[release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0

full diff: a6d0ee40d4...v1.0.0 This is similar to the same changes on main: - bf56f348be (update to v1.0.0-rc1) - 8a8d91529d (update to v1.0.0) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-09-22 13:32:38 +02:00 · 2023-09-22 13:32:38 +02:00 · d1ab2430e6
commit d1ab2430e6
parent 11eb4194f6
9 changed files with 180 additions and 68 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -48,5 +48,5 @@ gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673
 gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b
 gopkg.in/yaml.v2 v2.2.1
 rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
-github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
+github.com/opencontainers/go-digest ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
 github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2
--- a/vendor/github.com/opencontainers/go-digest/LICENSE.code
+++ b/vendor/github.com/opencontainers/go-digest/LICENSE.code
@ -176,6 +176,7 @@
   END OF TERMS AND CONDITIONS
   Copyright 2019, 2020 OCI Contributors
   Copyright 2016 Docker, Inc.
   Licensed under the Apache License, Version 2.0 (the "License");
--- a/vendor/github.com/opencontainers/go-digest/README.md
+++ b/vendor/github.com/opencontainers/go-digest/README.md
@ -1,27 +1,23 @@
 # go-digest
-[![GoDoc](https://godoc.org/github.com/docker/go-digest?status.svg)](https://godoc.org/github.com/docker/go-digest) [![Go Report Card](https://goreportcard.com/badge/github.com/docker/go-digest)](https://goreportcard.com/report/github.com/docker/go-digest) [![Build Status](https://travis-ci.org/docker/go-digest.svg?branch=master)](https://travis-ci.org/docker/go-digest)
+[![GoDoc](https://godoc.org/github.com/opencontainers/go-digest?status.svg)](https://godoc.org/github.com/opencontainers/go-digest) [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/go-digest)](https://goreportcard.com/report/github.com/opencontainers/go-digest) [![Build Status](https://travis-ci.org/opencontainers/go-digest.svg?branch=master)](https://travis-ci.org/opencontainers/go-digest)
 Common digest package used across the container ecosystem.
-Please see the [godoc](https://godoc.org/github.com/docker/go-digest) for more information.
+Please see the [godoc](https://godoc.org/github.com/opencontainers/go-digest) for more information.
 # What is a digest?
-A digest is just a hash.
+A digest is just a [hash](https://en.wikipedia.org/wiki/Hash_function).
-The most common use case for a digest is to create a content
+The most common use case for a digest is to create a content identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage) systems:
 identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage)
 systems:
 ```go
 id := digest.FromBytes([]byte("my content"))
 ```
-In the example above, the id can be used to uniquely identify 
+In the example above, the id can be used to uniquely identify the byte slice "my content".
-the byte slice "my content". This allows two disparate applications
+This allows two disparate applications to agree on a verifiable identifier without having to trust one another.
 to agree on a verifiable identifier without having to trust one
 another.
 An identifying digest can be verified, as follows:
@ -31,8 +27,7 @@ if id != digest.FromBytes([]byte("my content")) {
 }
 ```
-A `Verifier` type can be used to handle cases where an `io.Reader`
+A `Verifier` type can be used to handle cases where an `io.Reader` makes more sense:
 makes more sense:
 ```go
 rd := getContent()
@ -44,18 +39,14 @@ if !verifier.Verified() {
 }
 ```
-Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this
+Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this can power a rich, safe, content distribution system.
 can power a rich, safe, content distribution system.
 # Usage
-While the [godoc](https://godoc.org/github.com/docker/go-digest) is 
+While the [godoc](https://godoc.org/github.com/opencontainers/go-digest) is considered the best resource, a few important items need to be called out when using this package.
 considered the best resource, a few important items need to be called 
 out when using this package.
-1. Make sure to import the hash implementations into your application
+1. Make sure to import the hash implementations into your application or the package will panic.
-    or the package will panic. You should have something like the 
+    You should have something like the following in the main (or other entrypoint) of your application:
    following in the main (or other entrypoint) of your application:
    ```go
    import (
@ -66,39 +57,40 @@ out when using this package.
    This may seem inconvenient but it allows you replace the hash 
    implementations with others, such as https://github.com/stevvooe/resumable.
-2. Even though `digest.Digest` may be assemable as a string, _always_ 
+2. Even though `digest.Digest` may be assemblable as a string, _always_ verify your input with `digest.Parse` or use `Digest.Validate` when accepting untrusted input.
-    verify your input with `digest.Parse` or use `Digest.Validate`
+    While there are measures to avoid common problems, this will ensure you have valid digests in the rest of your application.
-    when accepting untrusted input. While there are measures to 
+
-    avoid common problems, this will ensure you have valid digests
+3. While alternative encodings of hash values (digests) are possible (for example, base64), this package deals exclusively with hex-encoded digests.
    in the rest of your application.
 # Stability
 The Go API, at this stage, is considered stable, unless otherwise noted.
-As always, before using a package export, read the [godoc](https://godoc.org/github.com/docker/go-digest).
+As always, before using a package export, read the [godoc](https://godoc.org/github.com/opencontainers/go-digest).
 # Contributing
-This package is considered fairly complete. It has been in production
+This package is considered fairly complete.
-in thousands (millions?) of deployments and is fairly battle-hardened.
+It has been in production in thousands (millions?) of deployments and is fairly battle-hardened.
-New additions will be met with skepticism. If you think there is a 
+New additions will be met with skepticism.
-missing feature, please file a bug clearly describing the problem and 
+If you think there is a missing feature, please file a bug clearly describing the problem and the alternatives you tried before submitting a PR.
 the alternatives you tried before submitting a PR.
-# Reporting security issues
+## Code of Conduct
-The maintainers take security seriously. If you discover a security 
+Participation in the OpenContainers community is governed by [OpenContainer's Code of Conduct][code-of-conduct].
 issue, please bring it to their attention right away!
-Please DO NOT file a public issue, instead send your report privately
+## Security
 to security@docker.com.
-Security reports are greatly appreciated and we will publicly thank you 
+If you find an issue, please follow the [security][security] protocol to report it.
 for it. We also like to send gifts—if you're into Docker schwag, make 
 sure to let us know. We currently do not offer a paid security bounty 
 program, but are not ruling it out in the future.
 # Copyright and license
-Copyright © 2016 Docker, Inc. All rights reserved, except as follows. Code is released under the [Apache 2.0 license](LICENSE.code). This `README.md` file and the [`CONTRIBUTING.md`](CONTRIBUTING.md) file are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file [`LICENSE.docs`](LICENSE.docs). You may obtain a duplicate copy of the same license, titled CC BY-SA 4.0, at http://creativecommons.org/licenses/by-sa/4.0/.
+Copyright © 2019, 2020 OCI Contributors
 Copyright © 2016 Docker, Inc.
 All rights reserved, except as follows.
 Code is released under the [Apache 2.0 license](LICENSE).
 This `README.md` file and the [`CONTRIBUTING.md`](CONTRIBUTING.md) file are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file [`LICENSE.docs`](LICENSE.docs).
 You may obtain a duplicate copy of the same license, titled CC BY-SA 4.0, at http://creativecommons.org/licenses/by-sa/4.0/.
 [security]: https://github.com/opencontainers/org/blob/master/security
 [code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
--- a/vendor/github.com/opencontainers/go-digest/algorithm.go
+++ b/vendor/github.com/opencontainers/go-digest/algorithm.go
@ -1,3 +1,18 @@
 // Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package digest
 import (
@ -5,6 +20,7 @@ import (
 	"fmt"
 	"hash"
 	"io"
 	"regexp"
 )
 // Algorithm identifies and implementation of a digester by an identifier.
@ -14,9 +30,9 @@ type Algorithm string
 // supported digest types
 const (
-	SHA256 Algorithm = "sha256" // sha256 with hex encoding
+	SHA256 Algorithm = "sha256" // sha256 with hex encoding (lower case only)
-	SHA384 Algorithm = "sha384" // sha384 with hex encoding
+	SHA384 Algorithm = "sha384" // sha384 with hex encoding (lower case only)
-	SHA512 Algorithm = "sha512" // sha512 with hex encoding
+	SHA512 Algorithm = "sha512" // sha512 with hex encoding (lower case only)
 	// Canonical is the primary digest algorithm used with the distribution
 	// project. Other digests may be used but this one is the primary storage
@ -36,6 +52,14 @@ var (
 		SHA384: crypto.SHA384,
 		SHA512: crypto.SHA512,
 	}
 	// anchoredEncodedRegexps contains anchored regular expressions for hex-encoded digests.
 	// Note that /A-F/ disallowed.
 	anchoredEncodedRegexps = map[Algorithm]*regexp.Regexp{
 		SHA256: regexp.MustCompile(`^[a-f0-9]{64}$`),
 		SHA384: regexp.MustCompile(`^[a-f0-9]{96}$`),
 		SHA512: regexp.MustCompile(`^[a-f0-9]{128}$`),
 	}
 )
 // Available returns true if the digest type is available for use. If this
@ -111,6 +135,14 @@ func (a Algorithm) Hash() hash.Hash {
 	return algorithms[a].New()
 }
 // Encode encodes the raw bytes of a digest, typically from a hash.Hash, into
 // the encoded portion of the digest.
 func (a Algorithm) Encode(d []byte) string {
 	// TODO(stevvooe): Currently, all algorithms use a hex encoding. When we
 	// add support for back registration, we can modify this accordingly.
 	return fmt.Sprintf("%x", d)
 }
 // FromReader returns the digest of the reader using the algorithm.
 func (a Algorithm) FromReader(rd io.Reader) (Digest, error) {
 	digester := a.Digester()
@ -142,3 +174,20 @@ func (a Algorithm) FromBytes(p []byte) Digest {
 func (a Algorithm) FromString(s string) Digest {
 	return a.FromBytes([]byte(s))
 }
 // Validate validates the encoded portion string
 func (a Algorithm) Validate(encoded string) error {
 	r, ok := anchoredEncodedRegexps[a]
 	if !ok {
 		return ErrDigestUnsupported
 	}
 	// Digests much always be hex-encoded, ensuring that their hex portion will
 	// always be size*2
 	if a.Size()*2 != len(encoded) {
 		return ErrDigestInvalidLength
 	}
 	if r.MatchString(encoded) {
 		return nil
 	}
 	return ErrDigestInvalidFormat
 }
--- a/vendor/github.com/opencontainers/go-digest/digest.go
+++ b/vendor/github.com/opencontainers/go-digest/digest.go
@ -1,3 +1,18 @@
 // Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package digest
 import (
@ -31,16 +46,21 @@ func NewDigest(alg Algorithm, h hash.Hash) Digest {
 // functions. This is also useful for rebuilding digests from binary
 // serializations.
 func NewDigestFromBytes(alg Algorithm, p []byte) Digest {
-	return Digest(fmt.Sprintf("%s:%x", alg, p))
+	return NewDigestFromEncoded(alg, alg.Encode(p))
 }
-// NewDigestFromHex returns a Digest from alg and a the hex encoded digest.
+// NewDigestFromHex is deprecated. Please use NewDigestFromEncoded.
 func NewDigestFromHex(alg, hex string) Digest {
-	return Digest(fmt.Sprintf("%s:%s", alg, hex))
+	return NewDigestFromEncoded(Algorithm(alg), hex)
 }
 // NewDigestFromEncoded returns a Digest from alg and the encoded digest.
 func NewDigestFromEncoded(alg Algorithm, encoded string) Digest {
 	return Digest(fmt.Sprintf("%s:%s", alg, encoded))
 }
 // DigestRegexp matches valid digest types.
-var DigestRegexp = regexp.MustCompile(`[a-zA-Z0-9-_+.]+:[a-fA-F0-9]+`)
+var DigestRegexp = regexp.MustCompile(`[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+`)
 // DigestRegexpAnchored matches valid digest types, anchored to the start and end of the match.
 var DigestRegexpAnchored = regexp.MustCompile(`^` + DigestRegexp.String() + `$`)
@ -82,26 +102,18 @@ func FromString(s string) Digest {
 // error if not.
 func (d Digest) Validate() error {
 	s := string(d)
 	i := strings.Index(s, ":")
-
+	if i <= 0 || i+1 == len(s) {
 	// validate i then run through regexp
 	if i < 0 || i+1 == len(s) || !DigestRegexpAnchored.MatchString(s) {
 		return ErrDigestInvalidFormat
 	}
-
+	algorithm, encoded := Algorithm(s[:i]), s[i+1:]
 	algorithm := Algorithm(s[:i])
 	if !algorithm.Available() {
 		if !DigestRegexpAnchored.MatchString(s) {
 			return ErrDigestInvalidFormat
 		}
 		return ErrDigestUnsupported
 	}
-
+	return algorithm.Validate(encoded)
 	// Digests much always be hex-encoded, ensuring that their hex portion will
 	// always be size*2
 	if algorithm.Size()*2 != len(s[i+1:]) {
 		return ErrDigestInvalidLength
 	}
 	return nil
 }
 // Algorithm returns the algorithm portion of the digest. This will panic if
@ -119,12 +131,17 @@ func (d Digest) Verifier() Verifier {
 	}
 }
-// Hex returns the hex digest portion of the digest. This will panic if the
+// Encoded returns the encoded portion of the digest. This will panic if the
 // underlying digest is not in a valid format.
-func (d Digest) Hex() string {
+func (d Digest) Encoded() string {
 	return string(d[d.sepIndex()+1:])
 }
 // Hex is deprecated. Please use Digest.Encoded.
 func (d Digest) Hex() string {
 	return d.Encoded()
 }
 func (d Digest) String() string {
 	return string(d)
 }
--- a/vendor/github.com/opencontainers/go-digest/digester.go
+++ b/vendor/github.com/opencontainers/go-digest/digester.go
@ -1,3 +1,18 @@
 // Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package digest
 import "hash"
--- a/vendor/github.com/opencontainers/go-digest/doc.go
+++ b/vendor/github.com/opencontainers/go-digest/doc.go
@ -1,3 +1,18 @@
 // Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // Package digest provides a generalized type to opaquely represent message
 // digests and their operations within the registry. The Digest type is
 // designed to serve as a flexible identifier in a content-addressable system.
@ -15,8 +30,13 @@
 //
 // 	sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc
 //
-// In this case, the string "sha256" is the algorithm and the hex bytes are
+// The "algorithm" portion defines both the hashing algorithm used to calculate
-// the "digest".
+// the digest and the encoding of the resulting digest, which defaults to "hex"
 // if not otherwise specified. Currently, all supported algorithms have their
 // digests encoded in hex strings.
 //
 // In the example above, the string "sha256" is the algorithm and the hex bytes
 // are the "digest".
 //
 // Because the Digest type is simply a string, once a valid Digest is
 // obtained, comparisons are cheap, quick and simple to express with the
--- a/vendor/github.com/opencontainers/go-digest/go.mod
+++ b/vendor/github.com/opencontainers/go-digest/go.mod
@ -0,0 +1,3 @@
 module github.com/opencontainers/go-digest
 go 1.13
--- a/vendor/github.com/opencontainers/go-digest/verifiers.go
+++ b/vendor/github.com/opencontainers/go-digest/verifiers.go
@ -1,3 +1,18 @@
 // Copyright 2019, 2020 OCI Contributors
 // Copyright 2017 Docker, Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package digest
 import (
		`@ -0,0 +1,3 @@`
							`module github.com/opencontainers/go-digest`

							`go 1.13`