Skip to content

Releases: containers/image

v5.22.0

22 Jul 14:39
Compare
Choose a tag to compare

copy.Image can now copy non-image OCI artifacts.

Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only).

Now requires Go 1.17.
GPGME now must be new enough to be visible via pkg-config.

github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is}
might need to be used instead of pkg/errors.Cause).

Changes default paths on FreeBSD.

  • Remove unused Makefile variables
  • Config files should live in /usr/local on FreeBSD
  • docker: validate received parts
  • Use go env to fetch the go path
  • docker: add workaround for CloudFront
  • Improve errors messages when image missing from list
  • Stop calling gpgme-config
  • Fix codespell errors
  • Make sure github.com/opencontainers/runc >= 1.1.2 is used
  • Cirrus: use Ubuntu 22.04 LTS
  • Merge pull request #1576 from mtrmac/private-image
  • Merge pull request #1577 from mtrmac/mocks
  • Merge pull request #1571 from mtrmac/go1.17
  • Merge pull request #1578 from mtrmac/sourced-image-struct
  • Fix error on parallel multiple image pullings with additionallayerstore
  • Merge pull request #1579 from mtrmac/copy-layers-refactor
  • Reject OCI artifacts in manifest.OCI1.ImageID
  • Reject OCI artifacts in manifest.OCI1.Inspect
  • Refuse to convert non-image OCI artifacts to Docker formats
  • Reject OCI artifacts in image.manifestOCI1.OCIConfig
  • Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image
  • Use an updated CI image
  • Use strings.ReplaceAll instead of strings.Replace(..., -1)
  • Move the main helper removal case to the main path on RemoveAllAuthentication
  • Merge pull request #1588 from mtrmac/pkg_errors
  • Merge pull request #1589 from mtrmac/private-dest-impls
  • Merge pull request #1590 from mtrmac/private-src-impls
  • Merge pull request #1592 from mtrmac/blobcache-wrap-private
  • Use "io.ReadAll" instead of "os.ReadAll"
  • Merge pull request #1596 from mtrmac/cosign-payload
  • Generalize copy.Image to be able to copy signatures with any format
  • Merge pull request #1593 from mtrmac/cosign-sigs
  • Introduce signature.Cosign as a format
  • Add use-cosign-attachments to registries.d/*.yaml
  • Add support for reading and writing Cosign attachments, incl. signatures
  • Merge pull request #1595 from mtrmac/cosign-docker
  • Add support for creating Cosign signatures
  • Fix a long-standing incorrect comment
  • Fix JSON syntax in the policy.json(5) man page
  • Correctly decode Cosign-generated payloads
  • Add Cosign verification support
  • s/sigstore/lookaside/g in comments and documentation
  • Refer to lookasideStorage instead of signatureStorage in code
  • Add lookaside and lookaside-staging, hide sigstore and sigstore-staging
  • Merge pull request #1605 from mtrmac/sigstore
  • Fix a typo in error messages
  • Remove a copy&pasted test entry
  • Add context to some test failures
  • Use more valid data in TestPRSignedByIsSignatureAuthorAccepted
  • Generalize keyPath/keyData exclusivity checks
  • Remove repetition in tests
  • Accept multiple keyrings in newEphemeralGPGSigningMechanism
  • Allow accepting multiple GPG keyrings via signedBy.keyPaths
  • Switch to golang native error wrapping
  • Point out use-sigstore-registries in sigstoreSigned documentation
  • Use .pub extension for public keys in sigstoreSigned examples
  • copy: print copy info once when writer==io.Discard
  • Silence a "potentially unused parameter" warning
  • Read signatures from UnparsedImage instead of ImageSource directly
  • Consolidate reading messages, and checking for support, into a helper
  • build(deps): bump github.com/containers/storage from 1.40.0 to 1.40.2
  • build(deps): bump github.com/docker/docker
  • build(deps): bump github.com/klauspost/compress from 1.15.2 to 1.15.3
  • build(deps): bump github.com/klauspost/compress from 1.15.3 to 1.15.4
  • build(deps): bump github.com/docker/docker
  • build(deps): bump github.com/proglottis/gpgme from 0.1.1 to 0.1.2
  • build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2
  • build(deps): bump github.com/imdario/mergo from 0.3.12 to 0.3.13
  • build(deps): bump github.com/klauspost/compress from 1.15.4 to 1.15.5
  • build(deps): bump github.com/sylabs/sif/v2 from 2.7.0 to 2.7.1
  • build(deps): bump github.com/klauspost/compress from 1.15.5 to 1.15.6
  • build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
  • build(deps): bump github.com/docker/docker
  • build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4
  • build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
  • build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
  • build(deps): bump github.com/klauspost/compress from 1.15.6 to 1.15.7
  • build(deps): bump github.com/proglottis/gpgme from 0.1.2 to 0.1.3
  • build(deps): bump github.com/klauspost/compress from 1.15.7 to 1.15.8
  • build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
  • build(deps): bump github.com/theupdateframework/go-tuf
  • build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0

v5.19.4

30 May 09:19
Compare
Choose a tag to compare

v5.19.3

09 May 19:04
10892f8
Compare
Choose a tag to compare

What's Changed

  • [v5.19, backport] storage: use race-free AddNames instead of SetNames by @flouthoc in #1503
  • [release-5.19 backport] Remove keyring support and Cirrus update to f36 VMs by @lsm5 in #1542
  • [release-5.19 backport] Bump github.com/containers/ocicrypt to 566b808 by @lsm5 in #1539

Full Changelog: v5.19.2...v5.19.3

v5.21.1

02 May 19:27
Compare
Choose a tag to compare

What's Changed

  • Release v5.21.0 by @mtrmac in #1514
  • Use c/storage/pkg/ioutils.AtomicWriteFiles to update auth.json by @mtrmac in #1515
  • build(deps): bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0 by @dependabot in #1516
  • build(deps): bump github.com/sylabs/sif/v2 from 2.4.2 to 2.5.0 by @dependabot in #1520
  • Update to benefit from Go 1.16 by @mtrmac in #1521
  • build(deps): bump github.com/sylabs/sif/v2 from 2.5.0 to 2.6.0 by @dependabot in #1524
  • man containers-registries.conf: clarify mirror association by @vrothberg in #1525
  • Use strings.NewReader instead of bytes.NewBufferString by @mtrmac in #1517
  • Use correct list syntax in containers-registries.conf(5) by @mtrmac in #1527
  • Don't require a Docker-Content-Digest header when deleting images by @mtrmac in #1497
  • build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.7.0 by @dependabot in #1528
  • Improve progress bars, and update mpb by @mtrmac in #1530
  • build(deps): bump github.com/klauspost/compress from 1.15.1 to 1.15.2 by @dependabot in #1531
  • Cirrus: Update to F36 VMs by @cevich in #1535
  • Bump github.com/containers/ocicrypt to 566b808 by @lsm5 in #1534
  • Fix unwanted reuse of encrypted layers by @mtrmac in #1533

Full Changelog: v5.21.0...v5.21.1

v5.21.0

04 Apr 18:55
Compare
Choose a tag to compare

What's Changed

  • Release v5.20.0 by @mtrmac in #1482
  • storage: use race-free AddNames instead of SetNames by @flouthoc in #1480
  • build(deps): bump github.com/klauspost/compress from 1.14.4 to 1.15.0 by @dependabot in #1484
  • Update github.com/containerd/containerd by @mtrmac in #1485
  • build(deps): bump github.com/docker/distribution from 2.8.0+incompatible to 2.8.1+incompatible by @dependabot in #1486
  • build(deps): bump github.com/sylabs/sif/v2 from 2.3.2 to 2.4.0 by @dependabot in #1488
  • build(deps): bump github.com/klauspost/compress from 1.15.0 to 1.15.1 by @dependabot in #1490
  • build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible by @dependabot in #1489
  • Silence go-staticcheck about openpgp use by @mtrmac in #1491
  • Try to make (make lint) pass with Go 1.18 by @mtrmac in #1492
  • build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #1494
  • Use assert.ErrorContains by @mtrmac in #1495
  • build(deps): bump github.com/sylabs/sif/v2 from 2.4.0 to 2.4.1 by @dependabot in #1496
  • Formally require Go 1.15 by @mtrmac in #1493
  • build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 by @dependabot in #1498
  • build(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible by @dependabot in #1504
  • registries.conf: prefixes: subdomain matching by @vrothberg in #1505
  • toml decoding: report unknown keys by @vrothberg in #1507
  • registries.conf: fix typo in prefix by @vrothberg in #1508
  • build(deps): bump github.com/opencontainers/selinux from 1.10.0 to 1.10.1 by @dependabot in #1511
  • Add option to specify the identity for signing by @Jamstah in #1510
  • Add pull-from-mirror for adding per-mirror level restrictions by @QiWang19 in #1411
  • build(deps): bump github.com/sylabs/sif/v2 from 2.4.1 to 2.4.2 by @dependabot in #1513

Full Changelog: v5.20.0...v5.21.0

v5.19.2

23 Mar 18:02
9b1b7f2
Compare
Choose a tag to compare

storage: use race-free AddNames instead of SetNames

v5.20.0

01 Mar 21:03
Compare
Choose a tag to compare
  • docker/referece: add IsFullIdentifier
  • Changed oci layout transport to thread-safe destination
  • add pkg/blobcache from Buildah
  • blobcache: drop import on buildah/docker
  • blobcache: drop history comment
  • blobcache: make ClearCache() private
  • blobcache: remove CacheLookupReferenceFunc
  • blobcache: turn BlobCache into a struct
  • blobcache: export clearCache
  • Remove (unused and unreachable) keyring support
  • Eliminate a goroutine
  • Also introduces internal-only interfaces to allow extending the transport feature set in the future

v5.19.1

02 Feb 17:52
Compare
Choose a tag to compare
  • build(deps): bump github.com/klauspost/compress from 1.14.1 to 1.14.2
  • build(deps): bump github.com/containers/storage from 1.38.0 to 1.38.1
  • build(deps): bump github.com/containers/storage from 1.38.1 to 1.38.2

v5.19.0

25 Jan 18:31
Compare
Choose a tag to compare

What's Changed

  • Release c/image v5.18.0 by @mtrmac in #1437
  • build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 by @dependabot in #1440
  • build(deps): bump github.com/klauspost/compress from 1.13.6 to 1.14.1 by @dependabot in #1441
  • Initial sif transport implementation by @mtrmac in #1438
  • build(deps): bump github.com/sylabs/sif/v2 from 2.3.0 to 2.3.1 by @dependabot in #1443
  • build(deps): bump github.com/vbauerster/mpb/v7 from 7.3.0 to 7.3.1 by @dependabot in #1444
  • Corrects wrong default path for auth.json in docs by @svdHero in #1442
  • Log every credential path we consult by @mtrmac in #1445
  • build(deps): bump github.com/containers/storage from 1.37.0 to 1.38.0 by @dependabot in #1447
  • Run codespell on code by @rhatdan in #1449
  • build(deps): bump github.com/vbauerster/mpb/v7 from 7.3.1 to 7.3.2 by @dependabot in #1450
  • GPGME: support passphrase for prompt-less signing by @vrothberg in #1446

New Contributors

Full Changelog: v5.18.0...v5.19.0

v5.18.0

10 Jan 17:03
Compare
Choose a tag to compare
  • Add copy.Options.PreserveDigests
  • Link the two variants of cannotModifyManifest*Reason together.
  • shortnames: mechanism to enforce resolving to Docker Hub
  • manifest.GuessMIMEType(): recognize self-described OCI manifests
  • Add a comment about only looking up credential helpers by registry
  • Reorganize the success case in getCredentialsWithHomeDir
  • Introduce a string key in getCredentialsWithHomeDir
  • Modify findAuthentication to use a string key instead of a reference.Named
  • Allow using namespaced keys in GetCredentials and GetAuthentication
  • Rename useLegacyAPI to useLegacyFormat
  • Fix GetAllCredentials
  • Reject invalid keys in GetCredentials/GetAuthentication
  • Make validateKey a bit more strict
  • Don't include full manifest contents in error messages
  • Log if a manifest upload doesn't contain a Docker-Content-Digest header
  • docker/config: handle credentials not found errors
  • docker: less bears :(
  • Remove unused filler argument to customPartialBlobCounter
  • Inline decor.Any into the caller
  • Inline sstyle into the only user
  • Simplify a check for missing credentials
  • Fix handling of missing data in GetAllCredentials
  • Fix the pseudo-version of github.com/opencontainers/image-spec
  • Update golang.org/x/crypto, and silence warnings about openpgp