,6 +7,7 @@
"io/ioutil"
"os"
"path/filepath"
+ "runtime"
"strings"
"github.com/containers/image/v5/types"
@@ -37,7 +38,12 @@
xdgRuntimeDirPath = filepath.FromSlash("containers/auth.json")
dockerHomePath = filepath.FromSlash(".docker/config.json")
dockerLegacyHomePath = ".dockercfg"
+ nonLinuxAuthFilePath =
filepath.FromSlash(".config/containers/auth.json")
+ // Note that the keyring support has been disabled as it was causing
+ // regressions. Before enabling, please revisit TODO(keyring) comments
+ // which need to be addressed if the need remerged to support the
+ // kernel keyring.
enableKeyring = false
// ErrNotLoggedIn is returned for users not logged into a registry
@@ -73,6 +79,70 @@
})
}
+// GetAllCredentials returns the registry credentials for all registries stored
+// in either the auth.json file or the docker/config.json.
+func GetAllCredentials(sys *types.SystemContext)
(map[string]types.DockerAuthConfig, error) {
+ // Note: we need to read the auth files in the inverse order to prevent
+ // a priority inversion when writing to the map.
+ authConfigs := make(map[string]types.DockerAuthConfig)
+ paths := getAuthFilePaths(sys)
+ for i := len(paths) - 1; i >= 0; i-- {
+ path := paths[i]
+ // readJSONFile returns an empty map in case the path doesn't
exist.
+ auths, err := readJSONFile(path.path, path.legacyFormat)
+ if err != nil {
+ return nil, errors.Wrapf(err, "error reading JSON file
%q", path.path)
+ }
+
+ for registry, data := range auths.AuthConfigs {
+ conf, err := decodeDockerAuth(data)
+ if err != nil {
+ return nil, err
+ }
+ authConfigs[normalizeRegistry(registry)] = conf
+ }
+
+ // Credential helpers may override credentials from the auth
file.
+ for registry, credHelper := range auths.CredHelpers {
+ username, password, err :=
getAuthFromCredHelper(credHelper, registry)
+ if err != nil {
+ if
credentials.IsErrCredentialsNotFoundMessage(err.Error()) {
+ continue
+ }
+ return nil, err
+ }
+
+ conf := types.DockerAuthConfig{Username: username,
Password: password}
+ authConfigs[normalizeRegistry(registry)] = conf
+ }
+ }
+
+ // TODO(keyring): if we ever reenable the keyring support, we had to
+ // query all credentials from the keyring here.
+
+ return authConfigs, nil
+}
+
+// getAuthFilePaths returns a slice of authPaths based on the system context
+// in the order they should be searched. Note that some paths may not exist.
+func getAuthFilePaths(sys *types.SystemContext) []authPath {
+ paths := []authPath{}
+ pathToAuth, lf, err := getPathToAuth(sys)
+ if err == nil {
+ paths = append(paths, authPath{path: pathToAuth, legacyFormat:
lf})
+ } else {
+ // Error means that the path set for XDG_RUNTIME_DIR does not
exist
+ // but we don't want to completely fail in the case that the
user is pulling a public image
+ // Logging the error as a warning instead and moving on to
pulling the image
+ logrus.Warnf("%v: Trying to pull image in the event that it is
a public image.", err)
+ }
+ paths = append(paths,
+ authPath{path: filepath.Join(homedir.Get(), dockerHomePath),
legacyFormat: false},
+ authPath{path: filepath.Join(homedir.Get(),
dockerLegacyHomePath), legacyFormat: true},
+ )
+ return paths
+}
+
// GetCredentials returns the registry credentials stored in either auth.json
// file or .docker/config.json, including support for OAuth2 and IdentityToken.
// If an entry is not found, an empty struct is returned.
@@ -93,21 +163,7 @@
}
}
- paths := []authPath{}
- pathToAuth, lf, err := getPathToAuth(sys)
- if err == nil {
- paths = append(paths, authPath{path: pathToAuth, legacyFormat:
lf})
- } else {
- // Error means that the path set for XDG_RUNTIME_DIR does not
exist
- // but we don't want to completely fail in the case that the
user is pulling a public image
- // Logging the error as a warning instead and moving on to
pulling the image
- logrus.Warnf("%v: Trying to pull image in the event that it is
a public image.", err)
- }
- paths = append(paths,
- authPath{path: filepath.Join(homedir.Get(), dockerHomePath),
legacyFormat: false},
- authPath{path: filepath.Join(homedir.Get(),
dockerLegacyHomePath), legacyFormat: true})
-
- for _, path := range paths {
+ for _, path := range getAuthFilePaths(sys) {
authConfig, err := findAuthentication(registry, path.path,
path.legacyFormat)
if err != nil {
logrus.Debugf("Credentials not found")
@@ -189,10 +245,8 @@
})
}
-// getPath gets the path of the auth.json file
-// The path can be overriden by the user if the overwrite-path flag is set
-// If the flag is not set and XDG_RUNTIME_DIR is set, the auth.json file is
saved in XDG_RUNTIME_DIR/containers
-// Otherwise, the auth.json file is stored in /run/containers/UID
+// getPathToAuth gets the path of the auth.json file used for reading and
writting credentials
+// returns the path, and a bool specifies whether the file is in legacy format
func getPathToAuth(sys *types.SystemContext) (string, bool, error) {
if sys != nil {
if sys.AuthFilePath != "" {
@@ -205,6 +259,9 @@
return filepath.Join(sys.RootForImplicitAbsolutePaths,
fmt.Sprintf(defaultPerUIDPathFormat, os.Getuid())), false, nil
}
}
+ if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
+ return filepath.Join(homedir.Get(), nonLinuxAuthFilePath),
false, nil
+ }
runtimeDir := os.Getenv("XDG_RUNTIME_DIR")
if runtimeDir != "" {
@@ -248,6 +305,13 @@
return dockerConfigFile{}, errors.Wrapf(err, "error
unmarshaling JSON at %q", path)
}
+ if auths.AuthConfigs == nil {
+ auths.AuthConfigs = map[string]dockerAuthConfig{}
+ }
+ if auths.CredHelpers == nil {
+ auths.CredHelpers = make(map[string]string)
+ }
+
return auths, nil
}
@@ -257,17 +321,15 @@
if err != nil {
return err
}
+ if legacyFormat {
+ return fmt.Errorf("writes to %s using legacy format are not
supported", path)
+ }
dir := filepath.Dir(path)
- if _, err := os.Stat(dir); os.IsNotExist(err) {
- if err = os.MkdirAll(dir, 0700); err != nil {
- return errors.Wrapf(err, "error creating directory %q",
dir)
- }
+ if err = os.MkdirAll(dir, 0700); err != nil {
+ return err
}
- if legacyFormat {
- return fmt.Errorf("writes to %s using legacy format are not
supported", path)
- }
auths, err := readJSONFile(path, false)
if err != nil {
return errors.Wrapf(err, "error reading JSON file %q", path)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/pkg/docker/config/config_test.go
new/image-5.5.1/pkg/docker/config/config_test.go
--- old/image-5.4.4/pkg/docker/config/config_test.go 2020-05-11
13:50:05.000000000 +0200
+++ new/image-5.5.1/pkg/docker/config/config_test.go 2020-06-17
16:47:38.000000000 +0200
@@ -218,6 +218,11 @@
IdentityToken: "some very long identity
token",
},
},
+ {
+ name: "match none (empty.json)",
+ hostname: "https://localhost:5000";,
+ path: filepath.Join("testdata",
"empty.json"),
+ },
} {
t.Run(tc.name, func(t *testing.T) {
if err := os.RemoveAll(configPath); err != nil {
@@ -454,3 +459,56 @@
t.Fatalf("expected JSON syntax error, not: %#+v", err)
}
}
+
+func TestGetAllCredentials(t *testing.T) {
+ // Create a temporary authentication file.
+ tmpFile, err := ioutil.TempFile("", "auth.json.")
+ require.NoError(t, err)
+ _, err = tmpFile.Write([]byte{'{', '}'})
+ require.NoError(t, err)
+ err = tmpFile.Close()
+ require.NoError(t, err)
+ authFilePath := tmpFile.Name()
+ sys := types.SystemContext{AuthFilePath: authFilePath}
+
+ data := []struct {
+ server string
+ username string
+ password string
+ }{
+ {
+ server: "example.org",
+ username: "example-user",
+ password: "example-password",
+ },
+ {
+ server: "quay.io",
+ username: "quay-user",
+ password: "quay-password",
+ },
+ {
+ server: "localhost:5000",
+ username: "local-user",
+ password: "local-password",
+ },
+ }
+
+ // Write the credentials to the authfile.
+ for _, d := range data {
+ err := SetAuthentication(&sys, d.server, d.username, d.password)
+ require.NoError(t, err)
+ }
+
+ // Now ask for all credentials and make sure that map includes all
+ // servers and the correct credentials.
+ authConfigs, err := GetAllCredentials(&sys)
+ require.NoError(t, err)
+ assert.Equal(t, len(data), len(authConfigs))
+ for _, d := range data {
+ conf, exists := authConfigs[d.server]
+ assert.True(t, exists)
+ assert.Equal(t, d.username, conf.Username)
+ assert.Equal(t, d.password, conf.Password)
+ }
+
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/pkg/docker/config/testdata/empty.json
new/image-5.5.1/pkg/docker/config/testdata/empty.json
--- old/image-5.4.4/pkg/docker/config/testdata/empty.json 1970-01-01
01:00:00.000000000 +0100
+++ new/image-5.5.1/pkg/docker/config/testdata/empty.json 2020-06-17
16:47:38.000000000 +0200
@@ -0,0 +1 @@
+{}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/signature/policy_config.go
new/image-5.5.1/signature/policy_config.go
--- old/image-5.4.4/signature/policy_config.go 2020-05-11 13:50:05.000000000
+0200
+++ new/image-5.5.1/signature/policy_config.go 2020-06-17 16:47:38.000000000
+0200
@@ -17,11 +17,13 @@
"encoding/json"
"fmt"
"io/ioutil"
+ "os"
"path/filepath"
"github.com/containers/image/v5/docker/reference"
"github.com/containers/image/v5/transports"
"github.com/containers/image/v5/types"
+ "github.com/containers/storage/pkg/homedir"
"github.com/pkg/errors"
)
@@ -34,6 +36,9 @@
// DO NOT change this, instead see systemDefaultPolicyPath above.
const builtinDefaultPolicyPath = "/etc/containers/policy.json"
+// userPolicyFile is the path to the per user policy path.
+var userPolicyFile = filepath.FromSlash(".config/containers/policy.json")
+
// InvalidPolicyFormatError is returned when parsing an invalid policy
configuration.
type InvalidPolicyFormatError string
@@ -53,13 +58,15 @@
// defaultPolicyPath returns a path to the default policy of the system.
func defaultPolicyPath(sys *types.SystemContext) string {
- if sys != nil {
- if sys.SignaturePolicyPath != "" {
- return sys.SignaturePolicyPath
- }
- if sys.RootForImplicitAbsolutePaths != "" {
- return filepath.Join(sys.RootForImplicitAbsolutePaths,
systemDefaultPolicyPath)
- }
+ if sys != nil && sys.SignaturePolicyPath != "" {
+ return sys.SignaturePolicyPath
+ }
+ userPolicyFilePath := filepath.Join(homedir.Get(), userPolicyFile)
+ if _, err := os.Stat(userPolicyFilePath); err == nil {
+ return userPolicyFilePath
+ }
+ if sys != nil && sys.RootForImplicitAbsolutePaths != "" {
+ return filepath.Join(sys.RootForImplicitAbsolutePaths,
systemDefaultPolicyPath)
}
return systemDefaultPolicyPath
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/signature/policy_config_test.go
new/image-5.5.1/signature/policy_config_test.go
--- old/image-5.4.4/signature/policy_config_test.go 2020-05-11
13:50:05.000000000 +0200
+++ new/image-5.5.1/signature/policy_config_test.go 2020-06-17
16:47:38.000000000 +0200
@@ -4,6 +4,7 @@
"bytes"
"encoding/json"
"io/ioutil"
+ "os"
"path/filepath"
"testing"
@@ -93,33 +94,88 @@
const nondefaultPath = "/this/is/not/the/default/path.json"
const variableReference = "$HOME"
const rootPrefix = "/root/prefix"
+ oldHomeEnv, hasHomeEnv := os.LookupEnv("HOME")
+ tempHome, err := ioutil.TempDir("", "tempHome")
+ require.NoError(t, err)
+ err = os.Setenv("HOME", tempHome)
+ require.NoError(t, err)
+ defer func() {
+ os.RemoveAll(tempHome)
+ if hasHomeEnv {
+ os.Setenv("HOME", oldHomeEnv)
+ } else {
+ os.Unsetenv("HOME")
+ }
+ }()
+ userDefaultPolicyPath := filepath.Join(tempHome, userPolicyFile)
for _, c := range []struct {
- sys *types.SystemContext
- expected string
+ sys *types.SystemContext
+ userfilePresent bool
+ expected string
}{
// The common case
- {nil, systemDefaultPolicyPath},
+ {nil, false, systemDefaultPolicyPath},
// There is a context, but it does not override the path.
- {&types.SystemContext{}, systemDefaultPolicyPath},
+ {&types.SystemContext{}, false, systemDefaultPolicyPath},
// Path overridden
- {&types.SystemContext{SignaturePolicyPath: nondefaultPath},
nondefaultPath},
+ {&types.SystemContext{SignaturePolicyPath: nondefaultPath},
false, nondefaultPath},
// Root overridden
{
&types.SystemContext{RootForImplicitAbsolutePaths:
rootPrefix},
+ false,
filepath.Join(rootPrefix, systemDefaultPolicyPath),
},
+ // Empty context and user policy present
+ {&types.SystemContext{}, true, userDefaultPolicyPath},
+ // Only user policy present
+ {nil, true, userDefaultPolicyPath},
+ // Context signature path and user policy present
+ {
+ &types.SystemContext{
+ SignaturePolicyPath: nondefaultPath,
+ },
+ true,
+ nondefaultPath,
+ },
+ // Root and user policy present
+ {
+ &types.SystemContext{
+ RootForImplicitAbsolutePaths: rootPrefix,
+ },
+ true,
+ userDefaultPolicyPath,
+ },
+ // Context and user policy file preset simultaneously
+ {
+ &types.SystemContext{
+ RootForImplicitAbsolutePaths: rootPrefix,
+ SignaturePolicyPath: nondefaultPath,
+ },
+ true,
+ nondefaultPath,
+ },
// Root and path overrides present simultaneously,
{
&types.SystemContext{
RootForImplicitAbsolutePaths: rootPrefix,
SignaturePolicyPath: nondefaultPath,
},
+ false,
nondefaultPath,
},
// No environment expansion happens in the overridden paths
- {&types.SystemContext{SignaturePolicyPath: variableReference},
variableReference},
+ {&types.SystemContext{SignaturePolicyPath: variableReference},
false, variableReference},
} {
+ if c.userfilePresent {
+ err := os.MkdirAll(filepath.Dir(userDefaultPolicyPath),
os.ModePerm)
+ require.NoError(t, err)
+ f, err := os.Create(userDefaultPolicyPath)
+ require.NoError(t, err)
+ f.Close()
+ } else {
+ os.Remove(userDefaultPolicyPath)
+ }
path := defaultPolicyPath(c.sys)
assert.Equal(t, c.expected, path)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/types/types.go
new/image-5.5.1/types/types.go
--- old/image-5.4.4/types/types.go 2020-05-11 13:50:05.000000000 +0200
+++ new/image-5.5.1/types/types.go 2020-06-17 16:47:38.000000000 +0200
@@ -604,6 +604,10 @@
// ProgressEventDone is fired when the data transfer has been finished
for
// the specific artifact
ProgressEventDone
+
+ // ProgressEventSkipped is fired when the artifact has been skipped
because
+ // its already available at the destination
+ ProgressEventSkipped
)
// ProgressProperties is used to pass information from the copy code to a
monitor which
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/image-5.4.4/version/version.go
new/image-5.5.1/version/version.go
--- old/image-5.4.4/version/version.go 2020-05-11 13:50:05.000000000 +0200
+++ new/image-5.5.1/version/version.go 2020-06-17 16:47:38.000000000 +0200
@@ -6,9 +6,9 @@
// VersionMajor is for an API incompatible changes
VersionMajor = 5
// VersionMinor is for functionality in a backwards-compatible manner
- VersionMinor = 4
+ VersionMinor = 5
// VersionPatch is for backwards-compatible bug fixes
- VersionPatch = 4
+ VersionPatch = 1
// VersionDev indicates development branch. Releases will be empty
string.
VersionDev = ""
++++++ storage-1.19.1.tar.xz -> storage-1.20.2.tar.xz ++++++
++++ 35142 lines of diff (skipped)
