[release/2.8] vendor: github.com/opencontainers/go-digest v1.0.0

full diff: a6d0ee40d4...v1.0.0

This is similar to the same changes on main:

- bf56f348be (update to v1.0.0-rc1)
- 8a8d91529d (update to v1.0.0)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2023-09-22 13:32:38 +02:00
parent 11eb4194f6
commit d1ab2430e6
No known key found for this signature in database
GPG key ID: 76698F39D527CE8C
9 changed files with 180 additions and 68 deletions

View file

@ -48,5 +48,5 @@ gopkg.in/check.v1 64131543e7896d5bcc6bd5a76287eb75ea96c673
gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b gopkg.in/square/go-jose.v1 40d457b439244b546f023d056628e5184136899b
gopkg.in/yaml.v2 v2.2.1 gopkg.in/yaml.v2 v2.2.1
rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git rsc.io/letsencrypt e770c10b0f1a64775ae91d240407ce00d1a5bdeb https://github.com/dmcgowan/letsencrypt.git
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb github.com/opencontainers/go-digest ea51bea511f75cfa3ef6098cc253c5c3609b037a # v1.0.0
github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2 github.com/opencontainers/image-spec 67d2d5658fe0476ab9bf414cec164077ebff3920 # v1.0.2

View file

@ -176,6 +176,7 @@
END OF TERMS AND CONDITIONS END OF TERMS AND CONDITIONS
Copyright 2019, 2020 OCI Contributors
Copyright 2016 Docker, Inc. Copyright 2016 Docker, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");

View file

@ -1,27 +1,23 @@
# go-digest # go-digest
[![GoDoc](https://godoc.org/github.com/docker/go-digest?status.svg)](https://godoc.org/github.com/docker/go-digest) [![Go Report Card](https://goreportcard.com/badge/github.com/docker/go-digest)](https://goreportcard.com/report/github.com/docker/go-digest) [![Build Status](https://travis-ci.org/docker/go-digest.svg?branch=master)](https://travis-ci.org/docker/go-digest) [![GoDoc](https://godoc.org/github.com/opencontainers/go-digest?status.svg)](https://godoc.org/github.com/opencontainers/go-digest) [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/go-digest)](https://goreportcard.com/report/github.com/opencontainers/go-digest) [![Build Status](https://travis-ci.org/opencontainers/go-digest.svg?branch=master)](https://travis-ci.org/opencontainers/go-digest)
Common digest package used across the container ecosystem. Common digest package used across the container ecosystem.
Please see the [godoc](https://godoc.org/github.com/docker/go-digest) for more information. Please see the [godoc](https://godoc.org/github.com/opencontainers/go-digest) for more information.
# What is a digest? # What is a digest?
A digest is just a hash. A digest is just a [hash](https://en.wikipedia.org/wiki/Hash_function).
The most common use case for a digest is to create a content The most common use case for a digest is to create a content identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage) systems:
identifier for use in [Content Addressable Storage](https://en.wikipedia.org/wiki/Content-addressable_storage)
systems:
```go ```go
id := digest.FromBytes([]byte("my content")) id := digest.FromBytes([]byte("my content"))
``` ```
In the example above, the id can be used to uniquely identify In the example above, the id can be used to uniquely identify the byte slice "my content".
the byte slice "my content". This allows two disparate applications This allows two disparate applications to agree on a verifiable identifier without having to trust one another.
to agree on a verifiable identifier without having to trust one
another.
An identifying digest can be verified, as follows: An identifying digest can be verified, as follows:
@ -31,8 +27,7 @@ if id != digest.FromBytes([]byte("my content")) {
} }
``` ```
A `Verifier` type can be used to handle cases where an `io.Reader` A `Verifier` type can be used to handle cases where an `io.Reader` makes more sense:
makes more sense:
```go ```go
rd := getContent() rd := getContent()
@ -44,61 +39,58 @@ if !verifier.Verified() {
} }
``` ```
Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this Using [Merkle DAGs](https://en.wikipedia.org/wiki/Merkle_tree), this can power a rich, safe, content distribution system.
can power a rich, safe, content distribution system.
# Usage # Usage
While the [godoc](https://godoc.org/github.com/docker/go-digest) is While the [godoc](https://godoc.org/github.com/opencontainers/go-digest) is considered the best resource, a few important items need to be called out when using this package.
considered the best resource, a few important items need to be called
out when using this package.
1. Make sure to import the hash implementations into your application 1. Make sure to import the hash implementations into your application or the package will panic.
or the package will panic. You should have something like the You should have something like the following in the main (or other entrypoint) of your application:
following in the main (or other entrypoint) of your application:
```go ```go
import ( import (
_ "crypto/sha256" _ "crypto/sha256"
_ "crypto/sha512" _ "crypto/sha512"
) )
``` ```
This may seem inconvenient but it allows you replace the hash This may seem inconvenient but it allows you replace the hash
implementations with others, such as https://github.com/stevvooe/resumable. implementations with others, such as https://github.com/stevvooe/resumable.
2. Even though `digest.Digest` may be assemable as a string, _always_ 2. Even though `digest.Digest` may be assemblable as a string, _always_ verify your input with `digest.Parse` or use `Digest.Validate` when accepting untrusted input.
verify your input with `digest.Parse` or use `Digest.Validate` While there are measures to avoid common problems, this will ensure you have valid digests in the rest of your application.
when accepting untrusted input. While there are measures to
avoid common problems, this will ensure you have valid digests 3. While alternative encodings of hash values (digests) are possible (for example, base64), this package deals exclusively with hex-encoded digests.
in the rest of your application.
# Stability # Stability
The Go API, at this stage, is considered stable, unless otherwise noted. The Go API, at this stage, is considered stable, unless otherwise noted.
As always, before using a package export, read the [godoc](https://godoc.org/github.com/docker/go-digest). As always, before using a package export, read the [godoc](https://godoc.org/github.com/opencontainers/go-digest).
# Contributing # Contributing
This package is considered fairly complete. It has been in production This package is considered fairly complete.
in thousands (millions?) of deployments and is fairly battle-hardened. It has been in production in thousands (millions?) of deployments and is fairly battle-hardened.
New additions will be met with skepticism. If you think there is a New additions will be met with skepticism.
missing feature, please file a bug clearly describing the problem and If you think there is a missing feature, please file a bug clearly describing the problem and the alternatives you tried before submitting a PR.
the alternatives you tried before submitting a PR.
# Reporting security issues ## Code of Conduct
The maintainers take security seriously. If you discover a security Participation in the OpenContainers community is governed by [OpenContainer's Code of Conduct][code-of-conduct].
issue, please bring it to their attention right away!
Please DO NOT file a public issue, instead send your report privately ## Security
to security@docker.com.
Security reports are greatly appreciated and we will publicly thank you If you find an issue, please follow the [security][security] protocol to report it.
for it. We also like to send gifts—if you're into Docker schwag, make
sure to let us know. We currently do not offer a paid security bounty
program, but are not ruling it out in the future.
# Copyright and license # Copyright and license
Copyright © 2016 Docker, Inc. All rights reserved, except as follows. Code is released under the [Apache 2.0 license](LICENSE.code). This `README.md` file and the [`CONTRIBUTING.md`](CONTRIBUTING.md) file are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file [`LICENSE.docs`](LICENSE.docs). You may obtain a duplicate copy of the same license, titled CC BY-SA 4.0, at http://creativecommons.org/licenses/by-sa/4.0/. Copyright © 2019, 2020 OCI Contributors
Copyright © 2016 Docker, Inc.
All rights reserved, except as follows.
Code is released under the [Apache 2.0 license](LICENSE).
This `README.md` file and the [`CONTRIBUTING.md`](CONTRIBUTING.md) file are licensed under the Creative Commons Attribution 4.0 International License under the terms and conditions set forth in the file [`LICENSE.docs`](LICENSE.docs).
You may obtain a duplicate copy of the same license, titled CC BY-SA 4.0, at http://creativecommons.org/licenses/by-sa/4.0/.
[security]: https://github.com/opencontainers/org/blob/master/security
[code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md

View file

@ -1,3 +1,18 @@
// Copyright 2019, 2020 OCI Contributors
// Copyright 2017 Docker, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package digest package digest
import ( import (
@ -5,6 +20,7 @@ import (
"fmt" "fmt"
"hash" "hash"
"io" "io"
"regexp"
) )
// Algorithm identifies and implementation of a digester by an identifier. // Algorithm identifies and implementation of a digester by an identifier.
@ -14,9 +30,9 @@ type Algorithm string
// supported digest types // supported digest types
const ( const (
SHA256 Algorithm = "sha256" // sha256 with hex encoding SHA256 Algorithm = "sha256" // sha256 with hex encoding (lower case only)
SHA384 Algorithm = "sha384" // sha384 with hex encoding SHA384 Algorithm = "sha384" // sha384 with hex encoding (lower case only)
SHA512 Algorithm = "sha512" // sha512 with hex encoding SHA512 Algorithm = "sha512" // sha512 with hex encoding (lower case only)
// Canonical is the primary digest algorithm used with the distribution // Canonical is the primary digest algorithm used with the distribution
// project. Other digests may be used but this one is the primary storage // project. Other digests may be used but this one is the primary storage
@ -36,6 +52,14 @@ var (
SHA384: crypto.SHA384, SHA384: crypto.SHA384,
SHA512: crypto.SHA512, SHA512: crypto.SHA512,
} }
// anchoredEncodedRegexps contains anchored regular expressions for hex-encoded digests.
// Note that /A-F/ disallowed.
anchoredEncodedRegexps = map[Algorithm]*regexp.Regexp{
SHA256: regexp.MustCompile(`^[a-f0-9]{64}$`),
SHA384: regexp.MustCompile(`^[a-f0-9]{96}$`),
SHA512: regexp.MustCompile(`^[a-f0-9]{128}$`),
}
) )
// Available returns true if the digest type is available for use. If this // Available returns true if the digest type is available for use. If this
@ -111,6 +135,14 @@ func (a Algorithm) Hash() hash.Hash {
return algorithms[a].New() return algorithms[a].New()
} }
// Encode encodes the raw bytes of a digest, typically from a hash.Hash, into
// the encoded portion of the digest.
func (a Algorithm) Encode(d []byte) string {
// TODO(stevvooe): Currently, all algorithms use a hex encoding. When we
// add support for back registration, we can modify this accordingly.
return fmt.Sprintf("%x", d)
}
// FromReader returns the digest of the reader using the algorithm. // FromReader returns the digest of the reader using the algorithm.
func (a Algorithm) FromReader(rd io.Reader) (Digest, error) { func (a Algorithm) FromReader(rd io.Reader) (Digest, error) {
digester := a.Digester() digester := a.Digester()
@ -142,3 +174,20 @@ func (a Algorithm) FromBytes(p []byte) Digest {
func (a Algorithm) FromString(s string) Digest { func (a Algorithm) FromString(s string) Digest {
return a.FromBytes([]byte(s)) return a.FromBytes([]byte(s))
} }
// Validate validates the encoded portion string
func (a Algorithm) Validate(encoded string) error {
r, ok := anchoredEncodedRegexps[a]
if !ok {
return ErrDigestUnsupported
}
// Digests much always be hex-encoded, ensuring that their hex portion will
// always be size*2
if a.Size()*2 != len(encoded) {
return ErrDigestInvalidLength
}
if r.MatchString(encoded) {
return nil
}
return ErrDigestInvalidFormat
}

View file

@ -1,3 +1,18 @@
// Copyright 2019, 2020 OCI Contributors
// Copyright 2017 Docker, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package digest package digest
import ( import (
@ -31,16 +46,21 @@ func NewDigest(alg Algorithm, h hash.Hash) Digest {
// functions. This is also useful for rebuilding digests from binary // functions. This is also useful for rebuilding digests from binary
// serializations. // serializations.
func NewDigestFromBytes(alg Algorithm, p []byte) Digest { func NewDigestFromBytes(alg Algorithm, p []byte) Digest {
return Digest(fmt.Sprintf("%s:%x", alg, p)) return NewDigestFromEncoded(alg, alg.Encode(p))
} }
// NewDigestFromHex returns a Digest from alg and a the hex encoded digest. // NewDigestFromHex is deprecated. Please use NewDigestFromEncoded.
func NewDigestFromHex(alg, hex string) Digest { func NewDigestFromHex(alg, hex string) Digest {
return Digest(fmt.Sprintf("%s:%s", alg, hex)) return NewDigestFromEncoded(Algorithm(alg), hex)
}
// NewDigestFromEncoded returns a Digest from alg and the encoded digest.
func NewDigestFromEncoded(alg Algorithm, encoded string) Digest {
return Digest(fmt.Sprintf("%s:%s", alg, encoded))
} }
// DigestRegexp matches valid digest types. // DigestRegexp matches valid digest types.
var DigestRegexp = regexp.MustCompile(`[a-zA-Z0-9-_+.]+:[a-fA-F0-9]+`) var DigestRegexp = regexp.MustCompile(`[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+`)
// DigestRegexpAnchored matches valid digest types, anchored to the start and end of the match. // DigestRegexpAnchored matches valid digest types, anchored to the start and end of the match.
var DigestRegexpAnchored = regexp.MustCompile(`^` + DigestRegexp.String() + `$`) var DigestRegexpAnchored = regexp.MustCompile(`^` + DigestRegexp.String() + `$`)
@ -82,26 +102,18 @@ func FromString(s string) Digest {
// error if not. // error if not.
func (d Digest) Validate() error { func (d Digest) Validate() error {
s := string(d) s := string(d)
i := strings.Index(s, ":") i := strings.Index(s, ":")
if i <= 0 || i+1 == len(s) {
// validate i then run through regexp
if i < 0 || i+1 == len(s) || !DigestRegexpAnchored.MatchString(s) {
return ErrDigestInvalidFormat return ErrDigestInvalidFormat
} }
algorithm, encoded := Algorithm(s[:i]), s[i+1:]
algorithm := Algorithm(s[:i])
if !algorithm.Available() { if !algorithm.Available() {
if !DigestRegexpAnchored.MatchString(s) {
return ErrDigestInvalidFormat
}
return ErrDigestUnsupported return ErrDigestUnsupported
} }
return algorithm.Validate(encoded)
// Digests much always be hex-encoded, ensuring that their hex portion will
// always be size*2
if algorithm.Size()*2 != len(s[i+1:]) {
return ErrDigestInvalidLength
}
return nil
} }
// Algorithm returns the algorithm portion of the digest. This will panic if // Algorithm returns the algorithm portion of the digest. This will panic if
@ -119,12 +131,17 @@ func (d Digest) Verifier() Verifier {
} }
} }
// Hex returns the hex digest portion of the digest. This will panic if the // Encoded returns the encoded portion of the digest. This will panic if the
// underlying digest is not in a valid format. // underlying digest is not in a valid format.
func (d Digest) Hex() string { func (d Digest) Encoded() string {
return string(d[d.sepIndex()+1:]) return string(d[d.sepIndex()+1:])
} }
// Hex is deprecated. Please use Digest.Encoded.
func (d Digest) Hex() string {
return d.Encoded()
}
func (d Digest) String() string { func (d Digest) String() string {
return string(d) return string(d)
} }

View file

@ -1,3 +1,18 @@
// Copyright 2019, 2020 OCI Contributors
// Copyright 2017 Docker, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package digest package digest
import "hash" import "hash"

View file

@ -1,3 +1,18 @@
// Copyright 2019, 2020 OCI Contributors
// Copyright 2017 Docker, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Package digest provides a generalized type to opaquely represent message // Package digest provides a generalized type to opaquely represent message
// digests and their operations within the registry. The Digest type is // digests and their operations within the registry. The Digest type is
// designed to serve as a flexible identifier in a content-addressable system. // designed to serve as a flexible identifier in a content-addressable system.
@ -15,8 +30,13 @@
// //
// sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc // sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc
// //
// In this case, the string "sha256" is the algorithm and the hex bytes are // The "algorithm" portion defines both the hashing algorithm used to calculate
// the "digest". // the digest and the encoding of the resulting digest, which defaults to "hex"
// if not otherwise specified. Currently, all supported algorithms have their
// digests encoded in hex strings.
//
// In the example above, the string "sha256" is the algorithm and the hex bytes
// are the "digest".
// //
// Because the Digest type is simply a string, once a valid Digest is // Because the Digest type is simply a string, once a valid Digest is
// obtained, comparisons are cheap, quick and simple to express with the // obtained, comparisons are cheap, quick and simple to express with the

3
vendor/github.com/opencontainers/go-digest/go.mod generated vendored Normal file
View file

@ -0,0 +1,3 @@
module github.com/opencontainers/go-digest
go 1.13

View file

@ -1,3 +1,18 @@
// Copyright 2019, 2020 OCI Contributors
// Copyright 2017 Docker, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package digest package digest
import ( import (