Merge pull request #2197 from containers/renovate/github.com-containers-image-v5-5.x

fix(deps): update module github.com/containers/image/v5 to v5.29.1
2025-08-13 12:16:16 +00:00 · 2024-01-18 00:12:51 +01:00 · 2024-01-18 00:12:51 +01:00 · a62bb4b5f1
commit a62bb4b5f1
parent 488de114b8 92edbcb7b9
8 changed files with 84 additions and 17 deletions
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,7 @@ go 1.19
 require (
 	github.com/containers/common v0.57.1
-	github.com/containers/image/v5 v5.29.0
+	github.com/containers/image/v5 v5.29.1
 	github.com/containers/ocicrypt v1.1.9
 	github.com/containers/storage v1.51.0
 	github.com/docker/distribution v2.8.3+incompatible
--- a/go.sum
+++ b/go.sum
@ -32,8 +32,8 @@ github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G
 github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
 github.com/containers/common v0.57.1 h1:KWAs4PMPgBFmBV4QNbXhUB8TqvlgR95BJN2sbbXkWHY=
 github.com/containers/common v0.57.1/go.mod h1:t/Z+/sFrapvFMEJe3YnecN49/Tae2wYEQShbEN6SRaU=
-github.com/containers/image/v5 v5.29.0 h1:9+nhS/ZM7c4Kuzu5tJ0NMpxrgoryOJ2HAYTgG8Ny7j4=
+github.com/containers/image/v5 v5.29.1 h1:9COTXQpl3FgrW/jw/roLAWlW4TN9ly7/bCAKY76wYl8=
-github.com/containers/image/v5 v5.29.0/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E=
+github.com/containers/image/v5 v5.29.1/go.mod h1:kQ7qcDsps424ZAz24thD+x7+dJw1vgur3A9tTDsj97E=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
 github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.1.9 h1:2Csfba4jse85Raxk5HIyEk8OwZNjRvfkhEGijOjIdEM=
--- a/vendor/github.com/containers/image/v5/docker/docker_image.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image.go
@ -123,6 +123,9 @@ func GetDigest(ctx context.Context, sys *types.SystemContext, ref types.ImageRef
 	if !ok {
 		return "", errors.New("ref must be a dockerReference")
 	}
 	if dr.isUnknownDigest {
 		return "", fmt.Errorf("docker: reference %q is for unknown digest case; cannot get digest", dr.StringWithinTransport())
 	}
 	tagOrDigest, err := dr.tagOrDigest()
 	if err != nil {
--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go
@ -452,7 +452,15 @@ func (d *dockerImageDestination) TryReusingBlobWithOptions(ctx context.Context,
 // but may accept a different manifest type, the returned error must be an ManifestTypeRejectedError.
 func (d *dockerImageDestination) PutManifest(ctx context.Context, m []byte, instanceDigest *digest.Digest) error {
 	var refTail string
-	if instanceDigest != nil {
+	// If d.ref.isUnknownDigest=true, then we push without a tag, so get the
 	// digest that will be used
 	if d.ref.isUnknownDigest {
 		digest, err := manifest.Digest(m)
 		if err != nil {
 			return err
 		}
 		refTail = digest.String()
 	} else if instanceDigest != nil {
 		// If the instanceDigest is provided, then use it as the refTail, because the reference,
 		// whether it includes a tag or a digest, refers to the list as a whole, and not this
 		// particular instance.
--- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go
@ -38,8 +38,8 @@ type dockerImageSource struct {
 	impl.DoesNotAffectLayerInfosForCopy
 	stubs.ImplementsGetBlobAt
-	logicalRef  dockerReference // The reference the user requested.
+	logicalRef  dockerReference // The reference the user requested. This must satisfy !isUnknownDigest
-	physicalRef dockerReference // The actual reference we are accessing (possibly a mirror)
+	physicalRef dockerReference // The actual reference we are accessing (possibly a mirror). This must satisfy !isUnknownDigest
 	c           *dockerClient
 	// State
 	cachedManifest         []byte // nil if not loaded yet
@ -48,7 +48,12 @@ type dockerImageSource struct {
 // newImageSource creates a new ImageSource for the specified image reference.
 // The caller must call .Close() on the returned ImageSource.
 // The caller must ensure !ref.isUnknownDigest.
 func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerReference) (*dockerImageSource, error) {
 	if ref.isUnknownDigest {
 		return nil, fmt.Errorf("reading images from docker: reference %q without a tag or digest is not supported", ref.StringWithinTransport())
 	}
 	registryConfig, err := loadRegistryConfiguration(sys)
 	if err != nil {
 		return nil, err
@ -121,7 +126,7 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef
 // The caller must call .Close() on the returned ImageSource.
 func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, logicalRef dockerReference, pullSource sysregistriesv2.PullSource,
 	registryConfig *registryConfiguration) (*dockerImageSource, error) {
-	physicalRef, err := newReference(pullSource.Reference)
+	physicalRef, err := newReference(pullSource.Reference, false)
 	if err != nil {
 		return nil, err
 	}
@ -591,6 +596,10 @@ func (s *dockerImageSource) getSignaturesFromSigstoreAttachments(ctx context.Con
 // deleteImage deletes the named image from the registry, if supported.
 func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerReference) error {
 	if ref.isUnknownDigest {
 		return fmt.Errorf("Docker reference without a tag or digest cannot be deleted")
 	}
 	registryConfig, err := loadRegistryConfiguration(sys)
 	if err != nil {
 		return err
--- a/vendor/github.com/containers/image/v5/docker/docker_transport.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_transport.go
@ -12,6 +12,11 @@ import (
 	"github.com/containers/image/v5/types"
 )
 // UnknownDigestSuffix can be appended to a reference when the caller
 // wants to push an image without a tag or digest.
 // NewReferenceUnknownDigest() is called when this const is detected.
 const UnknownDigestSuffix = "@@unknown-digest@@"
 func init() {
 	transports.Register(Transport)
 }
@ -43,7 +48,8 @@ func (t dockerTransport) ValidatePolicyConfigurationScope(scope string) error {
 // dockerReference is an ImageReference for Docker images.
 type dockerReference struct {
-	ref reference.Named // By construction we know that !reference.IsNameOnly(ref)
+	ref             reference.Named // By construction we know that !reference.IsNameOnly(ref) unless isUnknownDigest=true
 	isUnknownDigest bool
 }
 // ParseReference converts a string, which should not start with the ImageTransport.Name prefix, into an Docker ImageReference.
@ -51,23 +57,46 @@ func ParseReference(refString string) (types.ImageReference, error) {
 	if !strings.HasPrefix(refString, "//") {
 		return nil, fmt.Errorf("docker: image reference %s does not start with //", refString)
 	}
 	// Check if ref has UnknownDigestSuffix suffixed to it
 	unknownDigest := false
 	if strings.HasSuffix(refString, UnknownDigestSuffix) {
 		unknownDigest = true
 		refString = strings.TrimSuffix(refString, UnknownDigestSuffix)
 	}
 	ref, err := reference.ParseNormalizedNamed(strings.TrimPrefix(refString, "//"))
 	if err != nil {
 		return nil, err
 	}
 	if unknownDigest {
 		if !reference.IsNameOnly(ref) {
 			return nil, fmt.Errorf("docker: image reference %q has unknown digest set but it contains either a tag or digest", ref.String()+UnknownDigestSuffix)
 		}
 		return NewReferenceUnknownDigest(ref)
 	}
 	ref = reference.TagNameOnly(ref)
 	return NewReference(ref)
 }
 // NewReference returns a Docker reference for a named reference. The reference must satisfy !reference.IsNameOnly().
 func NewReference(ref reference.Named) (types.ImageReference, error) {
-	return newReference(ref)
+	return newReference(ref, false)
 }
 // NewReferenceUnknownDigest returns a Docker reference for a named reference, which can be used to write images without setting
 // a tag on the registry. The reference must satisfy reference.IsNameOnly()
 func NewReferenceUnknownDigest(ref reference.Named) (types.ImageReference, error) {
 	return newReference(ref, true)
 }
 // newReference returns a dockerReference for a named reference.
-func newReference(ref reference.Named) (dockerReference, error) {
+func newReference(ref reference.Named, unknownDigest bool) (dockerReference, error) {
-	if reference.IsNameOnly(ref) {
+	if reference.IsNameOnly(ref) && !unknownDigest {
-		return dockerReference{}, fmt.Errorf("Docker reference %s has neither a tag nor a digest", reference.FamiliarString(ref))
+		return dockerReference{}, fmt.Errorf("Docker reference %s is not for an unknown digest case; tag or digest is needed", reference.FamiliarString(ref))
 	}
 	if !reference.IsNameOnly(ref) && unknownDigest {
 		return dockerReference{}, fmt.Errorf("Docker reference %s is for an unknown digest case but reference has a tag or digest", reference.FamiliarString(ref))
 	}
 	// A github.com/distribution/reference value can have a tag and a digest at the same time!
 	// The docker/distribution API does not really support that (we can’t ask for an image with a specific
@ -81,7 +110,8 @@ func newReference(ref reference.Named) (dockerReference, error) {
 	}
 	return dockerReference{
-		ref: ref,
+		ref:             ref,
 		isUnknownDigest: unknownDigest,
 	}, nil
 }
@ -95,7 +125,11 @@ func (ref dockerReference) Transport() types.ImageTransport {
 // e.g. default attribute values omitted by the user may be filled in the return value, or vice versa.
 // WARNING: Do not use the return value in the UI to describe an image, it does not contain the Transport().Name() prefix.
 func (ref dockerReference) StringWithinTransport() string {
-	return "//" + reference.FamiliarString(ref.ref)
+	famString := "//" + reference.FamiliarString(ref.ref)
 	if ref.isUnknownDigest {
 		return famString + UnknownDigestSuffix
 	}
 	return famString
 }
 // DockerReference returns a Docker reference associated with this reference
@ -113,6 +147,9 @@ func (ref dockerReference) DockerReference() reference.Named {
 // not required/guaranteed that it will be a valid input to Transport().ParseReference().
 // Returns "" if configuration identities for these references are not supported.
 func (ref dockerReference) PolicyConfigurationIdentity() string {
 	if ref.isUnknownDigest {
 		return ref.ref.Name()
 	}
 	res, err := policyconfiguration.DockerReferenceIdentity(ref.ref)
 	if res == "" || err != nil { // Coverage: Should never happen, NewReference above should refuse values which could cause a failure.
 		panic(fmt.Sprintf("Internal inconsistency: policyconfiguration.DockerReferenceIdentity returned %#v, %v", res, err))
@ -126,7 +163,13 @@ func (ref dockerReference) PolicyConfigurationIdentity() string {
 // It is STRONGLY recommended for the first element, if any, to be a prefix of PolicyConfigurationIdentity(),
 // and each following element to be a prefix of the element preceding it.
 func (ref dockerReference) PolicyConfigurationNamespaces() []string {
-	return policyconfiguration.DockerReferenceNamespaces(ref.ref)
+	namespaces := policyconfiguration.DockerReferenceNamespaces(ref.ref)
 	if ref.isUnknownDigest {
 		if len(namespaces) != 0 && namespaces[0] == ref.ref.Name() {
 			namespaces = namespaces[1:]
 		}
 	}
 	return namespaces
 }
 // NewImage returns a types.ImageCloser for this reference, possibly specialized for this ImageTransport.
@ -163,6 +206,10 @@ func (ref dockerReference) tagOrDigest() (string, error) {
 	if ref, ok := ref.ref.(reference.NamedTagged); ok {
 		return ref.Tag(), nil
 	}
 	if ref.isUnknownDigest {
 		return "", fmt.Errorf("Docker reference %q is for an unknown digest case, has neither a digest nor a tag", reference.FamiliarString(ref.ref))
 	}
 	// This should not happen, NewReference above refuses reference.IsNameOnly values.
 	return "", fmt.Errorf("Internal inconsistency: Reference %s unexpectedly has neither a digest nor a tag", reference.FamiliarString(ref.ref))
 }
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@ -8,7 +8,7 @@ const (
 	// VersionMinor is for functionality in a backwards-compatible manner
 	VersionMinor = 29
 	// VersionPatch is for backwards-compatible bug fixes
-	VersionPatch = 0
+	VersionPatch = 1
 	// VersionDev indicates development branch. Releases will be empty string.
 	VersionDev = ""
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -70,7 +70,7 @@ github.com/containers/common/pkg/password
 github.com/containers/common/pkg/report
 github.com/containers/common/pkg/report/camelcase
 github.com/containers/common/pkg/retry
-# github.com/containers/image/v5 v5.29.0
+# github.com/containers/image/v5 v5.29.1
 ## explicit; go 1.19
 github.com/containers/image/v5/copy
 github.com/containers/image/v5/directory