github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-20 17:38:25 +00:00
Code Issues Projects Releases Wiki Activity
2,763 Commits 18 Branches 102 Tags
release-1.14
Commit Graph

63 Commits

Author SHA1 Message Date
Miloslav Trmač
518181e595 Update c/image and c/common to latest 
... to include https://github.com/containers/image/pull/2173
and https://github.com/containers/common/pull/1731 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-11-16 18:21:43 +01:00
renovate[bot]
fa3e62f21b chore(deps): update module golang.org/x/net to v0.17.0 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-10-16 14:21:02 +00:00
renovate[bot]
427e58f5f5 fix(deps): update golang.org/x/exp digest to 9212866 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-09-06 00:23:35 +00:00
Miloslav Trmač
4ee2946bbc Update c/image after https://github.com/containers/image/pull/2070 
> go get github.com/containers/image/v5@main
> make vendor

This moves c/image to a commit that includes both the work on main
that we were already vendoring, and the last tagged version 5.27.0.

That should prevent Renovate from proposing downgrades which fail tests:
- https://github.com/containers/skopeo/pull/2065
- https://github.com/containers/skopeo/pull/2066

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-08-14 20:24:51 +02:00
Miloslav Trmač
60ee543f7f Update c/image for golang.org/x/exp 
> go get github.com/containers/image/v5@main
> go mod tidy && go mod vendor

This updates c/image with a new version of x/exp.
That package has changed API in an incompatible way,
so just bumping x/exp (as in https://github.com/containers/skopeo/pull/2060 )
would break Skopeo builds.

This updates both c/image and x/exp in lockstep (and nothing
needs updating in Skopeo itself for the x/exp breakage).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-08-02 22:41:44 +02:00
renovate[bot]
1d5458fa7c Update module github.com/containers/image/v5 to v5.26.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-28 19:04:12 +00:00
renovate[bot]
1c7388064a Update github.com/containers/image/v5 digest to e14c1c5 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-01 01:10:03 +00:00
renovate[bot]
5f0314f342 Update module github.com/containers/common to v0.52.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-04-11 17:35:08 +00:00
Lokesh Mandvekar
20447df139 bump golang.org/x/net to v0.8.0 
Resolves: CVE-2022-41723
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-41723

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2023-03-15 18:58:10 +05:30
Miloslav Trmač
643a2359e4 Update c/image after https://github.com/containers/image/pull/1816 
... to work around some of the "unexpected EOF" failures.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-02-09 20:36:27 +01:00
Miloslav Trmač
bb1ac89327 Add support for Fulcio and Rekor, and --sign-by-sigstore=param-file 
(skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.

That notably adds support for Fulcio and Rekor signing.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-01-14 13:33:57 +01:00
Miloslav Trmač
03b5bdec24 Update c/image after https://github.com/containers/image/pull/1787 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2023-01-14 13:33:00 +01:00
Colin Walters
960713da32 vendor: Bump golang.org/x/net to 4.0 
I originally thought I needed this to fix a build, but that
was apparently not the case.

Signed-off-by: Colin Walters <walters@verbum.org>
 2022-12-13 16:36:57 -05:00
Miloslav Trmač
5c69302d75 Update to c/image main branch 
> go get github.com/containers/image/v5@main
> make vendor

... to make sure that we don't regress against Skopeo 1.9.3.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-10-20 20:09:25 +02:00
Daniel J Walsh
ee84302b60 Update vendor containers/(common,image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-09-30 06:38:07 -04:00
Miloslav Trmač
4b9ffac0cc Update for c/image's update of github.com/gobuffalo/pop 
> go get github.com/containers/image/v5@main
> go mod tidy -go=1.16 && go mod tidy -go=1.17
> make vendor

The (go mod tidy) pair is necessary to keep c/image CI working.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-08-23 22:00:00 +02:00
Miloslav Trmač
06be7a1559 Vendor in c/image with sigstore support 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-12 13:46:56 +02:00
Miloslav Trmač
5200272846 Update github.com/containerd/containerd 
$ go get -u github.ccom/containerd/containerd
$ make vendor

... to silence warnings about https://github.com/advisories/GHSA-crp2-qrr5-8pq7 ,
in code we don't use.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-03-04 19:26:12 +01:00
Daniel J Walsh
923c58a8ee Update the vendor of containers/common 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-01-20 13:30:07 -05:00
Miloslav Trmač
e19b57c3b9 Update github.com/containerd/containerd to v1.5.7 
... to include a fix for
https://github.com/advisories/GHSA-c2h3-6mxw-7mvq .

(Note that Skopeo doesn't depend on the vulnerable code,
so this is primarily to avoid dependency checker warnings.)

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-10-05 18:45:24 +02:00
dependabot[bot]
69decaeb1d Bump github.com/containers/common from 0.37.1 to 0.38.0 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.37.1 to 0.38.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.37.1...v0.38.0)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2021-05-10 15:56:42 -04:00
dependabot-preview[bot]
5485daff13 Bump github.com/containers/storage from 1.26.0 to 1.29.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.26.0 to 1.29.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.26.0...v1.29.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2021-04-15 14:05:51 -04:00
dependabot-preview[bot]
aff1b6215b Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.0.3 to 1.1.0.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.0.3...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2021-02-03 12:42:56 +01:00
dependabot-preview[bot]
131b2b8c63 Bump github.com/containers/common from 0.31.0 to 0.31.1 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.31.0 to 0.31.1.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.31.0...v0.31.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-12-21 15:58:05 -05:00
dependabot-preview[bot]
a75daba386 Bump github.com/containers/common from 0.24.0 to 0.26.0 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.24.0 to 0.26.0.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.24.0...v0.26.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-10-19 06:02:04 -04:00
dependabot-preview[bot]
a31d6069dc Bump github.com/containers/common from 0.11.2 to 0.11.4 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.11.2 to 0.11.4.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.11.2...v0.11.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-05-22 13:35:57 -04:00
dependabot-preview[bot]
325327dc3f Bump github.com/containers/image/v5 from 5.3.1 to 5.4.0 
Bumps [github.com/containers/image/v5](https://github.com/containers/image) from 5.3.1 to 5.4.0.
- [Release notes](https://github.com/containers/image/releases)
- [Commits](https://github.com/containers/image/compare/v5.3.1...v5.4.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2020-03-31 22:19:09 +02:00
Miloslav Trmač
27b330f6f1 Revert the removal of buildah dependency 
We currently need it to drag in recent versions of other dependencies,
per https://github.com/containers/skopeo/issues/796 .

I'll work to update the relevant dependencies in c/image, but that will
only propagate to skopeo in the next c/image release; in the meantime,
this at least undoes the downgrades.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2020-03-30 16:04:24 +02:00
Daniel J Walsh
274efdf28f Update containers/image v5.3.1 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2020-03-28 06:28:49 -04:00
Miloslav Trmač
7cbb8ad3ba Manually update buildah to v1.13.1 
Should help with #791.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2020-01-23 16:13:01 +01:00
dependabot-preview[bot]
05ae513b18 Bump github.com/containers/buildah from 1.8.4 to 1.11.4 
Bumps [github.com/containers/buildah](https://github.com/containers/buildah) from 1.8.4 to 1.11.4.
- [Release notes](https://github.com/containers/buildah/releases)
- [Changelog](https://github.com/containers/buildah/blob/master/CHANGELOG.md)
- [Commits](https://github.com/containers/buildah/compare/v1.8.4...v1.11.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-11-02 07:41:01 +01:00
Valentin Rothberg
700b3102af update github.com/containers/{image,storage} 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-08-06 14:13:03 +02:00
Valentin Rothberg
033b290217 migrate to go modules 
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-06-21 13:58:19 +02:00
Valentin Rothberg
ebfa1e936b vendor.conf: pin branches to releases or commits 
Most of the dependencies have been copied from libpod's vendor.conf
where such a cleanup has been executed recently.

Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
 2019-02-21 14:03:14 +01:00
Miloslav Trmač
bcf3dbbb93 Vendor after merging c/image#536 
... which adds blob info caching

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-12-06 23:26:31 +01:00
Miloslav Trmač
72468d6817 Vendor c/image after merging vrothberg/image:regsv2-docker 
Also update the user and tests for the API change.
 2018-11-29 13:28:04 +01:00
Miloslav Trmač
67ffa00b1d Run (make vendor) 
Temporarily vendor opencontainers/image-spec from a fork
to fix "id" value duplication, which is detected and
refused by gojsonschema now
( https://github.com/opencontainers/image-spec/pull/750 ).

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-09-17 16:16:19 +02:00
Miloslav Trmač
1a259b76da Vendor after merging mtrmac/image:docker-archive-auto-compression 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-07-18 01:02:26 +02:00
Max Goltzsche
67ff78925b Update docker/docker dependencies. 
Required to update those dependencies in containers/image.
See https://github.com/containers/image/pull/446.

Updated by mitr@redhat.com to vendor from containers/image master again,
which brought in a few more dependency updates.

Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-05-26 05:41:06 +02:00
Miloslav Trmač
14ea9f8bfd Run (make vendor) for the first time. 
This primarily adds vendor/github.com/containers/image/docs/ ,
but also updates other dependencies that are not pinned to a specific
commit.
 2018-05-19 04:24:17 +02:00
Miloslav Trmač
e8dea9e770 Vendor after merging https://github.com/novas0x2a/image:context-everywhere 2018-04-10 19:08:37 +02:00
Miloslav Trmač
60aa4aa82d Vendor after merging mtrmac/image:305-cleanup 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2018-03-15 15:25:31 +01:00
Miloslav Trmač
dc1567c8bc Re-vendor, and use mtrmac/image-spec:id-based-loader to fix tests 
Anyone running (vndr) currently ends up with failing tests in OCI schema
validation because gojsonschema has fixed its "$ref" interpretation, exposing
inconsistent URI usage inside image-spec/schema.

So, this runs (vndr), and uses mtrmac/image-spec:id-based-loader
( https://github.com/opencontainers/image-spec/pull/739 ) to make the tests pass
again.  As soon as that PR is merged we should revert to using the upstream
image-spec repo again.
 2018-02-09 18:34:31 +01:00
Miloslav Trmač
27f320b27f Vendor after merging mtrmac/image:manifest-lists 2017-11-16 16:27:52 +01:00
Miloslav Trmač
3e57660394 Revert mis-merged reverts of vendor.conf 
PR #440 reverted the vendor.conf edits of #426.  This passed CI
because the corresponding vendor/* subpackages were not modified.

Restore the vendor.conf changes, and re-run full (vndr) to ensure
the two are consistent again.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2017-11-07 19:34:26 +01:00
Miloslav Trmač
700199c944 Update image-tools, and remove the duplicate Sirupsen/logrus vendor 2017-10-30 17:24:44 +01:00
Miloslav Trmač
2c1ede8449 Update to image-spec v1.0.0 and revendor 2017-07-19 23:50:50 +02:00
Miloslav Trmač
63272a10d7 Vendor after merging mtrmac/image:docker-certs.d 2017-05-30 18:26:43 +02:00
Miloslav Trmač
ffb01385dd Vendor after merging https://github.com/containers/image/pull/275 2017-05-17 17:12:23 +02:00
Miloslav Trmač
69b9106646 Re-vendor, primarily for https://github.com/containers/storage/pull/11 
containers/storage got new dependencies, so we will need to re-vendor
eventually anyway, and having this separate from other major work is
cleaner.

But the primary goal of this commit is to see whether it makes skopeo
buildable on OS X.
 2017-05-11 13:07:14 +02:00