Skip to content

v5.22.0
Compare
Choose a tag to compare
@mtrmac mtrmac released this 22 Jul 14:39
· 2125 commits to main since this release
v5.22.0
40af9b5

copy.Image can now copy non-image OCI artifacts.

Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only).

Now requires Go 1.17.
GPGME now must be new enough to be visible via pkg-config.

github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is}
might need to be used instead of pkg/errors.Cause).

Changes default paths on FreeBSD.

  • Remove unused Makefile variables
  • Config files should live in /usr/local on FreeBSD
  • docker: validate received parts
  • Use go env to fetch the go path
  • docker: add workaround for CloudFront
  • Improve errors messages when image missing from list
  • Stop calling gpgme-config
  • Fix codespell errors
  • Make sure github.com/opencontainers/runc >= 1.1.2 is used
  • Cirrus: use Ubuntu 22.04 LTS
  • Merge pull request #1576 from mtrmac/private-image
  • Merge pull request #1577 from mtrmac/mocks
  • Merge pull request #1571 from mtrmac/go1.17
  • Merge pull request #1578 from mtrmac/sourced-image-struct
  • Fix error on parallel multiple image pullings with additionallayerstore
  • Merge pull request #1579 from mtrmac/copy-layers-refactor
  • Reject OCI artifacts in manifest.OCI1.ImageID
  • Reject OCI artifacts in manifest.OCI1.Inspect
  • Refuse to convert non-image OCI artifacts to Docker formats
  • Reject OCI artifacts in image.manifestOCI1.OCIConfig
  • Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image
  • Use an updated CI image
  • Use strings.ReplaceAll instead of strings.Replace(..., -1)
  • Move the main helper removal case to the main path on RemoveAllAuthentication
  • Merge pull request #1588 from mtrmac/pkg_errors
  • Merge pull request #1589 from mtrmac/private-dest-impls
  • Merge pull request #1590 from mtrmac/private-src-impls
  • Merge pull request #1592 from mtrmac/blobcache-wrap-private
  • Use "io.ReadAll" instead of "os.ReadAll"
  • Merge pull request #1596 from mtrmac/cosign-payload
  • Generalize copy.Image to be able to copy signatures with any format
  • Merge pull request #1593 from mtrmac/cosign-sigs
  • Introduce signature.Cosign as a format
  • Add use-cosign-attachments to registries.d/*.yaml
  • Add support for reading and writing Cosign attachments, incl. signatures
  • Merge pull request #1595 from mtrmac/cosign-docker
  • Add support for creating Cosign signatures
  • Fix a long-standing incorrect comment
  • Fix JSON syntax in the policy.json(5) man page
  • Correctly decode Cosign-generated payloads
  • Add Cosign verification support
  • s/sigstore/lookaside/g in comments and documentation
  • Refer to lookasideStorage instead of signatureStorage in code
  • Add lookaside and lookaside-staging, hide sigstore and sigstore-staging
  • Merge pull request #1605 from mtrmac/sigstore
  • Fix a typo in error messages
  • Remove a copy&pasted test entry
  • Add context to some test failures
  • Use more valid data in TestPRSignedByIsSignatureAuthorAccepted
  • Generalize keyPath/keyData exclusivity checks
  • Remove repetition in tests
  • Accept multiple keyrings in newEphemeralGPGSigningMechanism
  • Allow accepting multiple GPG keyrings via signedBy.keyPaths
  • Switch to golang native error wrapping
  • Point out use-sigstore-registries in sigstoreSigned documentation
  • Use .pub extension for public keys in sigstoreSigned examples
  • copy: print copy info once when writer==io.Discard
  • Silence a "potentially unused parameter" warning
  • Read signatures from UnparsedImage instead of ImageSource directly
  • Consolidate reading messages, and checking for support, into a helper
  • build(deps): bump github.com/containers/storage from 1.40.0 to 1.40.2
  • build(deps): bump github.com/docker/docker
  • build(deps): bump github.com/klauspost/compress from 1.15.2 to 1.15.3
  • build(deps): bump github.com/klauspost/compress from 1.15.3 to 1.15.4
  • build(deps): bump github.com/docker/docker
  • build(deps): bump github.com/proglottis/gpgme from 0.1.1 to 0.1.2
  • build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2
  • build(deps): bump github.com/imdario/mergo from 0.3.12 to 0.3.13
  • build(deps): bump github.com/klauspost/compress from 1.15.4 to 1.15.5
  • build(deps): bump github.com/sylabs/sif/v2 from 2.7.0 to 2.7.1
  • build(deps): bump github.com/klauspost/compress from 1.15.5 to 1.15.6
  • build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
  • build(deps): bump github.com/docker/docker
  • build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4
  • build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
  • build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
  • build(deps): bump github.com/klauspost/compress from 1.15.6 to 1.15.7
  • build(deps): bump github.com/proglottis/gpgme from 0.1.2 to 0.1.3
  • build(deps): bump github.com/klauspost/compress from 1.15.7 to 1.15.8
  • build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
  • build(deps): bump github.com/theupdateframework/go-tuf
  • build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
Assets 2
Loading