- Accurately document the effect of GO_DYN_FLAGS
- Fix a typo
- Remove a shell script example; removes a docker command,
we don't care to maintain it to run correctly,
and anyone knowledgeable enough to understand the
trade-offs of static linking can almost certainly create that from scratch.
Fixes#1700
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
More template functions available in (skopeo inspect --format)
Adds new ways to supply trusted keys to (skopeo standalone-verify).
Now requires Go 1.18.
- [CI:DOCS] Fix up language in README
- Add unit tests for tlsVerifyConfig's yaml.Unmarshaler
- Cirrus: Use human-readable CI VM Images
- [CI:BUILD] copr: fix el8 build and enable debuginfo
- [CI:BUILD] enable debuginfo for el8 copr builds
- Update to use, and benefit from, Go 1.18
- [CI:DOCS] Disable dependabot
- Renovate: c/common rule moved to defaults
- [CI:BUILD] Packit: initial enablement
- Replace gopkg.in/check.v1 by github.com/stretchr/testify/suite/
- Corrected typo in skopeo-sync and updated description
- Fix tabelating output in (skopeo inspect --format)
- Use common library reporter
- Fix formatting of inspect examples
- Use io.WriteString
- Factor out the output of data in (skopeo inspect)
- Simplify inspectOptions.writeOutput a bit more
- Cirrus: Update CI VM images
- Make the installation instructions more prominent in README.md
- [CI:BUILD] Packit: trigger builds on commit to main branch
- systemtests: Fix 040-local-registry-auth about XDG_RUNTIME_DIR
- Verify signatures from a trust store
- Rename argument. Only use any with public key file. Double check fingerprint is in public key file.
- Use multiple fingerprint function Allow comma separated fingerprint list
- Avoid use of a deprecated capability.NewPid
- Fix error handling of signature.NewEphemeralGPGSigningMechanism
- Cross-link the top-level and subcommand option lists
- Use golangci-lint instead of golint
- Add (make tools) to install (for now only) golangci-lint, use it in Cirrus
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The only thing hack/make.sh is now really doing is the
warning + sleep without SKOPEO_CONTAINER_TESTS .
So, make that a separate script, and eliminate the
hack/make directory.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is simpler to do, cheap enough for our repo size, and it
does not require a network access to see which files to check.
And it's the last user of hack/make/.validate, which I wanted to
remove in the first place.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Always lint everything, not just changed files;
that means that if we upgrade the linter, we will
need to clean everything up, but that's a good thing
for contributors who come after that linter upgrade.
- Don't skip linting the integration tests, there's no
good reason to skip them.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We now require Go 1.18. As of that version:
- GO111MODULE=on is implied by having a go.mod file
- -mod=vendor is implied by having a vendor directory
so just remove both options everywhere
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
signature.NewEphemeralGPGSigningMechanism is called in an if branch
where the previous err := introduces a "new" err variable, which means
the failure isn't visible after the if.
So, do the dumb thing and just check on both branches explicitly.
(We still need to worry about correctly setting "mech" and
"publicKeyfingerprints" to persist after the if.)
How I hate Go sometimes. And this shows we really should update
the linter.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add the ability to use an on-disk trust store to verify signatures. Also allow the user to trust any known fingerprint instead of having to specify one.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
