mirror of
https://github.com/containers/podman.git
synced 2025-10-20 12:43:58 +08:00
vendor: update docker v28 and c/{common,image}
Update to the latest c/{common,image} which inclused an update to docker v28, that update is NOT backwards compatible so I had to fix a few types. NOTE: handler.ExecCreateConfig is used directly by the bindings. Thus this is an API break for pkg/bindings. Including docker types as part of any stable pkg/bindings API was a very bad idea. I see no way to avoid that unless we never want to docker v28, which is not easy as the update comes in from c/image and maybe other packages. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
14
vendor/github.com/sigstore/protobuf-specs/COPYRIGHT.txt
generated
vendored
Normal file
14
vendor/github.com/sigstore/protobuf-specs/COPYRIGHT.txt
generated
vendored
Normal file
@ -0,0 +1,14 @@
|
||||
|
||||
Copyright 2022 The Sigstore Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
202
vendor/github.com/sigstore/protobuf-specs/LICENSE
generated
vendored
Normal file
202
vendor/github.com/sigstore/protobuf-specs/LICENSE
generated
vendored
Normal file
@ -0,0 +1,202 @@
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
1258
vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go
generated
vendored
Normal file
1258
vendor/github.com/sigstore/protobuf-specs/gen/pb-go/common/v1/sigstore_common.pb.go
generated
vendored
Normal file
File diff suppressed because it is too large
Load Diff
206
vendor/github.com/sigstore/sigstore/pkg/signature/algorithm_registry.go
generated
vendored
Normal file
206
vendor/github.com/sigstore/sigstore/pkg/signature/algorithm_registry.go
generated
vendored
Normal file
@ -0,0 +1,206 @@
|
||||
//
|
||||
// Copyright 2024 The Sigstore Authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package signature
|
||||
|
||||
import (
|
||||
"crypto"
|
||||
"crypto/ecdsa"
|
||||
"crypto/ed25519"
|
||||
"crypto/elliptic"
|
||||
"crypto/rsa"
|
||||
"fmt"
|
||||
|
||||
v1 "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
|
||||
)
|
||||
|
||||
// PublicKeyType represents the public key algorithm for a given signature algorithm.
|
||||
type PublicKeyType uint
|
||||
|
||||
const (
|
||||
// RSA public key
|
||||
RSA PublicKeyType = iota
|
||||
// ECDSA public key
|
||||
ECDSA
|
||||
// ED25519 public key
|
||||
ED25519
|
||||
)
|
||||
|
||||
// RSAKeySize represents the size of an RSA public key in bits.
|
||||
type RSAKeySize int
|
||||
|
||||
type algorithmDetails struct {
|
||||
// knownAlgorithm is the signature algorithm that the following details refer to.
|
||||
knownAlgorithm v1.PublicKeyDetails
|
||||
|
||||
// keyType is the public key algorithm being used.
|
||||
keyType PublicKeyType
|
||||
|
||||
// hashType is the hash algorithm being used.
|
||||
hashType crypto.Hash
|
||||
|
||||
// extraKeyParams contains any extra parameters required to check a given public key against this entry.
|
||||
//
|
||||
// The underlying type of these parameters is dependent on the keyType.
|
||||
// For example, ECDSA algorithms will store an elliptic curve here whereas, RSA keys will store the key size.
|
||||
// Algorithms that don't require any extra parameters leave this set to nil.
|
||||
extraKeyParams interface{}
|
||||
|
||||
// flagValue is a string representation of the signature algorithm that follows the naming conventions of CLI
|
||||
// arguments that are used for Sigstore services.
|
||||
flagValue string
|
||||
}
|
||||
|
||||
func (a algorithmDetails) GetRSAKeySize() (RSAKeySize, error) {
|
||||
if a.keyType != RSA {
|
||||
return 0, fmt.Errorf("unable to retrieve RSA key size for key type: %T", a.keyType)
|
||||
}
|
||||
rsaKeySize, ok := a.extraKeyParams.(RSAKeySize)
|
||||
if !ok {
|
||||
// This should be unreachable.
|
||||
return 0, fmt.Errorf("unable to retrieve key size for RSA, malformed algorithm details?: %T", a.keyType)
|
||||
}
|
||||
return rsaKeySize, nil
|
||||
}
|
||||
|
||||
func (a algorithmDetails) GetECDSACurve() (*elliptic.Curve, error) {
|
||||
if a.keyType != ECDSA {
|
||||
return nil, fmt.Errorf("unable to retrieve ECDSA curve for key type: %T", a.keyType)
|
||||
}
|
||||
ecdsaCurve, ok := a.extraKeyParams.(elliptic.Curve)
|
||||
if !ok {
|
||||
// This should be unreachable.
|
||||
return nil, fmt.Errorf("unable to retrieve curve for ECDSA, malformed algorithm details?: %T", a.keyType)
|
||||
}
|
||||
return &ecdsaCurve, nil
|
||||
}
|
||||
|
||||
func (a algorithmDetails) checkKey(pubKey crypto.PublicKey) (bool, error) {
|
||||
switch a.keyType {
|
||||
case RSA:
|
||||
rsaKey, ok := pubKey.(*rsa.PublicKey)
|
||||
if !ok {
|
||||
return false, nil
|
||||
}
|
||||
keySize, err := a.GetRSAKeySize()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return rsaKey.Size()*8 == int(keySize), nil
|
||||
case ECDSA:
|
||||
ecdsaKey, ok := pubKey.(*ecdsa.PublicKey)
|
||||
if !ok {
|
||||
return false, nil
|
||||
}
|
||||
curve, err := a.GetECDSACurve()
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return ecdsaKey.Curve == *curve, nil
|
||||
case ED25519:
|
||||
_, ok := pubKey.(ed25519.PublicKey)
|
||||
return ok, nil
|
||||
}
|
||||
return false, fmt.Errorf("unrecognized key type: %T", a.keyType)
|
||||
}
|
||||
|
||||
func (a algorithmDetails) checkHash(hashType crypto.Hash) bool {
|
||||
return a.hashType == hashType
|
||||
}
|
||||
|
||||
// Note that deprecated options in PublicKeyDetails are not included in this
|
||||
// list, including PKCS1v1.5 encoded RSA. Refer to the v1.PublicKeyDetails enum
|
||||
// for more details.
|
||||
var supportedAlgorithms = []algorithmDetails{
|
||||
{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_2048_SHA256, RSA, crypto.SHA256, RSAKeySize(2048), "rsa-sign-pkcs1-2048-sha256"},
|
||||
{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_3072_SHA256, RSA, crypto.SHA256, RSAKeySize(3072), "rsa-sign-pkcs1-3072-sha256"},
|
||||
{v1.PublicKeyDetails_PKIX_RSA_PKCS1V15_4096_SHA256, RSA, crypto.SHA256, RSAKeySize(4096), "rsa-sign-pkcs1-4096-sha256"},
|
||||
{v1.PublicKeyDetails_PKIX_RSA_PSS_2048_SHA256, RSA, crypto.SHA256, RSAKeySize(2048), "rsa-sign-pss-2048-sha256"},
|
||||
{v1.PublicKeyDetails_PKIX_RSA_PSS_3072_SHA256, RSA, crypto.SHA256, RSAKeySize(3072), "rsa-sign-pss-3072-sha256"},
|
||||
{v1.PublicKeyDetails_PKIX_RSA_PSS_4096_SHA256, RSA, crypto.SHA256, RSAKeySize(4096), "rsa-sign-pss-4092-sha256"},
|
||||
{v1.PublicKeyDetails_PKIX_ECDSA_P256_SHA_256, ECDSA, crypto.SHA256, elliptic.P256(), "ecdsa-sha2-256-nistp256"},
|
||||
{v1.PublicKeyDetails_PKIX_ECDSA_P384_SHA_384, ECDSA, crypto.SHA384, elliptic.P384(), "ecdsa-sha2-384-nistp384"},
|
||||
{v1.PublicKeyDetails_PKIX_ECDSA_P521_SHA_512, ECDSA, crypto.SHA512, elliptic.P521(), "ecdsa-sha2-512-nistp521"},
|
||||
{v1.PublicKeyDetails_PKIX_ED25519, ED25519, crypto.Hash(0), nil, "ed25519"},
|
||||
{v1.PublicKeyDetails_PKIX_ED25519_PH, ED25519, crypto.SHA512, nil, "ed25519-ph"},
|
||||
}
|
||||
|
||||
// AlgorithmRegistryConfig represents a set of permitted algorithms for a given Sigstore service or component.
|
||||
//
|
||||
// Individual services may wish to restrict what algorithms are allowed to a subset of what is covered in the algorithm
|
||||
// registry (represented by v1.PublicKeyDetails).
|
||||
type AlgorithmRegistryConfig struct {
|
||||
permittedAlgorithms []algorithmDetails
|
||||
}
|
||||
|
||||
// getAlgorithmDetails retrieves a set of details for a given v1.PublicKeyDetails flag that allows users to
|
||||
// introspect the public key algorithm, hash algorithm and more.
|
||||
func getAlgorithmDetails(knownSignatureAlgorithm v1.PublicKeyDetails) (*algorithmDetails, error) {
|
||||
for _, detail := range supportedAlgorithms {
|
||||
if detail.knownAlgorithm == knownSignatureAlgorithm {
|
||||
return &detail, nil
|
||||
}
|
||||
}
|
||||
return nil, fmt.Errorf("could not find algorithm details for known signature algorithm: %s", knownSignatureAlgorithm)
|
||||
}
|
||||
|
||||
// NewAlgorithmRegistryConfig creates a new AlgorithmRegistryConfig for a set of permitted signature algorithms.
|
||||
func NewAlgorithmRegistryConfig(algorithmConfig []v1.PublicKeyDetails) (*AlgorithmRegistryConfig, error) {
|
||||
permittedAlgorithms := make([]algorithmDetails, 0, len(supportedAlgorithms))
|
||||
for _, algorithm := range algorithmConfig {
|
||||
a, err := getAlgorithmDetails(algorithm)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
permittedAlgorithms = append(permittedAlgorithms, *a)
|
||||
}
|
||||
return &AlgorithmRegistryConfig{permittedAlgorithms: permittedAlgorithms}, nil
|
||||
}
|
||||
|
||||
// IsAlgorithmPermitted checks whether a given public key/hash algorithm combination is permitted by a registry config.
|
||||
func (registryConfig AlgorithmRegistryConfig) IsAlgorithmPermitted(key crypto.PublicKey, hash crypto.Hash) (bool, error) {
|
||||
for _, algorithm := range registryConfig.permittedAlgorithms {
|
||||
keyMatch, err := algorithm.checkKey(key)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if keyMatch && algorithm.checkHash(hash) {
|
||||
return true, nil
|
||||
}
|
||||
}
|
||||
return false, nil
|
||||
}
|
||||
|
||||
// FormatSignatureAlgorithmFlag formats a v1.PublicKeyDetails to a string that conforms to the naming conventions
|
||||
// of CLI arguments that are used for Sigstore services.
|
||||
func FormatSignatureAlgorithmFlag(algorithm v1.PublicKeyDetails) (string, error) {
|
||||
for _, a := range supportedAlgorithms {
|
||||
if a.knownAlgorithm == algorithm {
|
||||
return a.flagValue, nil
|
||||
}
|
||||
}
|
||||
return "", fmt.Errorf("could not find matching flag for signature algorithm: %s", algorithm)
|
||||
}
|
||||
|
||||
// ParseSignatureAlgorithmFlag parses a string produced by FormatSignatureAlgorithmFlag and returns the corresponding
|
||||
// v1.PublicKeyDetails value.
|
||||
func ParseSignatureAlgorithmFlag(flag string) (v1.PublicKeyDetails, error) {
|
||||
for _, a := range supportedAlgorithms {
|
||||
if a.flagValue == flag {
|
||||
return a.knownAlgorithm, nil
|
||||
}
|
||||
}
|
||||
return v1.PublicKeyDetails_PUBLIC_KEY_DETAILS_UNSPECIFIED, fmt.Errorf("could not find matching signature algorithm for flag: %s", flag)
|
||||
}
|
Reference in New Issue
Block a user