Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2

Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/containers/ocicrypt/releases) - [Commits](https://github.com/containers/ocicrypt/compare/v1.1.1...v1.1.2) --- updated-dependencies: - dependency-name: github.com/containers/ocicrypt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2025-08-15 21:23:39 +00:00 · 2021-06-29 08:31:55 +00:00 · 2021-06-29 08:31:55 +00:00 · 30c0eb03f0
commit 30c0eb03f0
parent 7cb70f4e9c
6 changed files with 32 additions and 12 deletions
--- a/go.mod
+++ b/go.mod
@ -5,7 +5,7 @@ go 1.12
 require (
 	github.com/containers/common v0.40.1
 	github.com/containers/image/v5 v5.13.2
-	github.com/containers/ocicrypt v1.1.1
+	github.com/containers/ocicrypt v1.1.2
 	github.com/containers/storage v1.32.5
 	github.com/docker/docker v20.10.7+incompatible
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
--- a/go.sum
+++ b/go.sum
@ -207,8 +207,9 @@ github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDpl
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
 github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1 h1:prL8l9w3ntVqXvNH1CiNn5ENjcCnr38JqpSyvKKB4GI=
 github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
+github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0=
+github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/containers/storage v1.32.2/go.mod h1:YIBxxjfXZTi04Ah49sh1uSGfmT1V89+I5i3deRobzQo=
 github.com/containers/storage v1.32.5 h1:DXgmyA+oOs7YAzKkEqgC5O8l2UuDGJcwEFbdt49qiak=
 github.com/containers/storage v1.32.5/go.mod h1:8/DVVDqniaUlUV0D0q7cEnXK6Bs2uU3FPqNZVPumwEs=
--- a/vendor/github.com/containers/ocicrypt/ADOPTERS.md
+++ b/vendor/github.com/containers/ocicrypt/ADOPTERS.md
@ -0,0 +1,10 @@
+Below are list of adopters of the `ocicrypt` library or supports use of OCI encrypted images:
+- [skopeo](https://github.com/containers/skopeo)
+- [buildah](https://github.com/containers/buildah)
+- [containerd](https://github.com/containerd/imgcrypt)
+- [nerdctl](https://github.com/containerd/nerdctl)
+- [distribution](https://github.com/distribution/distribution)
+
+Below are the list of projects that are in the process of adopting support:
+- [quay](https://github.com/quay/quay)
+- [kata-containers](https://github.com/kata-containers/kata-containers)
--- a/vendor/github.com/containers/ocicrypt/README.md
+++ b/vendor/github.com/containers/ocicrypt/README.md
@ -34,6 +34,12 @@ The implementation for both symmetric and asymmetric encryption used in this lib

 We note that adding interfaces here is risky outside the OCI spec is not recommended, unless for very specialized and confined usecases. Please open an issue or PR if there is a general usecase that could be added to the OCI spec.

+
+#### Keyprovider interface
+
+As part of the keywrap interface, there is a [keyprovider](https://github.com/containers/ocicrypt/blob/main/docs/keyprovider.md) implementation that allows one to call out to a binary or service.
+
+
 ## Security Issues

 We consider security issues related to this library critical. Please report and security related issues by emailing maintainers in the [MAINTAINERS](MAINTAINERS) file.
--- a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
+++ b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
@ -89,7 +89,11 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, []
 func processx509Certs(keys []string) ([][]byte, error) {
 	var x509s [][]byte
 	for _, key := range keys {
-		tmp, err := ioutil.ReadFile(strings.Split(key, ":")[0])
+		fileName := strings.Split(key, ":")[0]
+		if _, err := os.Stat(fileName); os.IsNotExist(err) {
+			continue
+		}
+		tmp, err := ioutil.ReadFile(fileName)
 		if err != nil {
 			return nil, errors.Wrap(err, "Unable to read file")
 		}
@ -157,7 +161,7 @@ func processPrivateKeyFiles(keyFilesAndPwds []string) ([][]byte, [][]byte, [][]b
 		var password []byte

 		// treat "provider" protocol separately
-		if strings.HasPrefix(keyfileAndPwd, "provider:"){
+		if strings.HasPrefix(keyfileAndPwd, "provider:") {
 			keyProviders = append(keyProviders, []byte(keyfileAndPwd[len("provider:"):]))
 			continue
 		}
@ -207,14 +211,13 @@ func CreateDecryptCryptoConfig(keys []string, decRecipients []string) (encconfig
 		return encconfig.CryptoConfig{}, err
 	}

-	if len(x509s) > 0 {
-		// x509 certs can also be passed in via keys
-		x509FromKeys, err := processx509Certs(keys)
-		if err != nil {
-			return encconfig.CryptoConfig{}, err
-		}
-		x509s = append(x509s, x509FromKeys...)
+	// x509 certs can also be passed in via keys
+	x509FromKeys, err := processx509Certs(keys)
+	if err != nil {
+		return encconfig.CryptoConfig{}, err
 	}
+	x509s = append(x509s, x509FromKeys...)
+
 	gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privKeys, privKeysPasswords, pkcs11Yamls, keyProviders, err := processPrivateKeyFiles(keys)
 	if err != nil {
 		return encconfig.CryptoConfig{}, err
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -96,7 +96,7 @@ github.com/containers/image/v5/types
 github.com/containers/image/v5/version
 # github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b
 github.com/containers/libtrust
-# github.com/containers/ocicrypt v1.1.1
+# github.com/containers/ocicrypt v1.1.2
 github.com/containers/ocicrypt
 github.com/containers/ocicrypt/blockcipher
 github.com/containers/ocicrypt/config