full diff: https://github.com/theupdateframework/notary/compare/v0.6.1...v0.7.0
Changelog:
v0.7.0 12/01/2021
------------------------
- Switch to Go modules
- Use golang/x/crypto for ed25519
- Update Go version
- Update dependency versions
- Fixes from using Gosec for source analysis
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit f32731f902 fixed a potential panic
when an error was returned while trying to get existing credentials.
However, other code paths currently use the result of `GetDefaultAuthConfig()`
even in an error condition; this resulted in a panic, because a `nil` was
returned.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These options were deprecated and removed in the Linux kernel v5.0 and up in;
- f382fb0bce
- fb5772cbfe
- 23aa16489c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The created time of the containerd is initialized with nanoseconds,
it seems to be a mistake.
In other places of the code, this field is initialized with seconds:
$ grep -rh 'time\.Now()\.Unix()' | grep Created
Created: time.Now().Unix(),
Created: time.Now().Unix(),
return []image.HistoryResponseItem{{ID: img, Created: time.Now().Unix()}}, nil
We can also see the the formatter assumes it to be seconds:
cli/command/formatter/container.go
----
func (c *ContainerContext) CreatedAt() string {
return time.Unix(c.c.Created, 0).String()
}
Interestingly, initializing the field with nanoseconds seems to work,
except on mips architecture, where it causes some kind of overflow.
~~~~
=== Failed
=== FAIL: cli/command/container TestContainerListWithoutFormat (0.00s)
list_test.go:183: assertion failed:
--- expected
+++ actual
@@ -1,7 +1,7 @@
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-container_id busybox:latest "top" Less than a second ago Up 1 second c1
-container_id busybox:latest "top" Less than a second ago Up 1 second c2
-container_id busybox:latest "top" Less than a second ago Up 1 second 80-82/tcp c3
-container_id busybox:latest "top" Less than a second ago Up 1 second 81/udp c4
-container_id busybox:latest "top" Less than a second ago Up 1 second 8.8.8.8:82->82/tcp c5
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second c1
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second c2
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second 80-82/tcp c3
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second 81/udp c4
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second 8.8.8.8:82->82/tcp c5
=== FAIL: cli/command/container TestContainerListNoTrunc (0.00s)
list_test.go:198: assertion failed:
--- expected
+++ actual
@@ -1,4 +1,4 @@
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
-container_id busybox:latest "top" Less than a second ago Up 1 second c1
-container_id busybox:latest "top" Less than a second ago Up 1 second c2,foo/bar
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second c1
+container_id busybox:latest "top" -153722867 minutes ago Up 1 second c2,foo/bar
~~~~
Logs above taken from:
https://buildd.debian.org/status/fetch.php?pkg=docker.io&arch=mipsel&ver=20.10.0%7Erc1%2Bdfsg3-1&stamp=1606895899
~~~~
=== RUN TestChtimesLinux
chtimes_linux_test.go:87: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC
--- FAIL: TestChtimesLinux (0.00s)
=== RUN TestChtimes
chtimes_test.go:92: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC
--- FAIL: TestChtimes (0.00s)
~~~~
Logs above taken from:
https://buildd.debian.org/status/fetch.php?pkg=docker.io&arch=mips64el&ver=20.10.0%7Erc1%2Bdfsg3-1&stamp=1606895622
Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
Distributions uses generate-man.sh to create man pages, however it only
assumes a container environment and attempts to build binaries towards
`/go` which might be an illegal path in `fakeroot`.
This patch ensures we only build `md2man` from the vendored sources if
the command is not present. This allows distributions to supply thier
packaged `md2man`.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Docker Engine v20.10 and up includes optimizations to verify if images in the
local image cache need updating before pulling, preventing the Docker Engine
from making unnecessary API requests. These optimizations require the container
image registry to conform to the Open Container Initiative Distribution Specification
(https://github.com/opencontainers/distribution-spec).
While most registries conform to the specification, we encountered some registries
to be non-compliant, resulting in `docker pull` to fail.
As a temporary solution, Docker Engine v20.10 includes a fallback mechanism to
allow `docker pull` to be functional when using a non-compliant registry. A
warning message is printed in this situation:
WARNING Failed to pull manifest by the resolved digest. This registry does not
appear to conform to the distribution registry specification; falling back to
pull by tag. This fallback is DEPRECATED, and will be removed in a future
release.
The fallback is added to allow users to either migrate their images to a compliant
registry, or for these registries to become compliant.
Note that this fallback only addresses failures on `docker pull`. Other commands,
such as `docker stack deploy`, or pulling images with `containerd` will continue
to fail.
Given that other functionality is still broken with these registries, we consider
this fallback a _temporary_ solution, and will remove the fallback in an upcoming
major release.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/moby/buildkit/compare/v0.8.0-rc2...v0.8.0
note that this is currently a few commits "behind" the version used in docker,
but changes since v0.8.0 do not affect the code that's vendored in the CLI,
so prefering to use a tagged version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looks like the YAML conversion doesn't like lines starting with `[`, and
causing it to use the "compact" formatting in the generated YAML.
This patch un-wraps these lines to prevent this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Brian Goff
Sebastiaan van Stijn
Sebastiaan van Stijn
Silvin Lubecki
Tibor Vass
rochfeu
Harald Albers
Christopher Svensson
Chris Couzens
Arnaud Rebillout
Alexey Igrychev
Morten Linderud
Djordje Lukic