github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-10-21 19:03:44 +00:00
Code Issues Projects Releases Wiki Activity
3,192 Commits 18 Branches 102 Tags
cfae4fd8004a602392add6bb048b63a6d1b9a9a0
Commit Graph

473 Commits

Author SHA1 Message Date
renovate[bot]
f968b2a890 fix(deps): update module github.com/spf13/cobra to v1.6.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2022-10-31 03:11:30 +00:00
Daniel J Walsh
5a8d72635c Merge pull request #1791 from containers/renovate/golang.org-x-term-0.x 
fix(deps): update module golang.org/x/term to v0.1.0
 2022-10-24 06:56:37 -04:00
renovate[bot]
d5327bced1 fix(deps): update module golang.org/x/term to v0.1.0 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2022-10-24 08:51:19 +00:00
renovate[bot]
6d3d9a3bb2 fix(deps): update module github.com/stretchr/testify to v1.8.1 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2022-10-24 05:27:27 +00:00
Miloslav Trmač
5c69302d75 Update to c/image main branch 
> go get github.com/containers/image/v5@main
> make vendor

... to make sure that we don't regress against Skopeo 1.9.3.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-10-20 20:09:25 +02:00
Miloslav Trmač
632cebd74e Update AWS workaround to use Golang types 
FIXME: This is not actually tested against a representative
error; we basically assume generic "scope is not sufficient" handling.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-10-12 22:57:22 +02:00
Miloslav Trmač
ae50898b8a Include c/image after https://github.com/containers/image/pull/1299 
> go get github.com/containers/image/v5@main
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-10-12 22:56:18 +02:00
dependabot[bot]
4ccfb033fb Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-12 08:11:32 +00:00
dependabot[bot]
a495155030 Bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.5 to 1.1.6.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.5...v1.1.6)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-10 08:10:52 +00:00
dependabot[bot]
e021b675e2 Bump github.com/opencontainers/image-spec from 1.1.0-rc1 to 1.1.0-rc2 
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc1 to 1.1.0-rc2.
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0-rc1...v1.1.0-rc2)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-04 08:26:31 +00:00
Miloslav Trmač
7ebff0f533 Update for https://github.com/klauspost/pgzip/pull/50 
... to fix reads of compressed data by docker-archive:

> go get github.com/klauspost/pgzip@master
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-09-30 19:51:07 +02:00
Daniel J Walsh
ee84302b60 Update vendor containers/(common,image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-09-30 06:38:07 -04:00
dependabot[bot]
feabfac2a7 Bump github.com/containers/storage from 1.42.0 to 1.43.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.42.0 to 1.43.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.42.0...v1.43.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-29 08:12:13 +00:00
Miloslav Trmač
ba23a9162f Stop using docker/docker/pkg/homedir in tests 
c/storage/pkg/homedir, which we need anyway for other purposes,
should work just as well.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-08-23 22:30:12 +02:00
Miloslav Trmač
4b9ffac0cc Update for c/image's update of github.com/gobuffalo/pop 
> go get github.com/containers/image/v5@main
> go mod tidy -go=1.16 && go mod tidy -go=1.17
> make vendor

The (go mod tidy) pair is necessary to keep c/image CI working.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-08-23 22:00:00 +02:00
dependabot[bot]
73a668e99d Bump github.com/containers/common from 0.49.0 to 0.49.1 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.49.0 to 0.49.1.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.49.0...v0.49.1)

---
updated-dependencies:
- dependency-name: github.com/containers/common
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-08-01 08:20:56 +00:00
Miloslav Trmač
08846d18cc Update to github.com/containers/common v0.49.0 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-25 18:13:11 +02:00
Miloslav Trmač
049163fcec Update to github.com/containers/image/v5 v5.22.0 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-25 18:05:03 +02:00
dependabot[bot]
b42e664854 Bump github.com/containers/storage from 1.41.0 to 1.42.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.41.0 to 1.42.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.41.0...v1.42.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-22 08:17:06 +00:00
dependabot[bot]
ee477d8877 Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/sirupsen/logrus/releases)
- [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/sirupsen/logrus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-07-19 08:11:51 +00:00
Miloslav Trmač
f2b4071b1f Add --sign-by-sigstore-private-key to (skopeo copy) and (skopeo sync) 
If a passphrase is not provided, prompt for one.

Outstanding:
- Should have integration tests.
- The signing options shared between copy and sync should live in utils.go.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-12 13:47:27 +02:00
Miloslav Trmač
06be7a1559 Vendor in c/image with sigstore support 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-12 13:46:56 +02:00
Miloslav Trmač
62158a58bc Vendor unreleased c/image with OCI artifact support 
including https://github.com/containers/image/pull/1574 .

> go get github.com/containers/image/v5@main
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-07-01 17:35:04 +02:00
Miloslav Trmač
c654871bd9 Remove uses of pkg/errors 
This is clearly safe because the changes are
mostly top-level CLI where nothing is checking
the type of the error.

Even in that case, use %w for idiomatic consistency
(and to make it easier to possibly move some code into a Go library.)

Mostly mechanical, but note the changes to error handling of .Close():
we use %w for the primary error, not for the close error.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-30 21:00:40 +02:00
dependabot[bot]
331162358b Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-30 08:17:49 +00:00
dependabot[bot]
899d3686f9 Bump github.com/stretchr/testify from 1.7.4 to 1.7.5 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.4...v1.7.5)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-24 08:34:09 +00:00
Daniel J Walsh
1a98f253b4 Merge pull request #1687 from containers/dependabot/go_modules/github.com/stretchr/testify-1.7.4 
Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
 2022-06-21 13:08:58 -04:00
dependabot[bot]
2f77d21343 Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.4)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:13:03 +00:00
dependabot[bot]
2009d1c61e Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-21 08:12:52 +00:00
Miloslav Trmač
a3a72342f2 Update go.mod to Go 1.17 
> go mod tidy -go=1.17
> make vendor

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-06-08 16:46:38 +02:00
dependabot[bot]
e9379d15d2 Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-07 08:19:08 +00:00
dependabot[bot]
69840fd082 Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 14:50:42 +00:00
dependabot[bot]
63622bc7c4 Bump github.com/containers/ocicrypt from 1.1.4 to 1.1.5 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.4...v1.1.5)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-06 08:16:08 +00:00
Miloslav Trmač
00a58e48b1 Update to github.com/opencontainers/runc >= 1.1.2 
... to silence Dependabot alerts about CVE-2022-29162 = GHSA-f3fp-gc8g-vw66.

Note that the vulnerable code is not actually included in Skopeo at all,
this is purely to silence imprecise vulnerability checkers.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-31 01:23:51 +02:00
Miloslav Trmač
0a3be734a9 Update to gopkg.in/yaml.v3 v3.0.0 
... to include a fix for CVE-2022-28948 = GHSA-hp87-p4gw-j4gq .

Note that the package is only used for Skopeo's tests, so
Skopeo's users can't reach the vulnerable code.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-26 20:30:59 +02:00
Miloslav Trmač
1ebb2520ca Update c/image 
... to bring in github.com/proglottis/gpgme 0.1.2.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-05-19 21:59:36 +02:00
dependabot[bot]
3eca480c2b Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.15+incompatible to 20.10.16+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.15...v20.10.16)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-13 08:17:07 +00:00
dependabot[bot]
149dea8dce Bump github.com/containers/storage from 1.40.2 to 1.41.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.40.2 to 1.41.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.40.2...v1.41.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-12 08:10:20 +00:00
dependabot[bot]
13ceb93bdf Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.14+incompatible to 20.10.15+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.14...v20.10.15)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-07 12:22:43 +00:00
Daniel J Walsh
75d94e790c Bump ocicrypt to v1.1.4 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-06 10:07:37 -04:00
Daniel J Walsh
737ed9c2a4 Vendor in containers/storage v1.40.2 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 13:06:55 -04:00
Daniel J Walsh
3c286dd1d1 Vendor in containers/(common, storage, image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-05-03 09:59:43 -04:00
Daniel J Walsh
8960ab3ce7 Update vendor of containers/(common,storage,image) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2022-04-22 06:45:18 -04:00
Miloslav Trmač
4811c07d71 Update users of deprecated io/ioutil 
Mostly just name changes that should not change behavior, apart
from ioutil.ReadDir -> os.ReadDir avoiding per-item lstat(2) in
one case.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2022-04-13 20:13:52 +02:00
James Hewitt
38ae81fa03 Bump containers/image to include sign identity option 
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
 2022-03-30 22:02:40 +01:00
Lokesh Mandvekar
3bc062423e Bump github.com/prometheus/client_golang to v1.11.1 
Resolves: CVE-2022-21698

Skopeo isn't actually impacted by the CVE unless a Prometheus listener
is set up, which is not a part of Skopeo's default behavior.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
 2022-03-24 14:57:52 -04:00
dependabot[bot]
89cd19519f Bump github.com/containers/common from 0.47.4 to 0.47.5 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.47.4 to 0.47.5.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](https://github.com/containers/common/compare/v0.47.4...v0.47.5)

---
updated-dependencies:
- dependency-name: github.com/containers/common
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 17:41:02 +00:00
dependabot[bot]
7f6b0e39d0 Bump github.com/containers/storage from 1.38.2 to 1.39.0 
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.38.2 to 1.39.0.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.38.2...v1.39.0)

---
updated-dependencies:
- dependency-name: github.com/containers/storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 17:14:41 +00:00
dependabot[bot]
f6bf57460d Bump github.com/docker/docker 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.13+incompatible to 20.10.14+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.13...v20.10.14)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-24 09:13:14 +00:00
dependabot[bot]
ac7edc7d10 Bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.2...v1.1.3)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-21 09:10:52 +00:00