Releases: containers/image
Releases · containers/image
v5.22.0
copy.Image
can now copy non-image OCI artifacts.
Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d
. Signatures can be created by copy.Image
and enforced via policy.json
(currently with public/private key pairs only).
Now requires Go 1.17.
GPGME now must be new enough to be visible via pkg-config
.
github.com/pkg/errors
is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is}
might need to be used instead of pkg/errors.Cause
).
Changes default paths on FreeBSD.
- Remove unused Makefile variables
- Config files should live in /usr/local on FreeBSD
- docker: validate received parts
- Use go env to fetch the go path
- docker: add workaround for CloudFront
- Improve errors messages when image missing from list
- Stop calling gpgme-config
- Fix codespell errors
- Make sure github.com/opencontainers/runc >= 1.1.2 is used
- Cirrus: use Ubuntu 22.04 LTS
- Merge pull request #1576 from mtrmac/private-image
- Merge pull request #1577 from mtrmac/mocks
- Merge pull request #1571 from mtrmac/go1.17
- Merge pull request #1578 from mtrmac/sourced-image-struct
- Fix error on parallel multiple image pullings with additionallayerstore
- Merge pull request #1579 from mtrmac/copy-layers-refactor
- Reject OCI artifacts in manifest.OCI1.ImageID
- Reject OCI artifacts in manifest.OCI1.Inspect
- Refuse to convert non-image OCI artifacts to Docker formats
- Reject OCI artifacts in image.manifestOCI1.OCIConfig
- Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image
- Use an updated CI image
- Use strings.ReplaceAll instead of strings.Replace(..., -1)
- Move the main helper removal case to the main path on RemoveAllAuthentication
- Merge pull request #1588 from mtrmac/pkg_errors
- Merge pull request #1589 from mtrmac/private-dest-impls
- Merge pull request #1590 from mtrmac/private-src-impls
- Merge pull request #1592 from mtrmac/blobcache-wrap-private
- Use "io.ReadAll" instead of "os.ReadAll"
- Merge pull request #1596 from mtrmac/cosign-payload
- Generalize copy.Image to be able to copy signatures with any format
- Merge pull request #1593 from mtrmac/cosign-sigs
- Introduce signature.Cosign as a format
- Add use-cosign-attachments to registries.d/*.yaml
- Add support for reading and writing Cosign attachments, incl. signatures
- Merge pull request #1595 from mtrmac/cosign-docker
- Add support for creating Cosign signatures
- Fix a long-standing incorrect comment
- Fix JSON syntax in the policy.json(5) man page
- Correctly decode Cosign-generated payloads
- Add Cosign verification support
- s/sigstore/lookaside/g in comments and documentation
- Refer to lookasideStorage instead of signatureStorage in code
- Add lookaside and lookaside-staging, hide sigstore and sigstore-staging
- Merge pull request #1605 from mtrmac/sigstore
- Fix a typo in error messages
- Remove a copy&pasted test entry
- Add context to some test failures
- Use more valid data in TestPRSignedByIsSignatureAuthorAccepted
- Generalize keyPath/keyData exclusivity checks
- Remove repetition in tests
- Accept multiple keyrings in newEphemeralGPGSigningMechanism
- Allow accepting multiple GPG keyrings via signedBy.keyPaths
- Switch to golang native error wrapping
- Point out use-sigstore-registries in sigstoreSigned documentation
- Use .pub extension for public keys in sigstoreSigned examples
- copy: print copy info once when writer==io.Discard
- Silence a "potentially unused parameter" warning
- Read signatures from UnparsedImage instead of ImageSource directly
- Consolidate reading messages, and checking for support, into a helper
- build(deps): bump github.com/containers/storage from 1.40.0 to 1.40.2
- build(deps): bump github.com/docker/docker
- build(deps): bump github.com/klauspost/compress from 1.15.2 to 1.15.3
- build(deps): bump github.com/klauspost/compress from 1.15.3 to 1.15.4
- build(deps): bump github.com/docker/docker
- build(deps): bump github.com/proglottis/gpgme from 0.1.1 to 0.1.2
- build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2
- build(deps): bump github.com/imdario/mergo from 0.3.12 to 0.3.13
- build(deps): bump github.com/klauspost/compress from 1.15.4 to 1.15.5
- build(deps): bump github.com/sylabs/sif/v2 from 2.7.0 to 2.7.1
- build(deps): bump github.com/klauspost/compress from 1.15.5 to 1.15.6
- build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
- build(deps): bump github.com/docker/docker
- build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4
- build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
- build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
- build(deps): bump github.com/klauspost/compress from 1.15.6 to 1.15.7
- build(deps): bump github.com/proglottis/gpgme from 0.1.2 to 0.1.3
- build(deps): bump github.com/klauspost/compress from 1.15.7 to 1.15.8
- build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
- build(deps): bump github.com/theupdateframework/go-tuf
- build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
v5.19.4
- vendor c/storage@v1.38.4 (backports for https://bugzilla.redhat.com/show_bug.cgi?id=2072452)
v5.19.3
What's Changed
- [v5.19, backport] storage: use race-free
AddNames
instead ofSetNames
by @flouthoc in #1503 - [release-5.19 backport] Remove keyring support and Cirrus update to f36 VMs by @lsm5 in #1542
- [release-5.19 backport] Bump github.com/containers/ocicrypt to 566b808 by @lsm5 in #1539
Full Changelog: v5.19.2...v5.19.3
v5.21.1
What's Changed
- Release v5.21.0 by @mtrmac in #1514
- Use c/storage/pkg/ioutils.AtomicWriteFiles to update auth.json by @mtrmac in #1515
- build(deps): bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0 by @dependabot in #1516
- build(deps): bump github.com/sylabs/sif/v2 from 2.4.2 to 2.5.0 by @dependabot in #1520
- Update to benefit from Go 1.16 by @mtrmac in #1521
- build(deps): bump github.com/sylabs/sif/v2 from 2.5.0 to 2.6.0 by @dependabot in #1524
- man containers-registries.conf: clarify mirror association by @vrothberg in #1525
- Use strings.NewReader instead of bytes.NewBufferString by @mtrmac in #1517
- Use correct list syntax in containers-registries.conf(5) by @mtrmac in #1527
- Don't require a Docker-Content-Digest header when deleting images by @mtrmac in #1497
- build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.7.0 by @dependabot in #1528
- Improve progress bars, and update mpb by @mtrmac in #1530
- build(deps): bump github.com/klauspost/compress from 1.15.1 to 1.15.2 by @dependabot in #1531
- Cirrus: Update to F36 VMs by @cevich in #1535
- Bump github.com/containers/ocicrypt to 566b808 by @lsm5 in #1534
- Fix unwanted reuse of encrypted layers by @mtrmac in #1533
Full Changelog: v5.21.0...v5.21.1
v5.21.0
What's Changed
- Release v5.20.0 by @mtrmac in #1482
- storage: use race-free
AddNames
instead ofSetNames
by @flouthoc in #1480 - build(deps): bump github.com/klauspost/compress from 1.14.4 to 1.15.0 by @dependabot in #1484
- Update github.com/containerd/containerd by @mtrmac in #1485
- build(deps): bump github.com/docker/distribution from 2.8.0+incompatible to 2.8.1+incompatible by @dependabot in #1486
- build(deps): bump github.com/sylabs/sif/v2 from 2.3.2 to 2.4.0 by @dependabot in #1488
- build(deps): bump github.com/klauspost/compress from 1.15.0 to 1.15.1 by @dependabot in #1490
- build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible by @dependabot in #1489
- Silence go-staticcheck about openpgp use by @mtrmac in #1491
- Try to make (make lint) pass with Go 1.18 by @mtrmac in #1492
- build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #1494
- Use assert.ErrorContains by @mtrmac in #1495
- build(deps): bump github.com/sylabs/sif/v2 from 2.4.0 to 2.4.1 by @dependabot in #1496
- Formally require Go 1.15 by @mtrmac in #1493
- build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 by @dependabot in #1498
- build(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible by @dependabot in #1504
- registries.conf: prefixes: subdomain matching by @vrothberg in #1505
- toml decoding: report unknown keys by @vrothberg in #1507
- registries.conf: fix typo in prefix by @vrothberg in #1508
- build(deps): bump github.com/opencontainers/selinux from 1.10.0 to 1.10.1 by @dependabot in #1511
- Add option to specify the identity for signing by @Jamstah in #1510
- Add pull-from-mirror for adding per-mirror level restrictions by @QiWang19 in #1411
- build(deps): bump github.com/sylabs/sif/v2 from 2.4.1 to 2.4.2 by @dependabot in #1513
Full Changelog: v5.20.0...v5.21.0
v5.19.2
v5.20.0
docker/referece
: addIsFullIdentifier
- Changed oci layout transport to thread-safe destination
- add
pkg/blobcache
from Buildah - blobcache: drop import on
buildah/docker
- blobcache: drop history comment
- blobcache: make
ClearCache()
private - blobcache: remove
CacheLookupReferenceFunc
- blobcache: turn
BlobCache
into a struct - blobcache: export
clearCache
- Remove (unused and unreachable) keyring support
- Eliminate a goroutine
- Also introduces internal-only interfaces to allow extending the transport feature set in the future
v5.19.1
v5.19.0
What's Changed
- Release c/image v5.18.0 by @mtrmac in #1437
- build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 by @dependabot in #1440
- build(deps): bump github.com/klauspost/compress from 1.13.6 to 1.14.1 by @dependabot in #1441
- Initial sif transport implementation by @mtrmac in #1438
- build(deps): bump github.com/sylabs/sif/v2 from 2.3.0 to 2.3.1 by @dependabot in #1443
- build(deps): bump github.com/vbauerster/mpb/v7 from 7.3.0 to 7.3.1 by @dependabot in #1444
- Corrects wrong default path for auth.json in docs by @svdHero in #1442
- Log every credential path we consult by @mtrmac in #1445
- build(deps): bump github.com/containers/storage from 1.37.0 to 1.38.0 by @dependabot in #1447
- Run codespell on code by @rhatdan in #1449
- build(deps): bump github.com/vbauerster/mpb/v7 from 7.3.1 to 7.3.2 by @dependabot in #1450
- GPGME: support passphrase for prompt-less signing by @vrothberg in #1446
New Contributors
Full Changelog: v5.18.0...v5.19.0
v5.18.0
- Add copy.Options.PreserveDigests
- Link the two variants of cannotModifyManifest*Reason together.
- shortnames: mechanism to enforce resolving to Docker Hub
- manifest.GuessMIMEType(): recognize self-described OCI manifests
- Add a comment about only looking up credential helpers by registry
- Reorganize the success case in getCredentialsWithHomeDir
- Introduce a string key in getCredentialsWithHomeDir
- Modify findAuthentication to use a string key instead of a reference.Named
- Allow using namespaced keys in GetCredentials and GetAuthentication
- Rename useLegacyAPI to useLegacyFormat
- Fix GetAllCredentials
- Reject invalid keys in GetCredentials/GetAuthentication
- Make validateKey a bit more strict
- Don't include full manifest contents in error messages
- Log if a manifest upload doesn't contain a Docker-Content-Digest header
- docker/config: handle credentials not found errors
- docker: less bears :(
- Remove unused filler argument to customPartialBlobCounter
- Inline decor.Any into the caller
- Inline sstyle into the only user
- Simplify a check for missing credentials
- Fix handling of missing data in GetAllCredentials
- Fix the pseudo-version of github.com/opencontainers/image-spec
- Update golang.org/x/crypto, and silence warnings about openpgp