From a3252d015392870f033916e1ac4b945e76159987 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 23 Jan 2023 20:15:12 +0100 Subject: [PATCH] Release v5.24.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now supports both creating and verifying sigstore signatures that use Fulcio and Rekor. A New API for signing images during copy. docker-archive: now can read non-seekable streams. Improved error messages for registry errors. - Introduce oci/{archive,layout}.ImageNotFoundError - Don't use any default path fallbacks if the user specified a path - Introduce signature/sigstore.NewSigner - Introduce signature/simplesigning.NewSigner - Add pkg/cli/sigstore - Add functional-option NewPRSigstoreSigned - Add signature/sigstore.GenerateKeyPair - Avoid confusion about 404 on lookaside - Heuristically warn about lookaside servers serving HTML - Add a limit for the total number of signatures in lookaside - Update the public.ecr.aws error with current data - Add a test for isManifestUnknownError - Consolidate handleErrorResponse calls to registryHTTPResponseToError - Discard any but the first element of errcode.Errors - Add more detailed error tests - Make invalid HTTP bodies unwrappable as unexpectedHTTPResponseError - Use registryHTTPResponseToError on /tags/list failure - Simplify error messages using the default error text - Use registryHttpResponseToError in many more places - set directory transport destination as thread-safe - Recognize invalid error responses of registry.redhat.io - Make the pseudo-config used in sigstore attachments a bit more valid - Convert TestSignatureStorageBaseURL to table-based - Don't call net/url.URL.Parse when we mean net/url.Parse - Rename all "url" variables to something else - Fix documentation comment of the stubs package - Simplify ociReference.getManifestDescriptor - Simplify ociReference.getManifestDescriptor a bit - Fix typos - Remove unnecessary conversions - Actually test the caller-requested function - Remove ineffective assignments - Fix an always-true condition - Fix unordered list formatting in containers-policy.json(5) - docker/reference: reduce regex compilations - docker/reference/regexp.go: constify strings - docker/reference.literal: return QuoteMeta directly - docker/reference.expression: use strings.Join() - Run (gofmt -s) - Don't incorrectly report success on failure paths - Clarify the semantics of the optional.creator field in simple signature payload - Call x509.SystemCertPool directly instead of tlsconfig.SystemCertPool - Remove sockets.DialerFromEnvironment - Use io.SeekStart instead of a hard-coded 0 - Add support for non-seekable files in docker-archive: sources - Add comments to BlobInfo to warn against adding more edit fields - Split test data from TestV1RegistriesConfNonempty and TestV2RegistriesConfNonempty - Reject files mixing v1 and v2 registries.conf, even with empty fields - Fix a typo - Move the "human-readable description" of a helper into setAuthToCredHelper - Correctly report a credHelpers location in SetCredentials - Add missing documentation of build tags - Fix comments about exponential backoff with Retry-After - storage source: Don't store small blobs on disk in GetBlob() - config: use `authPath` struct consistently - config: Make parsing function a method on authFile - storage: Immediately unlink tmpfile - Don't duplicate the getPathToAuth rules for user-specified paths in getAuthPaths - Move killGPGAgent into a helper package - Terminate the GPG agent spawned by c/image/signature tests - Speed up pkg/blobcache tests - Turn copy.TestCreateSignature into a table-based test - Reorder the tests in copy.TestCreateSignature - Add a test case for signing dir: with an explicit identity - Fix a documentation typo - Return a generic signature.Signature from SignDockerManifestWithPrivateKeyFileUnstable - Introduce Signer = internal/signer.Signer, and internal/signer.SignerImplementation - Introduce signature/sigstore/internal.SigstoreSigner - Make SigstoreSigner implement signer.SignerImplementation - Rename signature/sigstore/sign.go to signer.go - Consolidate the two signing implementations to copier.createSignatureWithSigner - Refactor copy.Image to sign using []*signer.Signer - Add copy.Options.Signers - Don't use GPG in copy.TestCreateSignatures - Make sure value types also implement json.Marshaler - Add signature/internal.UntrustedRekor{SET,Payload} - Refactor SigstoreSigner.SignImageManifest a bit - Rekor upload - Move the docker client User-Agent value to a shared subpackage - Add Fulcio with OIDC authentication - Add Fulcio with user-provided OIDC token - Drop dead code that causes a regex compilation on init - Do not preallocate regex in init program - Replace copy&pasted code by a shared modifiedJSON function - Add VerifyRekorSET - manifest: pull Variant from an OCI config - Remove left-over logging from test development - Cirrus: Use F37 CI VM Image - Add Fulcio certificate acceptance logic - Split loadBytesFromDataOrPath and prepareTrustRoot in prSigstoreSigned - Make a part of TestPRSigstoreSignedIsSignatureAccepted table-driven - Split sigstore configuration parsing and API into separate files - Add tests to reject neither of keyPath / keyData being set - Add support for Fulcio and Rekor to sigstoreSigned Signed-off-by: Miloslav Trmač --- version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version/version.go b/version/version.go index aa9f2e2b4e..83e576ead5 100644 --- a/version/version.go +++ b/version/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-dev" + VersionDev = "" ) // Version is the specification version that the package types support.