github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-15 20:07:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
478 Commits 38 Branches 132 Tags
9194fea6d4f15de6190586f540a584a6fd44502b
Commit Graph

478 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Stan 9194fea6d4 Add a way to list imports and files used by specific binaries 
This commit adds a new Make target that makes use of go list to show directly
imported packages and used files in a given binary.
This target should be added in all future targets that build binaries, if listing
imported packages and used files is important.
Existing targets were modified to include build-metadata. Also, since build-metadata
depends on EXTENSIONS variable, a dummy tag is used to overwrite the defaults of
this variable in case of minimal-type targets.

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-07-08 11:23:15 -07:00
Ramkumar Chinchani 4ae1a908a0 fix dependabot alerts CVE-2022-33082/GHSA-2m4x-4q9j-w97g 
https://github.com/project-zot/zot/security/dependabot/24

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-07-07 23:58:51 -07:00
Petu Eusebiu 6d5b208e93 build: remove swagger install in stacker files 
it is currently installed in the Makefile

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
v1.4.2-rc2 		2022-07-04 12:33:11 -07:00
Petu Eusebiu 7954add73a Fix data races in tests closes #599, closes #598 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-06-30 13:33:47 -07:00
Alex Stan ada21ed842 Manage builds with different combinations of extensions 
Files were added to be built whether an extension is on or off.
New build tags were added for each extension, while minimal and extended disappeared.

added custom binary naming depending on extensions used and changed references from binary to binary-extended

added automated blackbox tests for sync, search, scrub, metrics

added contributor guidelines

Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
v1.4.2-rc1 		2022-06-30 09:53:52 -07:00
Petu Eusebiu 616d5f8a6d zb: replace map with sync.Map to avoid concurrent writes closes #582 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-06-28 08:47:34 -07:00
Ramkumar Chinchani eed48c1715 refactor filenames to reflect functionality 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-06-21 21:42:54 -07:00
Petu Eusebiu a04f870a22 Periodically sync golang image from dockerhub to ghcr.io 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-06-16 23:42:50 -07:00
Catalin Hofnar a8a65a6c37 Modified sync log calls to include error type (#336) 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-06-15 09:45:49 -07:00
Lisca Ana-Roberta 111b80625d added repos command to list repositories 
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
 2022-06-15 02:22:18 -07:00
Alex Stan 66484c8ca9 changed go version to 1.18 
Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
 2022-06-09 04:38:06 -07:00
Shivam Mishra 620bc7c517 routes: strip query parameter from request URL 
reuqest url also contains query parameter due to this in some scenarios
location header is setting up incorrectly, strip query parameter from
request url to correctly setup location header.

Closes #573 #575

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
v1.4.1 v1.4.1-rc6 		2022-06-08 22:50:37 -07:00
Shivam Mishra f52c950d04 fix sample request url in search extension README 
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-06-07 11:24:19 -07:00
Ramkumar Chinchani 0edee009c0 fix CVE-2022-28946/GHSA-x7f3-62pm-9p38 
https://github.com/project-zot/zot/security/dependabot/17
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-06-06 11:43:36 -07:00
Ramkumar Chinchani d07de27402 fix CVE-2022-26945/GHSA-x24g-9w7v-vprh 
https://github.com/project-zot/zot/security/dependabot/22

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-06-06 11:43:36 -07:00
Catalin Hofnar 0b6fdc23ea Added sync onDemand test for ORAS artifact 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-06-06 10:38:42 -07:00
Shivam Mishra b61aff62cd check notary v2 signature while looking for available signatures 
expanded repo info also provides information if manifests of repo is signed or not
previously it was looking for only cosign signature.

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-06-03 17:45:22 -07:00
laurentiuNiculae c9b32c73ae added more types of severity 
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-06-03 09:44:54 -07:00
Andreea-Lupu 081ba0b2f2 fix periodic background tasks - gc and scrub 
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
v1.4.1-rc5 		2022-06-02 08:58:02 -07:00
Petu Eusebiu d0b52612a2 ci/cd: Fix arm builds, use distroless final image 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-30 10:38:55 -07:00
Lisca Ana-Roberta 62775cc095 fixed failed tests for all skopeo versions 
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

skopeo verifications

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

skopeo verifications modified makefile

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

modified how to get digest and fixed makefile

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

fixed failed tests for all skopeo versions

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

echo skopeo version

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

skopeo verifications

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

skopeo verifications modified makefile

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

modified how to get digest and fixed makefile

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

skopeo failed tests fixed

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

changed function name

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

fixed lost modifications

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>

fixed code coverage and dead code

Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
 2022-05-27 08:19:07 -07:00
Lisca Ana-Roberta e5a14670db code coverage improvement 
Signed-off-by: Lisca Ana-Roberta <ana.kagome@yahoo.com>
 2022-05-26 08:54:05 -07:00
Ramkumar Chinchani dbe23e58f9 fix CVE-2022-28948/GHSA-hp87-p4gw-j4gq 
https://github.com/project-zot/zot/security/dependabot/18

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-25 15:13:45 -07:00
Shivam Mishra 0dd00e7883 fix extension endpoints 
Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-25 13:46:43 -07:00
Ramkumar Chinchani 6b841809e3 fix CVE-2022-29173/GHSA-66x3-6cw3-v5gj 
https://github.com/project-zot/zot/security/dependabot/16

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-25 11:34:24 -07:00
Petu Eusebiu da4acaf178 sync: preserve upstream digests after syncing images 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-25 10:19:36 -07:00
Petu Eusebiu bd730150a8 sync: allow HTTP redirects when GETing signatures blobs 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-25 10:19:36 -07:00
Petu Eusebiu aeb8a5da39 sync: specify contentType in headers when GETing cosign manifest 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-25 10:19:36 -07:00
Shivam Mishra dcdeb935fd use zot as an extension name, ext as a component and search as a module 
add endpoints field in ext discover api

distribution spec extension discover api has endpoints field required.

https://github.com/opencontainers/distribution-spec/blob/main/extensions/_oci.md#extensions-property-descriptions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-24 19:12:40 -07:00
Petu Eusebiu 5e22acbbc4 s3: added logic for deduping blobs 
Because s3 doesn't support hard links we store duplicated blobs
as empty files. When the original blob is deleted its content is
moved to the the next duplicated blob and so on.

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-24 17:00:10 -07:00
Petu Eusebiu ad08c08986 cluster: use zb source ips pool to distribute requests to cluster 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-24 15:19:23 -07:00
Petu Eusebiu ca8b866c46 zb: pick client IPs from a pool, closes #472 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-24 15:19:23 -07:00
Ramkumar Chinchani a5e091e3d2 fix CVE-2022-29162/GHSA-f3fp-gc8g-vw66 
https://github.com/project-zot/zot/security/dependabot/15

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-24 12:53:48 -07:00
Ramkumar Chinchani 3ca2393dec fix stacker build file to include compatible glibc runtime 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
v1.4.1-rc4 		2022-05-22 23:01:01 -07:00
Shivam Mishra 36c9631000 ext: use distribution spec route prefix for extension api 
Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
v1.4.1-rc3 		2022-05-22 16:35:16 -07:00
Ramkumar Chinchani c1bf4456d0 update cosign deps 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-22 09:15:01 -07:00
laurentiuNiculae 7d8af50aec mocked tests for routes 
Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-05-20 13:27:09 -07:00
Ramkumar Chinchani 287ac05ddc update linter version to 1.46.2 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-20 11:53:56 -07:00
Ramkumar Chinchani 32afe712d6 build: fix base image in stacker files 
Revert 058bbb94c6
Use alpine:3

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-20 10:38:44 -07:00
Catalin Hofnar 7c477f5ba3 Changed Github workflow to cache dependencies 
Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-05-19 09:44:52 -07:00
Petu Eusebiu 799eab63a9 clustering: Give time to minio container to come up 
Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
v1.4.1-rc2 		2022-05-18 10:35:26 -07:00
Petu Eusebiu 7c3a8f9d07 Report unknown keys when parsing configuration files 
Report missing mandatory ldap keys

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
 2022-05-16 14:13:31 -07:00
Catalin Hofnar 20a60cbad4 Enhance sync logic - stop blob redownloads and re-pushes (#479 #480) 
Changed imagesToCopyFromUpstream to return a map[string][]types.ImageReference from just an array of refs
Rewrote some logic in sync.go to use the new signature of imagesToCopyFromUpstream
Split getLocalImageRef by adding function getLocalCachePath
Adapted tests for new changes, added some tests
Merged #481

Signed-off-by: Catalin Hofnar <catalin.hofnar@gmail.com>
 2022-05-16 10:05:01 -07:00
Shivam Mishra c2245bf412 add failfast flag in go test 
this flag disables running additional tests after any test fails.

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-13 18:53:24 -07:00
Ramkumar Chinchani 058bbb94c6 stacker builds: use a different base image 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-12 11:32:42 -07:00
Ramkumar Chinchani 0eed4fbed2 zb: fix usage help output 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-10 09:50:01 -07:00
Shivam Mishra e04a9bf6e2 use TempDir instead of /tmp/zot in tests 
Closes #508

Signed-off-by: Shivam Mishra <shimish2@cisco.com>
 2022-05-05 10:38:53 -07:00
Ramkumar Chinchani 97173a54dd add a CODEOWNERS file 
Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-04 11:52:28 -07:00
Ramkumar Chinchani 6d593b468f dependabot alert: fix CVE-2022-29810 
https://github.com/project-zot/zot/security/dependabot/14

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
 2022-05-03 14:36:41 -07:00
laurentiuNiculae bb95af5b4d default policy only authorization 
unit tests for manifest integrity when updating

Signed-off-by: laurentiuNiculae <themelopeus@gmail.com>
 2022-05-03 11:46:55 -07:00