TrueCloudLab/distribution
13
0
Fork 3
Code Issues 3 Pull requests Projects Releases 2 Packages Wiki Activity Actions
2757 commits 2 branches 61 tags 129 MiB
Commit graph

2757 commits

This branch
This branch
All branches
Author SHA1 Message Date
Milos Gajdos
ae58bde985
Fix gofmt warnings 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2023-05-09 18:58:38 +01:00
Sebastiaan van Stijn
3f2a4e24a7
update to go1.19.9 
Added back minor versions in these, so that we have a somewhat more
reproducible state in the repository when tagging releases.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 322eb4eecf)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 17:57:57 +02:00
Sebastiaan van Stijn
9c04409fdb
[release/2.8] ignore deprecation of io/ioutil 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 17:57:28 +02:00
Milos Gajdos
b791fdc2c6
Merge pull request #3907 from thaJeztah/2.8_backport_update_xx 
[release/2.8 backport] Dockerfile: update xx to v1.2.1
 2023-05-09 15:58:05 +01:00
Sebastiaan van Stijn
3d8f3cc4a5
Dockerfile: update xx to v1.2.1 
full diff: https://github.com/tonistiigi/xx/compare/v1.1.1...v1.2.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8c4d2b9d65)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 15:32:28 +02:00
Milos Gajdos
d3fac541b1
Merge pull request #3903 from thaJeztah/2.8_bump_go_118 
[release/2.8] bump up golang version (alternative)
 2023-05-09 13:59:02 +01:00
Wang Yan
70db3a46d9
bump up golang version 
upgrade go version to v1.18.8

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2023-05-09 10:59:43 +02:00
CrazyMax
db1389e043
dockerfiles: formatting 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 0e17e54091)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 10:59:43 +02:00
CrazyMax
018472de2d
dockerfiles: set ALPINE_VERSION 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit b066451b40)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 10:59:42 +02:00
CrazyMax
19b3feb5df
Update to xx 1.1.1 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 52a88c596b)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 10:59:42 +02:00
CrazyMax
14bd72bcf8
Dockerfile: switch to xx 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 87f93ede9e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 10:59:42 +02:00
Wang Yan
2392893bcf
bump up golang v1.17 
Signed-off-by: Wang Yan <wangyan@vmware.com>
(cherry picked from commit 3f4c558dac)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 10:59:38 +02:00
Sebastiaan van Stijn
092a2197ff
[release/2.8] fix package name in Dockerfile 
The 2.8 release is still named github.com/docker/distribution.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-05-09 10:53:15 +02:00
Milos Gajdos
82d6c3d007
Merge pull request #3815 from wy65701436/release/2.8-cp-3615 
[release/2.8] Fix panic in inmemory driver
 2023-04-17 15:58:21 +01:00
Shengjing Zhu
ad5991de09 Fix panic in inmemory driver 
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2022-12-04 22:47:15 +08:00
Hayley Swimelar
dc5b207fdd
Merge pull request #3650 from thaJeztah/2.8_bump_alpine 
[release/2.8 backport] Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16
 2022-05-26 09:32:25 -07:00
Silvin Lubecki
38018aeb5d
Fix CVE-2022-28391 by bumping alpine from 3.15 to 3.16 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9f2bc25b7a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-05-26 13:25:35 +02:00
Milos Gajdos
b5ca020cfb
Merge pull request #3605 from milosgajdos/update-release-notes 
Update 2.8.1. release notes
 2022-03-08 17:52:36 +00:00
Milos Gajdos
1b5f094086
Merge pull request #3604 from crazy-max/2.8-go-1.16.15 
go 1.16.15
 2022-03-08 17:15:10 +00:00
Milos Gajdos
96cc1fdb3c
FIx typo 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2022-03-08 17:14:24 +00:00
Milos Gajdos
e744906f09
Update 2.8.1. release notes 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2022-03-08 17:11:29 +00:00
CrazyMax
3df9fce2be
go 1.16.15 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2022-03-08 17:54:16 +01:00
Milos Gajdos
9a0196b801
Merge pull request #3596 from milosgajdos/fix-go-mod-v2.8.1 
Prepare for v2.8.1 release
 2022-03-01 11:37:47 +00:00
Milos Gajdos
6736d1881a
Prepare for v2.8.1 release 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2022-02-24 13:44:40 +00:00
Milos Gajdos
e4a447d0d7
Merge pull request #3595 from crazy-max/2.8-ci-gitref 
[2.8 backport] ci: use proper git ref for versioning
 2022-02-23 08:59:59 +00:00
CrazyMax
80acbdf0a2
ci: use proper git ref for versioning 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit fabf9cd4e9)
 2022-02-22 22:05:10 +01:00
Milos Gajdos
dcf66392d6
Update README so the release pipeline works properly. 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2022-02-07 15:40:21 +00:00
Milos Gajdos
212b38ed22
Merge pull request #3552 from milosgajdos/v2.8.0-release 
Prepare for v2.8.0 release
 2022-01-21 12:46:32 +00:00
Milos Gajdos
359b97a75a
Merge pull request #3568 from crazy-max/2.8-artifacts 
[2.8] Release artifacts
 2022-01-21 12:11:22 +00:00
Milos Gajdos
d5d89a46a3
Make this releaes a beta release first. 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2022-01-21 11:36:41 +00:00
CrazyMax
6241e099e1
[2.8] Release artifacts 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2022-01-19 16:54:30 +01:00
Milos Gajdos
1840415ca8
Merge pull request #3565 from crazy-max/2.8-gha 
[2.8] Release workflow
 2022-01-13 16:56:37 +00:00
CrazyMax
65ca39e605
release workflow 
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
 2022-01-12 16:34:14 +01:00
Milos Gajdos
1ddad0bad8
Apply suggestions from code review 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2021-12-22 09:13:32 +00:00
Milos Gajdos
3960a560bb
Prepare for v2.8.0 release 
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
 2021-12-21 13:24:39 +00:00
Milos Gajdos
3b7b534569
Merge pull request from GHSA-qq97-vm5h-rrhg 
[release/2.7] manifest: validate document type before unmarshal
 2021-11-23 19:16:40 +00:00
Milos Gajdos
afe85428bb
Merge pull request #3466 from thaJeztah/2.7_update_jwt 
[release/2.7] github.com/golang-jwt/jwt v3.2.2
 2021-11-23 09:10:53 +00:00
Milos Gajdos
f7365390ef
Merge pull request #3535 from thaJeztah/2.7_bump_oci_specs 2021-11-18 08:34:49 +00:00
Sebastiaan van Stijn
97f6daced4
[release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2 
(previous version vendored was v1.0.0)

full diff: ab7389ef9f...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-11-17 22:31:14 +01:00
Milos Gajdos
4313c14723
Merge pull request #3531 from wy65701436/fix-rand 
[release/2.7]fix go check issues
 2021-11-17 20:14:46 +00:00
Wang Yan
9a3ff11330 fix go check issues 
G404: Replace math rand with crypto rand

Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-11-16 17:46:08 +08:00
Samuel Karp
10ade61de9
manifest: validate document type before unmarshal 
Signed-off-by: Samuel Karp <skarp@amazon.com>
 2021-11-05 10:16:09 -07:00
Milos Gajdos
691e62e7ef
Merge pull request #3495 from thaJeztah/2.7_backport_must 
[release/2.7 backport] Change should to must in v2 spec
 2021-09-08 14:44:47 +01:00
Justin Cormack
19b573a6f7
Change should to must in v2 spec 
We found some examples of manifests with URLs specififed that did
not provide a digest or size. This breaks the security model by allowing
the content to change, as it no longer provides a Merkle tree. This
was not intended, so explicitly disallow by tightening wording.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 1660df4b60)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-09-08 15:24:07 +02:00
Sebastiaan van Stijn
c5679da3a1
[release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1 
to address CVE-2020-26160

full diff: a601269ab7...v3.2.2

3.2.1 release notes
---------------------------------------

- Import Path Change: See MIGRATION_GUIDE.md for tips on updating your code
  Changed the import path from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt
- Fixed type confusion issue between string and []string in VerifyAudience.
  This fixes CVE-2020-26160

3.2.2 release notes
---------------------------------------

- Starting from this release, we are adopting the policy to support the most 2
  recent versions of Go currently available. By the time of this release, this
  is Go 1.15 and 1.16.
- Fixed a potential issue that could occur when the verification of exp, iat
  or nbf was not required and contained invalid contents, i.e. non-numeric/date.
  Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally
  reporting it to the formtech fork.
- Added support for EdDSA / ED25519.
- Optimized allocations.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-08-10 13:05:39 +02:00
Wang Yan
61e7e20823
Merge pull request #3472 from thaJeztah/2.7_update_go116 
[release/2.7] update to go1.16
 2021-08-10 18:59:49 +08:00
Sebastiaan van Stijn
d836b23fc2
[release/2.7] update to go1.16 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-08-10 11:32:03 +02:00
Milos Gajdos
18230b7b34
Merge pull request #3384 from wy65701436/release/2.7-cp-3169 
[backport release/2.7]Added flag for user configurable cipher suites
 2021-03-23 15:23:04 +00:00
Milos Gajdos
51636a6711
Merge pull request #3385 from wy65701436/release/2.7-ci 
enable ci for release/2.7
 2021-03-23 15:22:46 +00:00
Derek McGowan
09109ab50a Fix gosimple checks 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Signed-off-by: Wang Yan <wangyan@vmware.com>
 2021-03-23 21:03:20 +08:00