github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-22 18:37:21 +00:00
Code Issues Projects Releases Wiki Activity
2,609 Commits 19 Branches 102 Tags
release-1.13
Commit Graph

23 Commits

Author SHA1 Message Date
Lokesh Mandvekar
55fcc610f3 Fix for CVE-2023-39325 
Updated golang.org/x/net to v0.17.0

Skopeo isn't affected by the vulnerability, but this change will help to
silence security scanners.

Ref: https://github.com/advisories/GHSA-4374-p667-p6c8

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
 2023-11-08 15:11:40 +05:30
renovate[bot]
1c7388064a Update github.com/containers/image/v5 digest to e14c1c5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-01 01:10:03 +00:00
Lokesh Mandvekar
20447df139 bump golang.org/x/net to v0.8.0 
Resolves: CVE-2022-41723
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41723

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2023-03-15 18:58:10 +05:30
Miloslav Trmač
643a2359e4 Update c/image after https://github.com/containers/image/pull/1816 
... to work around some of the "unexpected EOF" failures.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-02-09 20:36:27 +01:00
Miloslav Trmač
bb1ac89327 Add support for Fulcio and Rekor, and --sign-by-sigstore=param-file 
(skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.

That notably adds support for Fulcio and Rekor signing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-01-14 13:33:57 +01:00
Colin Walters
960713da32 vendor: Bump golang.org/x/net to 4.0 
I originally thought I needed this to fix a build, but that
was apparently not the case.

Signed-off-by: Colin Walters <walters@verbum.org>
 2022-12-13 16:36:57 -05:00
dependabot[bot]
69decaeb1d Bump github.com/containers/common from 0.37.1 to 0.38.0 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.37.1 to 0.38.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.37.1...v0.38.0)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2021-05-10 15:56:42 -04:00
dependabot-preview[bot]
5485daff13 Bump github.com/containers/storage from 1.26.0 to 1.29.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.26.0 to 1.29.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.26.0...v1.29.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2021-04-15 14:05:51 -04:00
Valentin Rothberg
ebc438266d vendor golang.org/x/text@v0.3.3 
Fixes: CVE-2020-14040
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2020-07-16 11:17:54 +02:00
dependabot-preview[bot]
5f3219a854 Bump github.com/containers/buildah from 1.11.4 to 1.11.5 
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.11.4 to 1.11.5.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.11.4...v1.11.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-11-25 15:42:59 +01:00
dependabot-preview[bot]
05ae513b18 Bump github.com/containers/buildah from 1.8.4 to 1.11.4 
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.8.4 to 1.11.4.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.8.4...v1.11.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-11-02 07:41:01 +01:00
Valentin Rothberg
700b3102af update github.com/containers/{image,storage} 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-08-06 14:13:03 +02:00
Valentin Rothberg
033b290217 migrate to go modules 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-06-21 13:58:19 +02:00
juanluisvaladas
07287b5783 Add --no-creds flag to skopeo inspect 
Follow PR #433
Close #421

Currently skopeo inspect allows to:
Use the default credentials in $HOME/.docker.config
Explicitly define credentials via de --creds flag

This implements a --no-creds flag which will query docker registries anonymously.

Signed-off-by: Qi Wang <qiwan@redhat.com>
 2019-05-03 13:30:33 -04:00
Miloslav Trmač
72468d6817 Vendor c/image after merging vrothberg/image:regsv2-docker 
Also update the user and tests for the API change.
 2018-11-29 13:28:04 +01:00
Daniel J Walsh
65d28709c3 Update vendor for skopeo release 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2018-09-21 08:49:55 -04:00
Miloslav Trmač
67ffa00b1d Run (make vendor) 
Temporarily vendor opencontainers/image-spec from a fork
to fix "id" value duplication, which is detected and
refused by gojsonschema now
( https://github.com/opencontainers/image-spec/pull/750 ).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-09-17 16:16:19 +02:00
Miloslav Trmač
1a259b76da Vendor after merging mtrmac/image:docker-archive-auto-compression 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-07-18 01:02:26 +02:00
Miloslav Trmač
dc1567c8bc Re-vendor, and use mtrmac/image-spec:id-based-loader to fix tests 
Anyone running (vndr) currently ends up with failing tests in OCI schema
validation because gojsonschema has fixed its "$ref" interpretation, exposing
inconsistent URI usage inside image-spec/schema.

So, this runs (vndr), and uses mtrmac/image-spec:id-based-loader
( https://github.com/opencontainers/image-spec/pull/739 ) to make the tests pass
again.  As soon as that PR is merged we should revert to using the upstream
image-spec repo again.
 2018-02-09 18:34:31 +01:00
Miloslav Trmač
700199c944 Update image-tools, and remove the duplicate Sirupsen/logrus vendor 2017-10-30 17:24:44 +01:00
Miloslav Trmač
2c1ede8449 Update to image-spec v1.0.0 and revendor 2017-07-19 23:50:50 +02:00
Miloslav Trmač
69b9106646 Re-vendor, primarily for https://github.com/containers/storage/pull/11 
containers/storage got new dependencies, so we will need to re-vendor
eventually anyway, and having this separate from other major work is
cleaner.

But the primary goal of this commit is to see whether it makes skopeo
buildable on OS X.
 2017-05-11 13:07:14 +02:00
Miloslav Trmač
0caee746fb Vendor after merging mtrmac/image:openpgp, + other updates 
Primarily vendor after merging mtrmac/image:openpgp.

Then update for the SigningMechanism API change.

Also skip signing tests if the GPG mechanism does not support signing.

Also abort some of the tests early instead of trying to use invalid (or
nil) values.

The current master of image-tools does not build with Go 1.6, so keep
using an older release.

Also requires adding a few more dependencies of our updated
dependencies.
 2017-03-29 20:54:18 +02:00