This method is a shallow wrapper around trust.GetNotaryRepository, but
due to its signature resulted in the trust package, and notary dependencies
to become a dependency of the CLI. Consequence of this was that cli-plugins,
which need the cli/command package, would also get notary and its
dependencies as a dependency. It is no longer used in our code, which
constructs the client in packages that need it, so we can deprecate this
method.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CLI.NotaryClient method is a shallow wrapper around trust.GetNotaryRepository
and only depends on the CLI itself to pass its StdErr/StrOut streams.
- This patch inlines the code to produce the client, skipping the wrapper.
- Define a local interface for some tests where a dummy notary client was used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This function was added in 02719bdbb5, and
used newDefaultRepositoryEndpoint to get repository info for the given
image-reference.
newDefaultRepositoryEndpoint uses registry.ParseRepositoryInfo under the
hood, but the only information used from the result was the Name field,
which is set using `reference.TrimNamed(name)`. The possible error returned
was based on the domain-name of the image, and only checked for the domain
to not start, or end with a hyphen ("-").
This patch removes the use of RepoNameForReference, deprecates it, and
inlines the code used by it.
There are no known consumers of this function, so we can consider removing
it in the first possible release after this (which can be a minor release).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This type was added in 02719bdbb5, but was
never used outside of the package itself. This patch un-exports it.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This type was added in 02719bdbb5, but was
never used;
git rev-parse --verify HEAD
02719bdbb5
git grep 'PutManifestOptions'
cli/registry/client/client.go:// PutManifestOptions is the data sent to push a manifest
cli/registry/client/client.go:type PutManifestOptions struct {
This patch removes it, because it's not used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These utility functions were added in 8890a1c929,
and are all related to OTEL. The ResourceAttributesEnvvar const defines
the "OTEL_RESOURCE_ATTRIBUTES" environment-variable to use, which is part
of the [OpenTelemetry specification], so should be considered a well-known
env-var, and not up to us to define a const for. These code-changes were not
yet included in a release, so we don't have to deprecate.
This patch:
- Moves the utility functions to the telemetry files, so that all code related
to OpenTelemetry is together.
- Un-exports the ResourceAttributesEnvvar to reduce our public API.
- Un-exports the DockerCliAttributePrefix to reduce depdency on cli/command
in CLI-plugins, but adds a TODO to move telemetry-related code to a common
(internal) package.
- Deprecates the cli-plugins/manager.ResourceAttributesEnvvar const. This
const has no known consumers, so we could skip deprecation, but just in
case some codebase uses this.
[OpenTelemetry specification]: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/#general-sdk-configuration
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The client was only using the Actions consts, but the trust package
also has a dependency on notary. Remove the import to prevent Notary
becoming a dependency for uses of the cli code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This uuid package was introduced in 89db01ef97,
but we want to reduce dependency on the old docker/distribution module.
Replace it with google/uuid, which is a commonly used module for this
and already a dependency.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This utility was shared between the "image" and "trust" packages, and a
shallow wrapper around features in the cli/trust package. Move it there
instead and rename it to `trust.AddToAllSignableRoles`.
There are no known external consumers of this utility, so skipping a
deprecation.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These tests were not testing functionality that was implemented
in the image package. Move them to the trust package, where
they belong.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing trust.GetSignableRoles to return an error
if it's offline, which was duplicating the [TestGetSignableRolesError]
test in the cli/trust package.
[TestGetSignableRolesError]: fe0a8d2791/cli/trust/trust_test.go (L49-L55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a basic helper to provide the equivalent of passphrase.ConstantRetriever
with a fixed passphrase for testing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing trust.GetSignableRoles to return an error
if it's offline, which was duplicating the [TestGetSignableRolesError]
test.
[TestGetSignableRolesError]: fe0a8d2791/cli/trust/trust_test.go (L49-L55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing trust.GetSignableRoles to return an error
if it's offline, which was duplicating the [TestGetSignableRolesError]
test.
[TestGetSignableRolesError]: fe0a8d2791/cli/trust/trust_test.go (L49-L55)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The test only validates that an error is produced because the notary
server is offline, and does not sent a passphrase.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add a basic helper to provide the equivalent of passphrase.ConstantRetriever
with a fixed passphrase for testing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This var used to be vendored from github.com/docker/docker/registry, but was
removed there, and made a local var in a1cbaa827b.
It is (and should never be) modified, so let's change it into a const.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
[ParseRepositoryInfo] parses an image reference and returns information
about the Repository and the registry. As part of this, it validates if
the registry's hostname is considered valid using [ValidateIndexName],
as well as normalizing the image reference to strip tags and digests
using [reference.TrimNamed].
ValidateIndexName only provides very limited value; the only validation
happening is to check for the hostname to not start, or end with a hyphen.
The cli/command/manifest package used ParseRepositoryInfo in various
locations where only the repository name was used (i.e., the result
of `reference.TrimNamed` on the given reference), and in one location
only used it to validate the registry name.
For buildPushRequest, the call was fully redundant, as [RepoNameForReference]
was used on the result, calling [newDefaultRepositoryEndpoint], which
uses ParseRepositoryInfo internally, so we were only repeating that work.
This patch removes uses of ParseRepositoryInfo in those places, and instead
calling [reference.TrimNamed] directly.
[ParseRepositoryInfo]: 41f781fab3/registry/config.go (L375-L381)
[ValidateIndexName]: 41f781fab3/registry/config.go (L288-L299)
[reference.TrimNamed]: 41f781fab3/registry/config.go (L369)
[RepoNameForReference]: fe0a8d2791/cli/registry/client/endpoint.go (L107-L110)
[newDefaultRepositoryEndpoint]: fe0a8d2791/cli/registry/client/endpoint.go (L33-L38)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Don't allow unbounded amounts of splits.
Fixes GHSA-c6gw-w398-hv78 / CVE-2025-27144
- Various other dependency updates, small fixes, and documentation
updates in the full changelog
full diff: https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- set default to 28
- remove minor version from matrix; docker:dind images also provide a
"docker:28-dind" which point to the latest minor version.
- remove TODO for 19.03, which is really out of scope now.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
