v5.22.0

copy.Image can now copy non-image OCI artifacts.

Added support for sigstore signatures: they (and related cosign attachments) can be copied along with images after opt-in in registries.d. Signatures can be created by copy.Image and enforced via policy.json (currently with public/private key pairs only).

Now requires Go 1.17.
GPGME now must be new enough to be visible via pkg-config.

github.com/pkg/errors is no longer used; that might affect caller-observable error types (in particular, errors.{As,Is}
might need to be used instead of pkg/errors.Cause).

Changes default paths on FreeBSD.

• Remove unused Makefile variables
• Config files should live in /usr/local on FreeBSD
• docker: validate received parts
• Use go env to fetch the go path
• docker: add workaround for CloudFront
• Improve errors messages when image missing from list
• Stop calling gpgme-config
• Fix codespell errors
• Make sure github.com/opencontainers/runc >= 1.1.2 is used
• Cirrus: use Ubuntu 22.04 LTS
• Merge pull request #1576 from mtrmac/private-image
• Merge pull request #1577 from mtrmac/mocks
• Merge pull request #1571 from mtrmac/go1.17
• Merge pull request #1578 from mtrmac/sourced-image-struct
• Fix error on parallel multiple image pullings with additionallayerstore
• Merge pull request #1579 from mtrmac/copy-layers-refactor
• Reject OCI artifacts in manifest.OCI1.ImageID
• Reject OCI artifacts in manifest.OCI1.Inspect
• Refuse to convert non-image OCI artifacts to Docker formats
• Reject OCI artifacts in image.manifestOCI1.OCIConfig
• Introduce SourcedImage.CanChangeLayerCompression, use it in copy.Image
• Use an updated CI image
• Use strings.ReplaceAll instead of strings.Replace(..., -1)
• Move the main helper removal case to the main path on RemoveAllAuthentication
• Merge pull request #1588 from mtrmac/pkg_errors
• Merge pull request #1589 from mtrmac/private-dest-impls
• Merge pull request #1590 from mtrmac/private-src-impls
• Merge pull request #1592 from mtrmac/blobcache-wrap-private
• Use "io.ReadAll" instead of "os.ReadAll"
• Merge pull request #1596 from mtrmac/cosign-payload
• Generalize copy.Image to be able to copy signatures with any format
• Merge pull request #1593 from mtrmac/cosign-sigs
• Introduce signature.Cosign as a format
• Add use-cosign-attachments to registries.d/*.yaml
• Add support for reading and writing Cosign attachments, incl. signatures
• Merge pull request #1595 from mtrmac/cosign-docker
• Add support for creating Cosign signatures
• Fix a long-standing incorrect comment
• Fix JSON syntax in the policy.json(5) man page
• Correctly decode Cosign-generated payloads
• Add Cosign verification support
• s/sigstore/lookaside/g in comments and documentation
• Refer to lookasideStorage instead of signatureStorage in code
• Add lookaside and lookaside-staging, hide sigstore and sigstore-staging
• Merge pull request #1605 from mtrmac/sigstore
• Fix a typo in error messages
• Remove a copy&pasted test entry
• Add context to some test failures
• Use more valid data in TestPRSignedByIsSignatureAuthorAccepted
• Generalize keyPath/keyData exclusivity checks
• Remove repetition in tests
• Accept multiple keyrings in newEphemeralGPGSigningMechanism
• Allow accepting multiple GPG keyrings via signedBy.keyPaths
• Switch to golang native error wrapping
• Point out use-sigstore-registries in sigstoreSigned documentation
• Use .pub extension for public keys in sigstoreSigned examples
• copy: print copy info once when writer==io.Discard
• Silence a "potentially unused parameter" warning
• Read signatures from UnparsedImage instead of ImageSource directly
• Consolidate reading messages, and checking for support, into a helper
• build(deps): bump github.com/containers/storage from 1.40.0 to 1.40.2
• build(deps): bump github.com/docker/docker
• build(deps): bump github.com/klauspost/compress from 1.15.2 to 1.15.3
• build(deps): bump github.com/klauspost/compress from 1.15.3 to 1.15.4
• build(deps): bump github.com/docker/docker
• build(deps): bump github.com/proglottis/gpgme from 0.1.1 to 0.1.2
• build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2
• build(deps): bump github.com/imdario/mergo from 0.3.12 to 0.3.13
• build(deps): bump github.com/klauspost/compress from 1.15.4 to 1.15.5
• build(deps): bump github.com/sylabs/sif/v2 from 2.7.0 to 2.7.1
• build(deps): bump github.com/klauspost/compress from 1.15.5 to 1.15.6
• build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2
• build(deps): bump github.com/docker/docker
• build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4
• build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
• build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
• build(deps): bump github.com/klauspost/compress from 1.15.6 to 1.15.7
• build(deps): bump github.com/proglottis/gpgme from 0.1.2 to 0.1.3
• build(deps): bump github.com/klauspost/compress from 1.15.7 to 1.15.8
• build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
• build(deps): bump github.com/theupdateframework/go-tuf
• build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0

v5.19.4

• vendor c/[email protected] (backports for https://bugzilla.redhat.com/show_bug.cgi?id=2072452)

v5.19.3

What's Changed

• [v5.19, backport] storage: use race-free AddNames instead of SetNames by @flouthoc in #1503
• [release-5.19 backport] Remove keyring support and Cirrus update to f36 VMs by @lsm5 in #1542
• [release-5.19 backport] Bump github.com/containers/ocicrypt to 566b808 by @lsm5 in #1539

Full Changelog: v5.19.2...v5.19.3

v5.21.1

What's Changed

• Release v5.21.0 by @mtrmac in #1514
• Use c/storage/pkg/ioutils.AtomicWriteFiles to update auth.json by @mtrmac in #1515
• build(deps): bump github.com/BurntSushi/toml from 1.0.0 to 1.1.0 by @dependabot in #1516
• build(deps): bump github.com/sylabs/sif/v2 from 2.4.2 to 2.5.0 by @dependabot in #1520
• Update to benefit from Go 1.16 by @mtrmac in #1521
• build(deps): bump github.com/sylabs/sif/v2 from 2.5.0 to 2.6.0 by @dependabot in #1524
• man containers-registries.conf: clarify mirror association by @vrothberg in #1525
• Use strings.NewReader instead of bytes.NewBufferString by @mtrmac in #1517
• Use correct list syntax in containers-registries.conf(5) by @mtrmac in #1527
• Don't require a Docker-Content-Digest header when deleting images by @mtrmac in #1497
• build(deps): bump github.com/sylabs/sif/v2 from 2.6.0 to 2.7.0 by @dependabot in #1528
• Improve progress bars, and update mpb by @mtrmac in #1530
• build(deps): bump github.com/klauspost/compress from 1.15.1 to 1.15.2 by @dependabot in #1531
• Cirrus: Update to F36 VMs by @cevich in #1535
• Bump github.com/containers/ocicrypt to 566b808 by @lsm5 in #1534
• Fix unwanted reuse of encrypted layers by @mtrmac in #1533

Full Changelog: v5.21.0...v5.21.1

v5.21.0

What's Changed

• Release v5.20.0 by @mtrmac in #1482
• storage: use race-free AddNames instead of SetNames by @flouthoc in #1480
• build(deps): bump github.com/klauspost/compress from 1.14.4 to 1.15.0 by @dependabot in #1484
• Update github.com/containerd/containerd by @mtrmac in #1485
• build(deps): bump github.com/docker/distribution from 2.8.0+incompatible to 2.8.1+incompatible by @dependabot in #1486
• build(deps): bump github.com/sylabs/sif/v2 from 2.3.2 to 2.4.0 by @dependabot in #1488
• build(deps): bump github.com/klauspost/compress from 1.15.0 to 1.15.1 by @dependabot in #1490
• build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible by @dependabot in #1489
• Silence go-staticcheck about openpgp use by @mtrmac in #1491
• Try to make (make lint) pass with Go 1.18 by @mtrmac in #1492
• build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #1494
• Use assert.ErrorContains by @mtrmac in #1495
• build(deps): bump github.com/sylabs/sif/v2 from 2.4.0 to 2.4.1 by @dependabot in #1496
• Formally require Go 1.15 by @mtrmac in #1493
• build(deps): bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3 by @dependabot in #1498
• build(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible by @dependabot in #1504
• registries.conf: prefixes: subdomain matching by @vrothberg in #1505
• toml decoding: report unknown keys by @vrothberg in #1507
• registries.conf: fix typo in prefix by @vrothberg in #1508
• build(deps): bump github.com/opencontainers/selinux from 1.10.0 to 1.10.1 by @dependabot in #1511
• Add option to specify the identity for signing by @Jamstah in #1510
• Add pull-from-mirror for adding per-mirror level restrictions by @QiWang19 in #1411
• build(deps): bump github.com/sylabs/sif/v2 from 2.4.1 to 2.4.2 by @dependabot in #1513

Full Changelog: v5.20.0...v5.21.0

v5.19.2

storage: use race-free AddNames instead of SetNames

v5.20.0

• docker/referece: add IsFullIdentifier
• Changed oci layout transport to thread-safe destination
• add pkg/blobcache from Buildah
• blobcache: drop import on buildah/docker
• blobcache: drop history comment
• blobcache: make ClearCache() private
• blobcache: remove CacheLookupReferenceFunc
• blobcache: turn BlobCache into a struct
• blobcache: export clearCache
• Remove (unused and unreachable) keyring support
• Eliminate a goroutine
• Also introduces internal-only interfaces to allow extending the transport feature set in the future

v5.19.1

• build(deps): bump github.com/klauspost/compress from 1.14.1 to 1.14.2
• build(deps): bump github.com/containers/storage from 1.38.0 to 1.38.1
• build(deps): bump github.com/containers/storage from 1.38.1 to 1.38.2

v5.19.0

What's Changed

• Release c/image v5.18.0 by @mtrmac in #1437
• build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0 by @dependabot in #1440
• build(deps): bump github.com/klauspost/compress from 1.13.6 to 1.14.1 by @dependabot in #1441
• Initial sif transport implementation by @mtrmac in #1438
• build(deps): bump github.com/sylabs/sif/v2 from 2.3.0 to 2.3.1 by @dependabot in #1443
• build(deps): bump github.com/vbauerster/mpb/v7 from 7.3.0 to 7.3.1 by @dependabot in #1444
• Corrects wrong default path for auth.json in docs by @svdHero in #1442
• Log every credential path we consult by @mtrmac in #1445
• build(deps): bump github.com/containers/storage from 1.37.0 to 1.38.0 by @dependabot in #1447
• Run codespell on code by @rhatdan in #1449
• build(deps): bump github.com/vbauerster/mpb/v7 from 7.3.1 to 7.3.2 by @dependabot in #1450
• GPGME: support passphrase for prompt-less signing by @vrothberg in #1446

New Contributors

• @svdHero made their first contribution in #1442

Full Changelog: v5.18.0...v5.19.0

v5.18.0

• Add copy.Options.PreserveDigests
• Link the two variants of cannotModifyManifest*Reason together.
• shortnames: mechanism to enforce resolving to Docker Hub
• manifest.GuessMIMEType(): recognize self-described OCI manifests
• Add a comment about only looking up credential helpers by registry
• Reorganize the success case in getCredentialsWithHomeDir
• Introduce a string key in getCredentialsWithHomeDir
• Modify findAuthentication to use a string key instead of a reference.Named
• Allow using namespaced keys in GetCredentials and GetAuthentication
• Rename useLegacyAPI to useLegacyFormat
• Fix GetAllCredentials
• Reject invalid keys in GetCredentials/GetAuthentication
• Make validateKey a bit more strict
• Don't include full manifest contents in error messages
• Log if a manifest upload doesn't contain a Docker-Content-Digest header
• docker/config: handle credentials not found errors
• docker: less bears :(
• Remove unused filler argument to customPartialBlobCounter
• Inline decor.Any into the caller
• Inline sstyle into the only user
• Simplify a check for missing credentials
• Fix handling of missing data in GetAllCredentials
• Fix the pseudo-version of github.com/opencontainers/image-spec
• Update golang.org/x/crypto, and silence warnings about openpgp