fix(deps): update module github.com/containers/image/v5 to v5.29.1

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-08-31 22:28:33 +00:00 · 2024-01-17 22:50:25 +00:00
parent 488de114b8
commit 92edbcb7b9
8 changed files with 84 additions and 17 deletions
--- a/vendor/github.com/containers/image/v5/docker/docker_image.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image.go
@@ -123,6 +123,9 @@ func GetDigest(ctx context.Context, sys *types.SystemContext, ref types.ImageRef
 	if !ok {
 		return "", errors.New("ref must be a dockerReference")
 	}
+	if dr.isUnknownDigest {
+		return "", fmt.Errorf("docker: reference %q is for unknown digest case; cannot get digest", dr.StringWithinTransport())
+	}

 	tagOrDigest, err := dr.tagOrDigest()
 	if err != nil {
--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
@@ -452,7 +452,15 @@ func (d *dockerImageDestination) TryReusingBlobWithOptions(ctx context.Context,
 // but may accept a different manifest type, the returned error must be an ManifestTypeRejectedError.
 func (d *dockerImageDestination) PutManifest(ctx context.Context, m []byte, instanceDigest *digest.Digest) error {
 	var refTail string
-	if instanceDigest != nil {
+	// If d.ref.isUnknownDigest=true, then we push without a tag, so get the
+	// digest that will be used
+	if d.ref.isUnknownDigest {
+		digest, err := manifest.Digest(m)
+		if err != nil {
+			return err
+		}
+		refTail = digest.String()
+	} else if instanceDigest != nil {
 		// If the instanceDigest is provided, then use it as the refTail, because the reference,
 		// whether it includes a tag or a digest, refers to the list as a whole, and not this
 		// particular instance.
--- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
@@ -38,8 +38,8 @@ type dockerImageSource struct {
 	impl.DoesNotAffectLayerInfosForCopy
 	stubs.ImplementsGetBlobAt

-	logicalRef  dockerReference // The reference the user requested.
-	physicalRef dockerReference // The actual reference we are accessing (possibly a mirror)
+	logicalRef  dockerReference // The reference the user requested. This must satisfy !isUnknownDigest
+	physicalRef dockerReference // The actual reference we are accessing (possibly a mirror). This must satisfy !isUnknownDigest
 	c           *dockerClient
 	// State
 	cachedManifest         []byte // nil if not loaded yet
@@ -48,7 +48,12 @@ type dockerImageSource struct {

 // newImageSource creates a new ImageSource for the specified image reference.
 // The caller must call .Close() on the returned ImageSource.
+// The caller must ensure !ref.isUnknownDigest.
 func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerReference) (*dockerImageSource, error) {
+	if ref.isUnknownDigest {
+		return nil, fmt.Errorf("reading images from docker: reference %q without a tag or digest is not supported", ref.StringWithinTransport())
+	}
+
 	registryConfig, err := loadRegistryConfiguration(sys)
 	if err != nil {
 		return nil, err
@@ -121,7 +126,7 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef
 // The caller must call .Close() on the returned ImageSource.
 func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, logicalRef dockerReference, pullSource sysregistriesv2.PullSource,
 	registryConfig *registryConfiguration) (*dockerImageSource, error) {
-	physicalRef, err := newReference(pullSource.Reference)
+	physicalRef, err := newReference(pullSource.Reference, false)
 	if err != nil {
 		return nil, err
 	}
@@ -591,6 +596,10 @@ func (s *dockerImageSource) getSignaturesFromSigstoreAttachments(ctx context.Con

 // deleteImage deletes the named image from the registry, if supported.
 func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerReference) error {
+	if ref.isUnknownDigest {
+		return fmt.Errorf("Docker reference without a tag or digest cannot be deleted")
+	}
+
 	registryConfig, err := loadRegistryConfiguration(sys)
 	if err != nil {
 		return err
--- a/vendor/github.com/containers/image/v5/docker/docker_transport.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_transport.go
@@ -12,6 +12,11 @@ import (
 	"github.com/containers/image/v5/types"
 )

+// UnknownDigestSuffix can be appended to a reference when the caller
+// wants to push an image without a tag or digest.
+// NewReferenceUnknownDigest() is called when this const is detected.
+const UnknownDigestSuffix = "@@unknown-digest@@"
+
 func init() {
 	transports.Register(Transport)
 }
@@ -43,7 +48,8 @@ func (t dockerTransport) ValidatePolicyConfigurationScope(scope string) error {

 // dockerReference is an ImageReference for Docker images.
 type dockerReference struct {
-	ref reference.Named // By construction we know that !reference.IsNameOnly(ref)
+	ref             reference.Named // By construction we know that !reference.IsNameOnly(ref) unless isUnknownDigest=true
+	isUnknownDigest bool
 }

 // ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an Docker ImageReference.
@@ -51,23 +57,46 @@ func ParseReference(refString string) (types.ImageReference, error) {
 	if !strings.HasPrefix(refString, "//") {
 		return nil, fmt.Errorf("docker: image reference %s does not start with //", refString)
 	}
+	// Check if ref has UnknownDigestSuffix suffixed to it
+	unknownDigest := false
+	if strings.HasSuffix(refString, UnknownDigestSuffix) {
+		unknownDigest = true
+		refString = strings.TrimSuffix(refString, UnknownDigestSuffix)
+	}
 	ref, err := reference.ParseNormalizedNamed(strings.TrimPrefix(refString, "//"))
 	if err != nil {
 		return nil, err
 	}
+
+	if unknownDigest {
+		if !reference.IsNameOnly(ref) {
+			return nil, fmt.Errorf("docker: image reference %q has unknown digest set but it contains either a tag or digest", ref.String()+UnknownDigestSuffix)
+		}
+		return NewReferenceUnknownDigest(ref)
+	}
+
 	ref = reference.TagNameOnly(ref)
 	return NewReference(ref)
 }

 // NewReference returns a Docker reference for a named reference. The reference must satisfy !reference.IsNameOnly().
 func NewReference(ref reference.Named) (types.ImageReference, error) {
-	return newReference(ref)
+	return newReference(ref, false)
+}
+
+// NewReferenceUnknownDigest returns a Docker reference for a named reference, which can be used to write images without setting
+// a tag on the registry. The reference must satisfy reference.IsNameOnly()
+func NewReferenceUnknownDigest(ref reference.Named) (types.ImageReference, error) {
+	return newReference(ref, true)
 }

 // newReference returns a dockerReference for a named reference.
-func newReference(ref reference.Named) (dockerReference, error) {
-	if reference.IsNameOnly(ref) {
-		return dockerReference{}, fmt.Errorf("Docker reference %s has neither a tag nor a digest", reference.FamiliarString(ref))
+func newReference(ref reference.Named, unknownDigest bool) (dockerReference, error) {
+	if reference.IsNameOnly(ref) && !unknownDigest {
+		return dockerReference{}, fmt.Errorf("Docker reference %s is not for an unknown digest case; tag or digest is needed", reference.FamiliarString(ref))
+	}
+	if !reference.IsNameOnly(ref) && unknownDigest {
+		return dockerReference{}, fmt.Errorf("Docker reference %s is for an unknown digest case but reference has a tag or digest", reference.FamiliarString(ref))
 	}
 	// A github.com/distribution/reference value can have a tag and a digest at the same time!
 	// The docker/distribution API does not really support that (we can’t ask for an image with a specific
@@ -81,7 +110,8 @@ func newReference(ref reference.Named) (dockerReference, error) {
 	}

 	return dockerReference{
-		ref: ref,
+		ref:             ref,
+		isUnknownDigest: unknownDigest,
 	}, nil
 }

@@ -95,7 +125,11 @@ func (ref dockerReference) Transport() types.ImageTransport {
 // e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
 // WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
 func (ref dockerReference) StringWithinTransport() string {
-	return "//" + reference.FamiliarString(ref.ref)
+	famString := "//" + reference.FamiliarString(ref.ref)
+	if ref.isUnknownDigest {
+		return famString + UnknownDigestSuffix
+	}
+	return famString
 }

 // DockerReference returns a Docker reference associated with this reference
@@ -113,6 +147,9 @@ func (ref dockerReference) DockerReference() reference.Named {
 // not required/guaranteed that it will be a valid input to Transport().ParseReference().
 // Returns "" if configuration identities for these references are not supported.
 func (ref dockerReference) PolicyConfigurationIdentity() string {
+	if ref.isUnknownDigest {
+		return ref.ref.Name()
+	}
 	res, err := policyconfiguration.DockerReferenceIdentity(ref.ref)
 	if res == "" || err != nil { // Coverage: Should never happen, NewReference above should refuse values which could cause a failure.
 		panic(fmt.Sprintf("Internal inconsistency: policyconfiguration.DockerReferenceIdentity returned %#v, %v", res, err))
@@ -126,7 +163,13 @@ func (ref dockerReference) PolicyConfigurationIdentity() string {
 // It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
 // and each following element to be a prefix of the element preceding it.
 func (ref dockerReference) PolicyConfigurationNamespaces() []string {
-	return policyconfiguration.DockerReferenceNamespaces(ref.ref)
+	namespaces := policyconfiguration.DockerReferenceNamespaces(ref.ref)
+	if ref.isUnknownDigest {
+		if len(namespaces) != 0 && namespaces[0] == ref.ref.Name() {
+			namespaces = namespaces[1:]
+		}
+	}
+	return namespaces
 }

 // NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
@@ -163,6 +206,10 @@ func (ref dockerReference) tagOrDigest() (string, error) {
 	if ref, ok := ref.ref.(reference.NamedTagged); ok {
 		return ref.Tag(), nil
 	}
+
+	if ref.isUnknownDigest {
+		return "", fmt.Errorf("Docker reference %q is for an unknown digest case, has neither a digest nor a tag", reference.FamiliarString(ref.ref))
+	}
 	// This should not happen, NewReference above refuses reference.IsNameOnly values.
 	return "", fmt.Errorf("Internal inconsistency: Reference %s unexpectedly has neither a digest nor a tag", reference.FamiliarString(ref.ref))
 }
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@@ -8,7 +8,7 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 29
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 0
+	VersionPatch = 1

 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = ""