diff --git a/go.mod b/go.mod index ca399796..336c2286 100644 --- a/go.mod +++ b/go.mod @@ -6,11 +6,11 @@ require ( github.com/go-ldap/ldap/v3 v3.4.6 github.com/notaryproject/notation-core-go v1.0.2 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0-rc5 + github.com/opencontainers/image-spec v1.1.0-rc6 github.com/veraison/go-cose v1.1.0 golang.org/x/crypto v0.18.0 golang.org/x/mod v0.14.0 - oras.land/oras-go/v2 v2.3.1 + oras.land/oras-go/v2 v2.4.0 ) require ( @@ -20,5 +20,5 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/google/uuid v1.3.1 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/sync v0.4.0 // indirect + golang.org/x/sync v0.6.0 // indirect ) diff --git a/go.sum b/go.sum index 4bac6d94..7079c839 100644 --- a/go.sum +++ b/go.sum @@ -19,8 +19,8 @@ github.com/notaryproject/notation-core-go v1.0.2 h1:VEt+mbsgdANd9b4jqgmx2C7U0Dmw github.com/notaryproject/notation-core-go v1.0.2/go.mod h1:2HkQzUwg08B3x9oVIztHsEh7Vil2Rj+tYgxH+JObLX4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= +github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -50,8 +50,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ= -golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -80,5 +80,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -oras.land/oras-go/v2 v2.3.1 h1:lUC6q8RkeRReANEERLfH86iwGn55lbSWP20egdFHVec= -oras.land/oras-go/v2 v2.3.1/go.mod h1:5AQXVEu1X/FKp1F9DMOb5ZItZBOa0y5dha0yCm4NR9c= +oras.land/oras-go/v2 v2.4.0 h1:i+Wt5oCaMHu99guBD0yuBjdLvX7Lz8ukPbwXdR7uBMs= +oras.land/oras-go/v2 v2.4.0/go.mod h1:osvtg0/ClRq1KkydMAEu/IxFieyjItcsQ4ut4PPF+f8= diff --git a/notation_test.go b/notation_test.go index 2639da2f..31264cee 100644 --- a/notation_test.go +++ b/notation_test.go @@ -150,7 +150,7 @@ func TestVerifyTagReferenceFailed(t *testing.T) { repo := mock.NewRepository() verifier := dummyVerifier{&policyDocument, mock.PluginManager{}, false, *trustpolicy.LevelStrict} - errorMessage := "invalid reference: invalid repository" + errorMessage := "invalid reference: invalid repository \"UPPERCASE/test\"" expectedErr := ErrorSignatureRetrievalFailed{Msg: errorMessage} // mock the repository diff --git a/registry/repository_test.go b/registry/repository_test.go index 37caab88..9224f875 100644 --- a/registry/repository_test.go +++ b/registry/repository_test.go @@ -62,7 +62,7 @@ const ( { "Manifests": [ { - "MediaType": "application/vnd.oci.artifact.manifest.v1+json", + "MediaType": "application/vnd.oci.image.manifest.v1+json", "Digest": "sha256:cf2a0974295fc17b8351ef52abae2f40212e20e0359ea980ec5597bb0315347b", "Size": 620, "ArtifactType": "application/vnd.cncf.notary.signature" @@ -165,16 +165,34 @@ func (c mockRemoteClient) Do(req *http.Request) (*http.Response, error) { case "/v2/test/referrers/": return &http.Response{ StatusCode: http.StatusOK, - Body: io.NopCloser(bytes.NewReader([]byte(validPage))), + Header: http.Header{ + "Content-Type": []string{ocispec.MediaTypeImageIndex}, + }, + Body: io.NopCloser(bytes.NewReader([]byte(validPage))), Request: &http.Request{ Method: "GET", URL: &url.URL{Path: "/v2/test/referrers/"}, }, }, nil + case "/v2/test/referrers/" + validDigestWithAlgo: + return &http.Response{ + StatusCode: http.StatusOK, + Header: http.Header{ + "Content-Type": []string{ocispec.MediaTypeImageIndex}, + }, + Body: io.NopCloser(bytes.NewReader([]byte(validPage))), + Request: &http.Request{ + Method: "GET", + URL: &url.URL{Path: "/v2/test/referrers/" + validDigestWithAlgo}, + }, + }, nil case "/v2/test/referrers/" + zeroDigest: return &http.Response{ StatusCode: http.StatusOK, - Body: io.NopCloser(bytes.NewReader([]byte(validPageImage))), + Header: http.Header{ + "Content-Type": []string{ocispec.MediaTypeImageIndex}, + }, + Body: io.NopCloser(bytes.NewReader([]byte(validPageImage))), Request: &http.Request{ Method: "GET", URL: &url.URL{Path: "/v2/test/referrers/" + zeroDigest}, @@ -188,13 +206,15 @@ func (c mockRemoteClient) Do(req *http.Request) (*http.Response, error) { default: _, digest, found := strings.Cut(req.URL.Path, "/v2/test/manifests/") if found && !slices.Contains(validDigestWithAlgoSlice, digest) { - return &http.Response{ + resp := &http.Response{ StatusCode: http.StatusCreated, Body: io.NopCloser(bytes.NewReader([]byte(msg))), - Header: map[string][]string{ - "Content-Type": {joseTag}, + Header: http.Header{ + "Content-Type": []string{joseTag}, + "Oci-Subject": []string{validDigestWithAlgo}, }, - }, nil + } + return resp, nil } return &http.Response{}, fmt.Errorf(errMsg) } @@ -307,16 +327,24 @@ func TestListSignatures(t *testing.T) { reference: validReference, remoteClient: mockRemoteClient{}, plainHttp: false, + artifactManifestDesc: ocispec.Descriptor{ + MediaType: "application/vnd.oci.image.manifest.v1+json", + Digest: validDigestWithAlgo, + Size: 481, + }, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { args := tt.args - ref, _ := registry.ParseReference(args.reference) + ref, err := registry.ParseReference(args.reference) + if err != nil { + t.Fatal(err) + } client := newRepositoryClient(args.remoteClient, ref, args.plainHttp) - err := client.ListSignatures(args.ctx, args.artifactManifestDesc, func(signatureManifests []ocispec.Descriptor) error { + err = client.ListSignatures(args.ctx, args.artifactManifestDesc, func(signatureManifests []ocispec.Descriptor) error { if len(signatureManifests) != 1 { return fmt.Errorf("length of signatureManifests expected 1, got %d", len(signatureManifests)) } @@ -367,6 +395,11 @@ func TestPushSignature(t *testing.T) { signature: signature, ctx: context.Background(), remoteClient: mockRemoteClient{}, + subjectManifest: ocispec.Descriptor{ + MediaType: "application/vnd.oci.image.manifest.v1+json", + Digest: validDigestWithAlgo, + Size: 481, + }, annotations: map[string]string{ envelope.AnnotationX509ChainThumbprint: "[\"9f5f5aecee24b5cfdc7a91f6d5ac5c3a5348feb17c934d403f59ac251549ea0d\"]", },