Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.55 backports plus bump to v0.55.3 #1560

Merged
merged 3 commits into from
Jul 13, 2023
Merged

0.55 backports plus bump to v0.55.3 #1560

merged 3 commits into from
Jul 13, 2023

Conversation

vrothberg
Copy link
Member

Backport of #1505

@Luap99 @flouthoc PTAL

vrothberg added 3 commits July 13, 2023 09:09
@vrothberg
libimage: harden lookup by digest
4e0089c 
When looking up an image by digest, make sure that the entire repository
of the specified value is considered.  Previously, both the repository
and the tag have been ignored and we looked for _some_ image with a
matching digest.

As outlined in containers#1248, Docker stopped ignoring the repository with
version v20.10.20 (Oct '22) which is a compelling reason to do the same.

To be clear, previously `something@digest` would look for any image with
`digest` while `something` is entirely ignored.  With this change, both
`something` and `digest` must match the image.

This change breaks two e2e tests in Podman CI which relied on the
previous behavior.  There is a risk of breaking users but there is a
strong security argument to perform this change:  if the repository does
not match the (previously) returned issue, there is a fair chance of a
user error.

Fixes: containers#1248
Signed-off-by: Valentin Rothberg <[email protected]>
@vrothberg
v0.55.2
2e7548a 
* libimage: harden lookup by digest
* libimage: HasDifferentDigest: add InsecureSkipTLSVerify option

Signed-off-by: Valentin Rothberg <[email protected]>
@vrothberg
bump to v0.55.3-dev
4094e61 
Signed-off-by: Valentin Rothberg <[email protected]>
Luap99
Luap99 approved these changes Jul 13, 2023
View reviewed changes
Copy link
Member

@Luap99 Luap99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jul 13, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 6051c67 into containers:v0.55 Jul 13, 2023
@vrothberg vrothberg deleted the 0.55-backports branch July 13, 2023 08:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Luap99 Luap99 Luap99 approved these changes

Assignees

@Luap99 Luap99

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vrothberg @Luap99 @openshift-merge-robot