... to be a bit more robust against unexpected error wrapping.
Also be a little more idiomatic on the sync error handling path.
Should not change behavior, assuming the previous code was correct.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is clearly safe because the changes are
mostly top-level CLI where nothing is checking
the type of the error.
Even in that case, use %w for idiomatic consistency
(and to make it easier to possibly move some code into a Go library.)
Mostly mechanical, but note the changes to error handling of .Close():
we use %w for the primary error, not for the close error.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Use a wrapping wording similar to c/image; it's slightly
awkward at the start of the error message, but those should
hopefully be rare.
- Notably, distinguish the three failure paths in (skopeo layers).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Note that this is a behavior change: we used to do
retErr = errors.Wrapf(retErr, ..., closeErr)
which doesn't record closeErr if retErr was nil.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
These changes substantially mirror similar updates made recently to both
podman and buildah. Besides renaming `Dockerfile` -> `Containerfile`,
there are much needed updates to docs, and the build instructions.
Signed-off-by: Chris Evich <cevich@redhat.com>
The github actions workflow for this operation is complex and difficult
to maintain. For several months now a replacement has been running well
in the podman repository. It's scripts/components are centralized,
versioned, unit, and integration tested. Add cirrus tasks to run the
build, and another task to allow test builds in a PR.
This also adds support for a new magic CI string: `[CI:BUILD]`.
With this string in the PR title, automation will only do basic build
verification, and enable testing of the multi-arch build process.
Otherwise, many tasks were updated to not be created when running the
cirrus-cron multi-arch image builds, since this would simply be a waste
of time and invitation for flakes.
Lastly, since only native tooling is used in the new build process,
rename all the recipes to `Containerfile`.
Signed-off-by: Chris Evich <cevich@redhat.com>
For whatever reason, the comment rearrangement is
required for vim rpm synatx highlighting to work.
Also added a comment pointing out where additional comments
should go. :)
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The new file `skopeo.spec.rpkg` along with a webhook will automatically
build rpms on every PR merge on the main branch.
Run `rpkg local` or `make rpm` to generate the rpm.
Known issue: Doesn't yet build for EL8 environments.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
We expect schema1 images to work. Also, docker/distribution
doesn't provide useful errors for rejected schema1 images
( https://github.com/distribution/distribution/issues/2925 ),
which makes it impractical for Skopeo to automatically convert
schema1 to schema2.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The k8s.gcr.io/coredns/coredns repo now contains an OCI
artifact, which we can't copy; so, use a different
repo to test syncing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
... to silence Dependabot alerts about CVE-2022-29162 = GHSA-f3fp-gc8g-vw66.
Note that the vulnerable code is not actually included in Skopeo at all,
this is purely to silence imprecise vulnerability checkers.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The {a,b} syntax is not POSIX compatible. The Makefile should run with
all POSIX shells so we cannot use shell specific features like this.
Fixes#1657
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
... to include a fix for CVE-2022-28948 = GHSA-hp87-p4gw-j4gq .
Note that the package is only used for Skopeo's tests, so
Skopeo's users can't reach the vulnerable code.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
