Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package gitlab-container-registry for
openSUSE:Factory checked in at 2026-06-28 21:07:49
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gitlab-container-registry (Old)
and /work/SRC/openSUSE:Factory/.gitlab-container-registry.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gitlab-container-registry"
Sun Jun 28 21:07:49 2026 rev:26 rq:1362095 version:4.40.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/gitlab-container-registry/gitlab-container-registry.changes
2026-05-28 17:32:16.976987753 +0200
+++
/work/SRC/openSUSE:Factory/.gitlab-container-registry.new.11887/gitlab-container-registry.changes
2026-06-28 21:08:42.742478602 +0200
@@ -1,0 +2,39 @@
+Sun Jun 28 06:50:25 UTC 2026 - Johannes Kastl
<[email protected]>
+
+- Update to version 4.40.2:
+ * Bug Fixes
+ - driver/s3-v2: make retry delayer stateless (e927a39)
+ - driver/s3-v2: strip request checksum and inject content-md5
+ when checksum_disabled (71ff9d7)
+ - handlers: defer router init until metadata DB resolves
+ prefer-fallback (685b376)
+ - s3: fix panic in Stat() call (5bcb779)
+ * Build
+ - deps: update module github.com/alicebob/miniredis/v2 to
+ v2.38.0 (5bbd451)
+ - deps: update module github.com/aws/aws-sdk-go-v2/config to
+ v1.32.17 (54cfdf1)
+ - deps: update module github.com/aws/aws-sdk-go-v2/config to
+ v1.32.20 (ae32dec)
+ - deps: update module github.com/aws/aws-sdk-go-v2/config to
+ v1.32.25 (0dc8ad4)
+ - deps: update module github.com/aws/aws-sdk-go-v2/credentials
+ to v1.19.16 (5fdc189)
+ - deps: update module github.com/aws/aws-sdk-go-v2/credentials
+ to v1.19.24 (15b7b82)
+ - deps: update module
+ github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign to
+ v1.10.0 (5c608ed)
+ - deps: update module
+ github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign to
+ v1.11.0 (a2cd23b)
+ - deps: update module
+ github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign to
+ v1.11.4 (b2af8ef)
+ - deps: update module
+ github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign to
+ v1.11.6 (a0042d4)
+ - upgrade golang.org/x/crypto to v0.53.0 (3e422ec)
+ - upgrade to Go 1.25 (cc3c39a)
+
+-------------------------------------------------------------------
Old:
----
gitlab-container-registry-4.40.1.obscpio
New:
----
gitlab-container-registry-4.40.2.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gitlab-container-registry.spec ++++++
--- /var/tmp/diff_new_pack.iKZUWF/_old 2026-06-28 21:08:44.318531824 +0200
+++ /var/tmp/diff_new_pack.iKZUWF/_new 2026-06-28 21:08:44.322531960 +0200
@@ -1,7 +1,7 @@
#
# spec file for package gitlab-container-registry
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: gitlab-container-registry
-Version: 4.40.1
+Version: 4.40.2
Release: 0
Summary: The GitLab Container Registry
License: Apache-2.0
@@ -28,7 +28,7 @@
Source2: %{name}-configuration.yml
Source3: %{name}.service
Source4: system-user-%{name}.conf
-BuildRequires: golang(API) >= 1.23
+BuildRequires: golang(API) >= 1.25
BuildRequires: systemd-rpm-macros
BuildRequires: sysuser-tools
++++++ _service ++++++
--- /var/tmp/diff_new_pack.iKZUWF/_old 2026-06-28 21:08:44.358533176 +0200
+++ /var/tmp/diff_new_pack.iKZUWF/_new 2026-06-28 21:08:44.362533310 +0200
@@ -3,7 +3,7 @@
<param
name="url">https://gitlab.com/gitlab-org/container-registry.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v4.40.1-gitlab</param>
+ <param name="revision">v4.40.2-gitlab</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)-gitlab</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.iKZUWF/_old 2026-06-28 21:08:44.390534257 +0200
+++ /var/tmp/diff_new_pack.iKZUWF/_new 2026-06-28 21:08:44.394534392 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://gitlab.com/gitlab-org/container-registry.git</param>
- <param
name="changesrevision">b4c21f9e3907860dbb70cb2a3d6ee438077032cb</param></service></servicedata>
+ <param
name="changesrevision">14eed6857a7cd4b1e053502dce1aa6f3f74f4be1</param></service></servicedata>
(No newline at EOF)
++++++ gitlab-container-registry-4.40.1.obscpio ->
gitlab-container-registry-4.40.2.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlab-container-registry-4.40.1/.tool-versions
new/gitlab-container-registry-4.40.2/.tool-versions
--- old/gitlab-container-registry-4.40.1/.tool-versions 2026-05-22
21:07:54.000000000 +0200
+++ new/gitlab-container-registry-4.40.2/.tool-versions 2026-06-24
16:19:57.000000000 +0200
@@ -3,8 +3,8 @@
nodejs 22.11.0
golangci-lint 2.5.0
# For linting documentation
-markdownlint-cli2 0.19.0
-lychee 0.21.0
-vale 3.13.0
+markdownlint-cli2 0.22.1
+lychee 0.24.2
+vale 3.14.1
gomigrate latest
gotestsum latest
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlab-container-registry-4.40.1/CHANGELOG.md
new/gitlab-container-registry-4.40.2/CHANGELOG.md
--- old/gitlab-container-registry-4.40.1/CHANGELOG.md 2026-05-22
21:07:54.000000000 +0200
+++ new/gitlab-container-registry-4.40.2/CHANGELOG.md 2026-06-24
16:19:57.000000000 +0200
@@ -1,3 +1,29 @@
+##
[4.40.2](https://gitlab.com/gitlab-org/container-registry/compare/v4.40.1-gitlab...v4.40.2)
(2026-06-23)
+
+
+### 🐛 Bug Fixes 🐛
+
+* **driver/s3-v2:** make retry delayer stateless
([e927a39](https://gitlab.com/gitlab-org/container-registry/commit/e927a39ca122d15cb3fee64f8a6b094ed06404bf))
+* **driver/s3-v2:** strip request checksum and inject content-md5 when
checksum_disabled
([71ff9d7](https://gitlab.com/gitlab-org/container-registry/commit/71ff9d70394cd7c6f62e8afedeb2af17b09d32d9))
+* **handlers:** defer router init until metadata DB resolves prefer-fallback
([685b376](https://gitlab.com/gitlab-org/container-registry/commit/685b3766b54e58c356d9c7feee8e867aaf0ab21c))
+* **s3:** fix panic in Stat() call
([5bcb779](https://gitlab.com/gitlab-org/container-registry/commit/5bcb7794d6c7e3f6bd7fa0fb8a6487e9245bb46e))
+
+
+### ⚙️ Build ⚙️
+
+* **deps:** update module github.com/alicebob/miniredis/v2 to v2.38.0
([5bbd451](https://gitlab.com/gitlab-org/container-registry/commit/5bbd45133960a6ccffe5b2be05f6aafc09633a05))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/config to v1.32.17
([54cfdf1](https://gitlab.com/gitlab-org/container-registry/commit/54cfdf1eaf76d2f80cf7957a8578c9464bef25a1))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/config to v1.32.20
([ae32dec](https://gitlab.com/gitlab-org/container-registry/commit/ae32dec10459e600385a4beb37b3afc71efa64e9))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/config to v1.32.25
([0dc8ad4](https://gitlab.com/gitlab-org/container-registry/commit/0dc8ad4b1e56f1dbb88afe8d7a8a1ffb82645e7a))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/credentials to v1.19.16
([5fdc189](https://gitlab.com/gitlab-org/container-registry/commit/5fdc18946ed07ff5c34a94e130b40ba214d35989))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/credentials to v1.19.24
([15b7b82](https://gitlab.com/gitlab-org/container-registry/commit/15b7b82928107c5f9093135f1a9a8e05ad8f83d4))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign
to v1.10.0
([5c608ed](https://gitlab.com/gitlab-org/container-registry/commit/5c608ed110e3bbbd37cd924e65f594e6ab15a035))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign
to v1.11.0
([a2cd23b](https://gitlab.com/gitlab-org/container-registry/commit/a2cd23bc42759a6d0a7eabd7b08e3c25bfe22ace))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign
to v1.11.4
([b2af8ef](https://gitlab.com/gitlab-org/container-registry/commit/b2af8ef2de3d8ea8e9919c03560a1b319190df8e))
+* **deps:** update module github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign
to v1.11.6
([a0042d4](https://gitlab.com/gitlab-org/container-registry/commit/a0042d462cd36728097f692bcf5e28b50c70e90a))
+* upgrade golang.org/x/crypto to v0.53.0
([3e422ec](https://gitlab.com/gitlab-org/container-registry/commit/3e422ecf5f677f18f17c0dcbe53c4d6086b0411e))
+* upgrade to Go 1.25
([cc3c39a](https://gitlab.com/gitlab-org/container-registry/commit/cc3c39a4643f8fe56005b1efd8c0d39be0e9180b))
+
##
[4.40.1](https://gitlab.com/gitlab-org/container-registry/compare/v4.40.0-gitlab...v4.40.1)
(2026-05-22)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlab-container-registry-4.40.1/Makefile
new/gitlab-container-registry-4.40.2/Makefile
--- old/gitlab-container-registry-4.40.1/Makefile 2026-05-22
21:07:54.000000000 +0200
+++ new/gitlab-container-registry-4.40.2/Makefile 2026-06-24
16:19:57.000000000 +0200
@@ -2,7 +2,7 @@
ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
GOLANGCI_VERSION ?= v2.5.0
-DOCSLINT_VERSION ?=
registry.gitlab.com/gitlab-org/technical-writing/docs-gitlab-com/lint-markdown:alpine-3.22-vale-3.13.0-markdownlint2-0.19.0-lychee-0.21.0
+DOCSLINT_VERSION ?=
registry.gitlab.com/gitlab-org/technical-writing/docs-gitlab-com/lint-markdown:alpine-3.23-vale-3.14.1-markdownlint2-0.22.1-lychee-0.24.2
DOCKER_IMAGE_REGISTRY ?= registry.gitlab.com/gitlab-org/container-registry
@@ -144,7 +144,7 @@
@semantic-release/git@10 \
conventional-changelog-conventionalcommits@6
dev-tools: release-tools
- go install go.uber.org/mock/[email protected]
+ go install go.uber.org/mock/[email protected]
# https://github.com/semantic-release/git#environment-variables
export GIT_AUTHOR_NAME="$(shell git config user.name)"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/containers/registry/Dockerfile
new/gitlab-container-registry-4.40.2/containers/registry/Dockerfile
--- old/gitlab-container-registry-4.40.1/containers/registry/Dockerfile
2026-05-22 21:07:54.000000000 +0200
+++ new/gitlab-container-registry-4.40.2/containers/registry/Dockerfile
2026-06-24 16:19:57.000000000 +0200
@@ -1,4 +1,4 @@
-ARG GOLANG_VERSION=1.24
+ARG GOLANG_VERSION=1.25
FROM golang:${GOLANG_VERSION}-alpine AS build
ENV DISTRIBUTION_DIR /go/src/github.com/docker/distribution
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/docs/storage-drivers/s3_v2.md
new/gitlab-container-registry-4.40.2/docs/storage-drivers/s3_v2.md
--- old/gitlab-container-registry-4.40.1/docs/storage-drivers/s3_v2.md
2026-05-22 21:07:54.000000000 +0200
+++ new/gitlab-container-registry-4.40.2/docs/storage-drivers/s3_v2.md
2026-06-24 16:19:57.000000000 +0200
@@ -46,7 +46,7 @@
| `objectacl` | no | The S3 Canned ACL for objects. The default value is
"private". If you are using a bucket owned by another AWS account, it is
recommended that you set this to `bucket-owner-full-control` so that the bucket
owner can access your objects. |
| `objectownership` | no | Indicates whether the S3 storage bucket to be used
by the registry disabled access control lists (ACLs). The default value is
`false`. This parameter cannot be `true` if the `objectacl` parameter is also
set. |
| `checksum_algorithm` | no | The algorithm to use for checksums when
uploading objects to S3. Can be one of: `CRC32`, `CRC32C`, `SHA1`, `SHA256`, or
`CRC64NVME`. Defaults to `CRC64NVME`. |
-| `checksum_disabled` | no | If set to true, disables checksum calculation for
S3 objects. Defaults to false. This parameter takes precedence over
`checksum_algorithm` if both are provided. |
+| `checksum_disabled` | no | If set to true, disables checksum calculation for
S3 objects. Defaults to false. This parameter takes precedence over
`checksum_algorithm` if both are provided. It also makes the driver work with
strict S3-compatible backends (e.g. QingStor) that reject `DeleteObjects`
requests carrying an `x-amz-checksum-crc32` header: the driver strips the
request checksum and sends a `Content-MD5` header instead. |
## SeaweedFS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlab-container-registry-4.40.1/go.mod
new/gitlab-container-registry-4.40.2/go.mod
--- old/gitlab-container-registry-4.40.1/go.mod 2026-05-22 21:07:54.000000000
+0200
+++ new/gitlab-container-registry-4.40.2/go.mod 2026-06-24 16:19:57.000000000
+0200
@@ -1,6 +1,6 @@
module github.com/docker/distribution
-go 1.24.0
+go 1.25.0
require (
cloud.google.com/go/compute/metadata v0.9.0
@@ -10,14 +10,14 @@
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.6.4
github.com/DATA-DOG/go-sqlmock v1.5.2
github.com/Shopify/toxiproxy/v2 v2.12.0
- github.com/alicebob/miniredis/v2 v2.37.0
+ github.com/alicebob/miniredis/v2 v2.38.0
github.com/aws/aws-sdk-go v1.55.5
- github.com/aws/aws-sdk-go-v2 v1.41.5
- github.com/aws/aws-sdk-go-v2/config v1.32.12
- github.com/aws/aws-sdk-go-v2/credentials v1.19.12
- github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign v1.9.21
+ github.com/aws/aws-sdk-go-v2 v1.42.0
+ github.com/aws/aws-sdk-go-v2/config v1.32.25
+ github.com/aws/aws-sdk-go-v2/credentials v1.19.24
+ github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign v1.11.6
github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3
- github.com/aws/smithy-go v1.24.3
+ github.com/aws/smithy-go v1.27.1
github.com/benbjohnson/clock v1.3.5
github.com/bsm/redislock v0.9.4
github.com/cenkalti/backoff/v4 v4.3.0
@@ -55,10 +55,10 @@
gitlab.com/gitlab-org/labkit v1.38.6
go.uber.org/automaxprocs v1.6.0
go.uber.org/mock v0.6.0
- golang.org/x/crypto v0.47.0
- golang.org/x/net v0.49.0
+ golang.org/x/crypto v0.53.0
+ golang.org/x/net v0.55.0
golang.org/x/oauth2 v0.35.0
- golang.org/x/sync v0.19.0
+ golang.org/x/sync v0.21.0
golang.org/x/time v0.14.0
google.golang.org/api v0.265.0
gopkg.in/yaml.v2 v2.4.0
@@ -81,19 +81,18 @@
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping
v0.55.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8 // indirect
- github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20 // indirect
- github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21 // indirect
- github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21 // indirect
- github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6 // indirect
- github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22 // indirect
- github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7
// indirect
+ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29 // indirect
+ github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30 // indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12
// indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13 //
indirect
- github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21 //
indirect
+ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29 //
indirect
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21 //
indirect
- github.com/aws/aws-sdk-go-v2/service/signin v1.0.8 // indirect
- github.com/aws/aws-sdk-go-v2/service/sso v1.30.13 // indirect
- github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17 // indirect
- github.com/aws/aws-sdk-go-v2/service/sts v1.41.9 // indirect
+ github.com/aws/aws-sdk-go-v2/service/signin v1.2.0 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sso v1.31.3 // indirect
+ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.6 // indirect
+ github.com/aws/aws-sdk-go-v2/service/sts v1.43.3 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/clipperhouse/displaywidth v0.10.0 // indirect
@@ -202,9 +201,9 @@
go.yaml.in/yaml/v2 v2.4.2 // indirect
go.yaml.in/yaml/v3 v3.0.4 // indirect
golang.org/x/exp v0.0.0-20250813145105-42675adae3e6 // indirect
- golang.org/x/sys v0.40.0 // indirect
- golang.org/x/term v0.39.0 // indirect
- golang.org/x/text v0.33.0 // indirect
+ golang.org/x/sys v0.46.0 // indirect
+ golang.org/x/term v0.44.0 // indirect
+ golang.org/x/text v0.38.0 // indirect
google.golang.org/genproto v0.0.0-20260128011058-8636f8732409 //
indirect
google.golang.org/genproto/googleapis/api
v0.0.0-20260203192932-546029d2fa20 // indirect
google.golang.org/genproto/googleapis/rpc
v0.0.0-20260203192932-546029d2fa20 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/gitlab-container-registry-4.40.1/go.sum
new/gitlab-container-registry-4.40.2/go.sum
--- old/gitlab-container-registry-4.40.1/go.sum 2026-05-22 21:07:54.000000000
+0200
+++ new/gitlab-container-registry-4.40.2/go.sum 2026-06-24 16:19:57.000000000
+0200
@@ -113,8 +113,8 @@
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod
h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod
h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod
h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alicebob/miniredis/v2 v2.37.0
h1:RheObYW32G1aiJIj81XVt78ZHJpHonHLHW7OLIshq68=
-github.com/alicebob/miniredis/v2 v2.37.0/go.mod
h1:TcL7YfarKPGDAthEtl5NBeHZfeUQj6OXMm/+iu5cLMM=
+github.com/alicebob/miniredis/v2 v2.38.0
h1:nZAzCR+Lj+Vxk4ZXzm2NuKq2O33RXj1XxJ2e2uP9jiw=
+github.com/alicebob/miniredis/v2 v2.38.0/go.mod
h1:TcL7YfarKPGDAthEtl5NBeHZfeUQj6OXMm/+iu5cLMM=
github.com/antihax/optional v1.0.0/go.mod
h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/apache/thrift v0.12.0/go.mod
h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
github.com/apache/thrift v0.13.0/go.mod
h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
@@ -127,46 +127,44 @@
github.com/aws/aws-sdk-go v1.55.5
h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
github.com/aws/aws-sdk-go v1.55.5/go.mod
h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod
h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
-github.com/aws/aws-sdk-go-v2 v1.41.5
h1:dj5kopbwUsVUVFgO4Fi5BIT3t4WyqIDjGKCangnV/yY=
-github.com/aws/aws-sdk-go-v2 v1.41.5/go.mod
h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o=
+github.com/aws/aws-sdk-go-v2 v1.42.0
h1:XvXMJTkFQtpBKIWZnmr9ZEOc2InWM2yldjXEJ/bymhA=
+github.com/aws/aws-sdk-go-v2 v1.42.0/go.mod
h1:27+ACypSLljLAEKsCYOmrjKh83vuTRkuAe9Uv/3A4bg=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8
h1:eBMB84YGghSocM7PsjmmPffTa+1FBUeNvGvFou6V/4o=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.8/go.mod
h1:lyw7GFp3qENLh7kwzf7iMzAxDn+NzjXEAGjKS2UOKqI=
-github.com/aws/aws-sdk-go-v2/config v1.32.12
h1:O3csC7HUGn2895eNrLytOJQdoL2xyJy0iYXhoZ1OmP0=
-github.com/aws/aws-sdk-go-v2/config v1.32.12/go.mod
h1:96zTvoOFR4FURjI+/5wY1vc1ABceROO4lWgWJuxgy0g=
-github.com/aws/aws-sdk-go-v2/credentials v1.19.12
h1:oqtA6v+y5fZg//tcTWahyN9PEn5eDU/Wpvc2+kJ4aY8=
-github.com/aws/aws-sdk-go-v2/credentials v1.19.12/go.mod
h1:U3R1RtSHx6NB0DvEQFGyf/0sbrpJrluENHdPy1j/3TE=
-github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign v1.9.21
h1:9mXcqEu6bdv8PJkwGn/vtlpqsHeX3mhSEa9u84pvxQQ=
-github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign v1.9.21/go.mod
h1:Qo/M7UP/PRElbLfPWyac7704MAI6intzLPUVWrYg7NE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20
h1:zOgq3uezl5nznfoK3ODuqbhVg1JzAGDUhXOsU0IDCAo=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.20/go.mod
h1:z/MVwUARehy6GAg/yQ1GO2IMl0k++cu1ohP9zo887wE=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21
h1:Rgg6wvjjtX8bNHcvi9OnXWwcE0a2vGpbwmtICOsvcf4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.21/go.mod
h1:A/kJFst/nm//cyqonihbdpQZwiUhhzpqTsdbhDdRF9c=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21
h1:PEgGVtPoB6NTpPrBgqSE5hE/o47Ij9qk/SEZFbUOe9A=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.21/go.mod
h1:p+hz+PRAYlY3zcpJhPwXlLC4C+kqn70WIHwnzAfs6ps=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6
h1:qYQ4pzQ2Oz6WpQ8T3HvGHnZydA72MnLuFK9tJwmrbHw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.6/go.mod
h1:O3h0IK87yXci+kg6flUKzJnWeziQUKciKrLjcatSNcY=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22
h1:rWyie/PxDRIdhNf4DzRk0lvjVOqFJuNnO8WwaIRVxzQ=
-github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.22/go.mod
h1:zd/JsJ4P7oGfUhXn1VyLqaRZwPmZwg44Jf2dS84Dm3Y=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7
h1:5EniKhLZe4xzL7a+fU3C2tfUN4nWIqlLesfrjkuPFTY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.7/go.mod
h1:x0nZssQ3qZSnIcePWLvcoFisRXJzcTVvYpAAdYX8+GI=
+github.com/aws/aws-sdk-go-v2/config v1.32.25
h1:ACCejvStYoilgwrfegSt5ZntCbPrk52qfwyNcnl3omM=
+github.com/aws/aws-sdk-go-v2/config v1.32.25/go.mod
h1:LJyU8sDRbXUxFn8xMJIGP+v9QYYwveNLI8a/giAOiAs=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.24
h1:2hQqYCV9yqyePQ9o6dCrZc/zO8U3TwPr9mIKlZnPu/I=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.24/go.mod
h1:IDwpACtwqHLISdzfwUUNq4P9DsB/h5BLg4FwJPNfqFY=
+github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign v1.11.6
h1:jC4AshBYsq1Qqm1Bcvhgn1b5BO8V7vR3+1WIWzGr4+Q=
+github.com/aws/aws-sdk-go-v2/feature/cloudfront/sign v1.11.6/go.mod
h1:t9mqBUdYuV6yxB7+WkCwSZF5iYvUwlfLhKycHDSMbck=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29
h1:r6qZHbT+wxgWO/e9vYNUEtg7lv5+UN3pRqKhLXvnArg=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.29/go.mod
h1:QRnaRcTVGKPGRy8w78HMQtKUGRYcnMZAANATkeVA6Mo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29
h1:f3vKqSo13fhTYb+JEcXwXefZQE26I1FB5eTSniU67ko=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.29/go.mod
h1:MzoLFUArKGpGD+ukmPiTPG1X5x4o6M2kq4v2dr1FiEc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29
h1:RdwIf/CuUsvJX3RgJagbOyotl/cxoLY4xviKuE7p2GY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.29/go.mod
h1:71wt8W2EgswdZy9Mf9KNnzxZ3TiZlv4caKghPktDOkA=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30
h1:VTGy885W5DKBxWRUJbym9hytNaYzsyaPkCHGRRMAOhU=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.30/go.mod
h1:AS0HycUvJRFvTt613AYDOgO2jzw+00cVSMny8XB3yMY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12
h1:ZD2+BSw9vFsNlKYIasSNt3uDbjqqXIBcM13UJv/Lx2k=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.12/go.mod
h1:Ms4zlcVBbXbiP7EVLhl+lgjvA/a7YphqQ3Ih3174EmI=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13
h1:JRaIgADQS/U6uXDqlPiefP32yXTda7Kqfx+LgspooZM=
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.13/go.mod
h1:CEuVn5WqOMilYl+tbccq8+N2ieCy0gVn3OtRb0vBNNM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21
h1:c31//R3xgIJMSC8S6hEVq+38DcvUlgFY0FM6mSI5oto=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.21/go.mod
h1:r6+pf23ouCB718FUxaqzZdbpYFyDtehyZcmP5KL9FkA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29
h1:DRebniUGZ2MqiiIVmQJ04vIXr918hubdHMnarSLEWyU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.29/go.mod
h1:LfRkPCD8YHDM2E5eTkos2UpwYeZnBcVarTa8L59bJHA=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21
h1:ZlvrNcHSFFWURB8avufQq9gFsheUgjVD9536obIknfM=
github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.21/go.mod
h1:cv3TNhVrssKR0O/xxLJVRfd2oazSnZnkUeTf6ctUwfQ=
github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3
h1:HwxWTbTrIHm5qY+CAEur0s/figc3qwvLWsNkF4RPToo=
github.com/aws/aws-sdk-go-v2/service/s3 v1.97.3/go.mod
h1:uoA43SdFwacedBfSgfFSjjCvYe8aYBS7EnU5GZ/YKMM=
-github.com/aws/aws-sdk-go-v2/service/signin v1.0.8
h1:0GFOLzEbOyZABS3PhYfBIx2rNBACYcKty+XGkTgw1ow=
-github.com/aws/aws-sdk-go-v2/service/signin v1.0.8/go.mod
h1:LXypKvk85AROkKhOG6/YEcHFPoX+prKTowKnVdcaIxE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.30.13
h1:kiIDLZ005EcKomYYITtfsjn7dtOwHDOFy7IbPXKek2o=
-github.com/aws/aws-sdk-go-v2/service/sso v1.30.13/go.mod
h1:2h/xGEowcW/g38g06g3KpRWDlT+OTfxxI0o1KqayAB8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17
h1:jzKAXIlhZhJbnYwHbvUQZEB8KfgAEuG0dc08Bkda7NU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.17/go.mod
h1:Al9fFsXjv4KfbzQHGe6V4NZSZQXecFcvaIF4e70FoRA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.41.9
h1:Cng+OOwCHmFljXIxpEVXAGMnBia8MSU6Ch5i9PgBkcU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.41.9/go.mod
h1:LrlIndBDdjA/EeXeyNBle+gyCwTlizzW5ycgWnvIxkk=
-github.com/aws/smithy-go v1.24.3
h1:XgOAaUgx+HhVBoP4v8n6HCQoTRDhoMghKqw4LNHsDNg=
-github.com/aws/smithy-go v1.24.3/go.mod
h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc=
+github.com/aws/aws-sdk-go-v2/service/signin v1.2.0
h1:3nXpRcFwRCW8n7HgO2QGy0Dc20eQNfBuUemGQhpF8m8=
+github.com/aws/aws-sdk-go-v2/service/signin v1.2.0/go.mod
h1:LxYujSTLPRlp2vTtcUO/+1ilrew8ytt6SvQyOgejzFQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.31.3
h1:ey1XLTYXb9PcLt4535632o5kCGXNXEhNb620Dqwuylo=
+github.com/aws/aws-sdk-go-v2/service/sso v1.31.3/go.mod
h1:Lk7PlmoTYryQmyBG0EXqj5BcUbj3whXdU2s3yGI3EAc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.6
h1:yLr03zQE/5Eu5l3QU0Si+xMbLMbSDF2YXsigqXngs6g=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.36.6/go.mod
h1:Q5N6icH+KJZDLh+ESNwzdv6cZ6vLFF/egy3IOxWhmz4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.43.3
h1:VrIhKRCSK1umelSgB9RghvA9RTUYeQffyAS5ApXehNI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.43.3/go.mod
h1:r8wkDOuLaaMFqFiYAb8dGY2A3gJCOujMc6CFOVC4Zhc=
+github.com/aws/smithy-go v1.27.1
h1:4T340VFndXtADGF52gYa1POyL7s9E4Z1OeZ1hCscIw8=
+github.com/aws/smithy-go v1.27.1/go.mod
h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc=
github.com/benbjohnson/clock v1.3.5
h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o=
github.com/benbjohnson/clock v1.3.5/go.mod
h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod
h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -874,8 +872,8 @@
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod
h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod
h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
-golang.org/x/crypto v0.47.0/go.mod
h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/crypto v0.53.0 h1:QZ4Muo8THX6CizN2vPPd5fBGHyogrdK9fG4wLPFUsto=
+golang.org/x/crypto v0.53.0/go.mod
h1:DNLU434OwVakk9PzuwV8w62mAJpRJL3vsgcfp4Qnsio=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod
h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -956,8 +954,8 @@
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod
h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod
h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
-golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/net v0.55.0 h1:bcvxaJn3e1U6InsFWt1JUq1aSjnRxLzT2rtD2KfkDF8=
+golang.org/x/net v0.55.0/go.mod h1:L5U2KuzuOe1lY7Z+aWVIKK6qEeJXnXV9yzGA+WCHJww=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod
h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -985,8 +983,8 @@
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod
h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.19.0/go.mod
h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.21.0 h1:HLII4xRRTtCRkxYp4HNFF0Js/Og6q2i++KXbg0gHCwM=
+golang.org/x/sync v0.21.0/go.mod
h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod
h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1049,11 +1047,11 @@
golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.46.0 h1:noSf2Fq6F8DBgS+LysIkx7rIExoNHJsxOAtPp4rthXw=
+golang.org/x/sys v0.46.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
-golang.org/x/term v0.39.0/go.mod
h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
+golang.org/x/term v0.44.0 h1:0rLvDRCtNj0gZkyIXhCyOb2OAzEhLVqc4B+hrsBhrmc=
+golang.org/x/term v0.44.0/go.mod
h1:7ze4MdzUzLXpSAoFP1H0bOI9aXDqveSvatT5vKcFh2Y=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod
h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1062,8 +1060,8 @@
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
-golang.org/x/text v0.33.0/go.mod
h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.38.0 h1:sXmwo9DwP3OK9EZ7PqAdaooSGozfl/3a6/xJcbzPRhE=
+golang.org/x/text v0.38.0/go.mod
h1:YXZt3QhHUKYT53r2lLKFIVi6Ao1jdzrTR/KQ09qyxF4=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod
h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/registry/registry_test.go
new/gitlab-container-registry-4.40.2/registry/registry_test.go
--- old/gitlab-container-registry-4.40.1/registry/registry_test.go
2026-05-22 21:07:54.000000000 +0200
+++ new/gitlab-container-registry-4.40.2/registry/registry_test.go
2026-06-24 16:19:57.000000000 +0200
@@ -133,9 +133,10 @@
}
func TestGracefulShutdown_HTTPDrainTimeout(t *testing.T) {
- if strings.HasPrefix(runtime.Version(), "go1.25") {
+ goVersion := runtime.Version()
+ if strings.HasPrefix(goVersion, "go1.25") ||
strings.HasPrefix(goVersion, "go1.26") {
// TODO(prozlach):
https://gitlab.com/gitlab-org/container-registry/-/issues/1696
- t.Skip("Skipping test on Go 1.25 - due to upstream shutdown
handling issue: https://github.com/golang/go/issues/75591";)
+ t.Skip("Skipping test on Go 1.25+ - due to upstream shutdown
handling issue: https://github.com/golang/go/issues/75591";)
}
registry, err := setupRegistry()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/requestcontrol.go
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/requestcontrol.go
---
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/requestcontrol.go
2026-05-22 21:07:54.000000000 +0200
+++
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/requestcontrol.go
2026-06-24 16:19:57.000000000 +0200
@@ -3,11 +3,12 @@
import (
"context"
"fmt"
+ "math"
+ "math/rand/v2"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/aws/retry"
- "github.com/cenkalti/backoff/v4"
"github.com/docker/distribution/registry/storage/driver/s3-aws/common"
"github.com/docker/distribution/registry/storage/internal/metrics"
log "github.com/sirupsen/logrus"
@@ -16,29 +17,17 @@
var _ retry.BackoffDelayer = (*customDelayer)(nil)
-type customDelayer struct {
- backoff backoff.BackOff
-}
+type customDelayer struct{}
// newCustomDelayer replaces the default delayer provided by aws-sdk-go-v2 with
-// a more flexible `cenkalti/backoff/v4` one which also makes s3_v2 driver
-// behave in a similar way to its predecessor `s3` driver.
+// a more flexible one which also makes s3_v2 driver behave in a similar way to
+// its predecessor `s3` driver.
func newCustomDelayer() retry.BackoffDelayer {
- b := backoff.NewExponentialBackOff()
- b.InitialInterval = common.DefaultInitialInterval
- b.RandomizationFactor = common.DefaultRandomizationFactor
- b.Multiplier = common.DefaultMultiplier
- b.MaxInterval = common.DefaultMaxInterval
- b.MaxElapsedTime = common.DefaultMaxElapsedTime
-
- // NOTE(prozlach): We do not specify the max attempts for the backoff
here,
- // as it is handled by aws-sdk-go-v2 higher in the stack.
-
- return &customDelayer{backoff: b}
+ return &customDelayer{}
}
-func (cd *customDelayer) BackoffDelay(attempt int, sourceErr error)
(time.Duration, error) {
- delay := cd.backoff.NextBackOff()
+func (*customDelayer) BackoffDelay(attempt int, sourceErr error)
(time.Duration, error) {
+ delay := delayForAttempt(attempt)
log.WithFields(
log.Fields{
"attempt": attempt,
@@ -50,6 +39,38 @@
return delay, nil
}
+// delayForAttempt returns the randomized exponential backoff for a retry
+// attempt. aws-sdk-go-v2 numbers attempts from 1 (the delay before the first
+// retry), so attempt 1 yields ~InitialInterval, attempt 2 ~InitialInterval*
+// Multiplier, and so on, each capped at MaxInterval and jittered by
+// ±RandomizationFactor. It is stateless: a single delayer is safe to share
+// across concurrent requests, and every request restarts the curve at attempt
1
+// instead of inheriting an interval another request has grown.
+//
+// NOTE(prozlach): This replaces an earlier design that shared a single,
stateful
+// backoff.ExponentialBackOff across every request. That object mutates an
+// internal currentInterval on each call and is not safe for concurrent use,
+// which both raced under concurrent requests and never reset (so the interval
+// only grew and stuck at the 60s cap). The parameters are the same defaults
the
+// driver took from cenkalti/backoff, so retry timing is unchanged; the cap is
+// reproduced exactly because cenkalti only ever clamps to MaxInterval once the
+// raw exponential value would already exceed it.
+func delayForAttempt(attempt int) time.Duration {
+ exponent := max(attempt-1, 0)
+
+ // Exponential growth, capped at the maximum interval. A huge attempt
makes
+ // math.Pow overflow to +Inf, which the comparison clamps to
MaxInterval.
+ interval := float64(common.DefaultInitialInterval) *
math.Pow(common.DefaultMultiplier, float64(exponent))
+ if interval > float64(common.DefaultMaxInterval) {
+ interval = float64(common.DefaultMaxInterval)
+ }
+
+ // Jitter into [interval*(1-rf), interval*(1+rf)).
+ delta := common.DefaultRandomizationFactor * interval
+ //nolint:gosec // jitter for retry backoff; cryptographic randomness is
unnecessary
+ return time.Duration(interval - delta + rand.Float64()*(2*delta))
+}
+
var _ aws.Retryer = (*customRetryer)(nil)
type customRetryer struct {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/requestcontrol_test.go
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/requestcontrol_test.go
---
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/requestcontrol_test.go
1970-01-01 01:00:00.000000000 +0100
+++
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/requestcontrol_test.go
2026-06-24 16:19:57.000000000 +0200
@@ -0,0 +1,119 @@
+package v2
+
+import (
+ "sync"
+ "testing"
+ "time"
+
+ "github.com/docker/distribution/registry/storage/driver/s3-aws/common"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+// backoffWindow returns the [lower, upper) bounds delayForAttempt can return
for
+// a given (un-jittered) interval: [interval*(1-rf), interval*(1+rf)).
+func backoffWindow(interval time.Duration) (lower, upper time.Duration) {
+ lower = time.Duration(float64(interval) * (1 -
common.DefaultRandomizationFactor))
+ upper = time.Duration(float64(interval) * (1 +
common.DefaultRandomizationFactor))
+
+ return lower, upper
+}
+
+// TestDelayForAttemptBounds checks that the delay for a given attempt falls
+// within the expected jitter window: attempt 1 (and the non-positive guard)
+// start from InitialInterval, the interval grows by the multiplier, and a high
+// attempt saturates at MaxInterval.
+func TestDelayForAttemptBounds(t *testing.T) {
+ t.Parallel()
+
+ tests := []struct {
+ name string
+ attempt int
+ interval time.Duration
+ }{
+ {
+ name: "non-positive attempt clamps to the
InitialInterval window",
+ attempt: 0,
+ interval: common.DefaultInitialInterval,
+ },
+ {
+ name: "first retry starts in the InitialInterval
window",
+ attempt: 1,
+ interval: common.DefaultInitialInterval,
+ },
+ {
+ name: "second retry grows by the multiplier",
+ attempt: 2,
+ interval:
time.Duration(float64(common.DefaultInitialInterval) *
common.DefaultMultiplier),
+ },
+ {
+ name: "high attempt saturates at the MaxInterval
window",
+ attempt: 1000,
+ interval: common.DefaultMaxInterval,
+ },
+ }
+
+ for _, tc := range tests {
+ t.Run(tc.name, func(t *testing.T) {
+ t.Parallel()
+
+ lower, upper := backoffWindow(tc.interval)
+
+ delay := delayForAttempt(tc.attempt)
+
+ assert.Positive(t, delay)
+ assert.GreaterOrEqual(t, delay, lower)
+ assert.Less(t, delay, upper)
+ })
+ }
+}
+
+// TestDelayForAttemptDoesNotCreep hammers attempt 1 many times. Every result
+// must stay inside the attempt-1 window: a shared, stateful backoff would
+// ratchet the interval upward call after call, which is the bug this change
+// fixes.
+func TestDelayForAttemptDoesNotCreep(t *testing.T) {
+ t.Parallel()
+
+ lower, upper := backoffWindow(common.DefaultInitialInterval)
+
+ minDelay, maxDelay := upper, time.Duration(0)
+
+ for range 1000 {
+ delay := delayForAttempt(1)
+ require.GreaterOrEqual(t, delay, lower)
+ require.Less(t, delay, upper)
+
+ minDelay = min(minDelay, delay)
+ maxDelay = max(maxDelay, delay)
+ }
+
+ // The jitter window is symmetric around the interval, so the per-sample
+ // bound checks above would still pass if the jitter collapsed to one
half
+ // (a dropped factor or a sign error). Across 1000 draws the observed
minimum
+ // must fall in the lower half and the maximum in the upper half, which
pins
+ // the jitter to the full window.
+ assert.Less(t, minDelay, common.DefaultInitialInterval, "minimum sample
should fall in the lower half of the window")
+ assert.Greater(t, maxDelay, common.DefaultInitialInterval, "maximum
sample should fall in the upper half of the window")
+}
+
+// TestDelayForAttemptConcurrentUseIsRaceFree exercises the delay computation
+// from many goroutines. Run with -race, it guards against reintroducing shared
+// mutable state in the backoff curve.
+func TestDelayForAttemptConcurrentUseIsRaceFree(t *testing.T) {
+ t.Parallel()
+
+ var wg sync.WaitGroup
+
+ for i := range 50 {
+ attempt := i%5 + 1
+
+ wg.Go(func() {
+ for range 100 {
+ _ = delayForAttempt(attempt)
+ }
+ })
+ }
+
+ wg.Wait()
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/s3.go
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/s3.go
---
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/s3.go
2026-05-22 21:07:54.000000000 +0200
+++
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/s3.go
2026-06-24 16:19:57.000000000 +0200
@@ -14,7 +14,9 @@
import (
"bytes"
"context"
+ "crypto/md5" // nolint: gosec,revive // ok for content verification
"crypto/tls"
+ "encoding/base64"
"errors"
"fmt"
"io"
@@ -36,7 +38,9 @@
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/aws/smithy-go"
"github.com/aws/smithy-go/logging"
+ smithymiddleware "github.com/aws/smithy-go/middleware"
"github.com/aws/smithy-go/ptr"
+ smithyhttp "github.com/aws/smithy-go/transport/http"
dcontext "github.com/docker/distribution/context"
dlog "github.com/docker/distribution/log"
storagedriver "github.com/docker/distribution/registry/storage/driver"
@@ -197,6 +201,21 @@
middleware.AddUserAgentKey("docker-distribution/"+version.Version+"/"+runtime.Version()),
)
+ // When the operator opts out of request checksums entirely
+ // (checksum_disabled=true), strip SDK v2's request-side checksum
middleware
+ // from every operation's stack. See removeRequestChecksumMiddleware
for the
+ // full rationale.
+ if params.ChecksumDisabled {
+ dlog.GetLogger().WithFields(log.Fields{
+ "component": "registry.storage.s3_v2.internal",
+ }).Info(
+ "request checksums disabled: stripping SDK v2
request-side checksums " +
+ "and injecting Content-MD5 on DeleteObjects for
strict S3-compatible backends",
+ )
+ cfg.APIOptions = append(cfg.APIOptions,
removeRequestChecksumMiddleware)
+ cfg.APIOptions = append(cfg.APIOptions,
addContentMD5ForDeleteObjects)
+ }
+
if params.RegionEndpoint != "" {
cfg.BaseEndpoint = ptr.String(params.RegionEndpoint)
}
@@ -215,6 +234,115 @@
return client, nil
}
+// removeRequestChecksumMiddleware is an APIOption that removes SDK v2's
+// request-side checksum middleware from every S3 operation's middleware stack.
+// It is applied only when the operator sets checksum_disabled=true.
+//
+// Background: aws.Config.RequestChecksumCalculation=WhenRequired suppresses
+// checksums only for operations whose smithy model does not set
+// httpChecksumRequired. Operations that DO set it (notably DeleteObjects) are
+// code-generated to force a CRC32 request checksum regardless of the config
+// flag — see service/internal/checksum/middleware_setup_context.go.
DeleteObjects
+// is EnableTrailingChecksum=false, so the SDK sends this checksum as the
+// x-amz-checksum-crc32 request header, not a trailer. Some S3-compatible
backends
+// reject any x-amz-checksum-* request header with HTTP 400, which breaks the
+// multipart-upload cleanup path used by blob uploads.
+//
+// Up to three middleware are removed:
+// - AWSChecksum:SetupInputContext (Initialize) — selects the
algorithm
+// - AWSChecksum:ComputeInputPayloadChecksum (Finalize) — writes header
form
+// - addInputChecksumTrailer (Finalize) — writes trailer
form
+// (installed only when EnableTrailingChecksum=true, so never for
DeleteObjects;
+// removed here purely as defense in depth)
+//
+// Removing the Initialize-stage middleware is what actually prevents the
+// request-side checksum: AWSChecksum:SetupInputContext selects the algorithm,
+// and the Finalize-stage writers no-op when no algorithm is in context (see
+// service/internal/checksum/middleware_compute_input_checksum.go —
+// getInputAlgorithm returns !ok and the finalizer passes the request through
+// untouched). Any finalizers are stripped too as defense in depth.
+//
+// This runs as an APIOption, so it executes once per operation, against that
+// operation's own stack. The SDK only installs the request-checksum middleware
+// on operations whose smithy model requires it (RequireChecksum / a checksum
+// input member) — DeleteObjects, PutObject, UploadPart, … — generated inline
+// per operation (see addInputChecksumMiddleware in the s3 client). Read
+// operations such as GetObject, HeadObject and ListObjectsV2 never carry it,
so
+// Remove returning "not found" on their stacks is normal and MUST be
tolerated;
+// failing there would break every read.
+//
+// The error is therefore enforced only on the DeleteObjects stack.
DeleteObjects
+// is RequireChecksum=true, so the SDK always installs
AWSChecksum:SetupInputContext
+// on it, and it is the operation strict S3-compatible backends (e.g. QingStor)
+// reject when the CRC32 header is present — the exact path this driver also
+// re-adds Content-MD5 to (see addContentMD5ForDeleteObjects). If that ID is
+// absent on the DeleteObjects stack, a future SDK rename or refactor has moved
+// the middleware and the request-side checksum would silently return and break
+// those backends with HTTP 400 again; we surface that as an error so an SDK
bump
+// fails the DeleteObjects path loudly at runtime instead of regressing
silently
+// on master. (The unit tests pin this guard against a synthetic stack with the
+// literal ID; they assert the contract but, on their own, would not catch an
+// upstream rename — only a real DeleteObjects call exercises the live stack.)
+// Everything else stays best-effort. Response-side checksum validation
+// middleware is untouched.
+func removeRequestChecksumMiddleware(stack *smithymiddleware.Stack) error {
+ _, errSetup := stack.Initialize.Remove("AWSChecksum:SetupInputContext")
+ _, _ = stack.Finalize.Remove("AWSChecksum:ComputeInputPayloadChecksum")
+ _, _ = stack.Finalize.Remove("addInputChecksumTrailer")
+
+ if stack.ID() == "DeleteObjects" && errSetup != nil {
+ return fmt.Errorf("s3-v2: AWSChecksum:SetupInputContext not
found on DeleteObjects stack (SDK checksum layout changed?): %w", errSetup)
+ }
+ return nil
+}
+
+// addContentMD5ForDeleteObjects injects an SDK-v1-style Content-MD5 header on
+// DeleteObjects requests when removeRequestChecksumMiddleware has stripped the
+// SDK v2 request-checksum middleware. Some S3-compatible backends (notably
+// QingStor) strictly enforce the AWS S3 specification, which requires the
+// DeleteObjects request to carry a Content-MD5 (or an x-amz-checksum-*
+// header); a request with neither is rejected with HTTP 400
+// InvalidRequest. The middleware runs at the end of the Build phase so the
+// header is in place before SigV4 signing in Finalize includes it in
+// SignedHeaders.
+//
+// Only DeleteObjects is targeted to avoid an extra body scan on hot paths
+// like UploadPart / PutObject, which the AWS spec does not require to carry
+// Content-MD5. The op-name check also means the middleware no-ops on the
+// presigning client stack (which does not signal DeleteObjects).
+func addContentMD5ForDeleteObjects(stack *smithymiddleware.Stack) error {
+ return stack.Build.Add(
+
smithymiddleware.BuildMiddlewareFunc("ContentMD5ForDeleteObjects",
+ func(ctx context.Context, in
smithymiddleware.BuildInput, next smithymiddleware.BuildHandler)
(smithymiddleware.BuildOutput, smithymiddleware.Metadata, error) {
+ if smithymiddleware.GetOperationName(ctx) !=
"DeleteObjects" {
+ return next.HandleBuild(ctx, in)
+ }
+ req, ok := in.Request.(*smithyhttp.Request)
+ if !ok {
+ return next.HandleBuild(ctx, in)
+ }
+ stream := req.GetStream()
+ if stream == nil {
+ return next.HandleBuild(ctx, in)
+ }
+ body, err := io.ReadAll(stream)
+ if err != nil {
+ return smithymiddleware.BuildOutput{},
smithymiddleware.Metadata{}, fmt.Errorf("DeleteObjects content-md5: reading
body: %w", err)
+ }
+ sum := md5.Sum(body) // nolint: gosec // ok for
content verification
+ req.Header.Set("Content-MD5",
base64.StdEncoding.EncodeToString(sum[:]))
+ newReq, err :=
req.SetStream(bytes.NewReader(body))
+ if err != nil {
+ return smithymiddleware.BuildOutput{},
smithymiddleware.Metadata{}, fmt.Errorf("DeleteObjects content-md5: restoring
body: %w", err)
+ }
+ newReq.ContentLength = int64(len(body))
+ in.Request = newReq
+ return next.HandleBuild(ctx, in)
+ }),
+ smithymiddleware.After,
+ )
+}
+
func New(params *common.DriverParameters) (storagedriver.StorageDriver, error)
{
// TODO Currently multipart uploads have no timestamps, so this would
be unwise
// if you initiated a new s3driver while another one is running on the
same bucket.
@@ -440,6 +568,8 @@
return d.newWriter(key, *mpUpload.UploadId, allParts), nil
}
+var errUnusableHeadObjectResponse = errors.New("HeadObject returned unusable
response")
+
func (d *driver) statHead(ctx context.Context, path string)
(*storagedriver.FileInfoFields, error) {
// NOTE(prozlach): This is to cover for the cases when the
rootDirectory of
// the driver is either "" or "/".
@@ -458,6 +588,13 @@
if err != nil {
return nil, err
}
+
+ // Some S3 implementations return an empty response for certain keys.
+ // The sentinal error signals the caller to retry with a ListBucket.
+ if resp.ContentLength == nil && resp.LastModified == nil {
+ return nil, errUnusableHeadObjectResponse
+ }
+
return &storagedriver.FileInfoFields{
Path: path,
IsDir: false,
@@ -565,7 +702,10 @@
// error if querying a key which doesn't exist or a key which
has
// nested keys and Forbidden if IAM/ACL permissions do not
allow Head
// but allow List.
- if errors.As(err, new(smithy.APIError)) {
+ //
+ // If the response is unusable (due to bugs in alternative S3
+ // implementations), we also fail over to ListObjects.
+ if errors.As(err, new(smithy.APIError)) || errors.Is(err,
errUnusableHeadObjectResponse) {
fi, err := d.statList(ctx, path)
if err != nil {
return nil, parseError(path, err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/s3_test.go
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/s3_test.go
---
old/gitlab-container-registry-4.40.1/registry/storage/driver/s3-aws/v2/s3_test.go
1970-01-01 01:00:00.000000000 +0100
+++
new/gitlab-container-registry-4.40.2/registry/storage/driver/s3-aws/v2/s3_test.go
2026-06-24 16:19:57.000000000 +0200
@@ -0,0 +1,192 @@
+package v2
+
+import (
+ "bytes"
+ "context"
+ "crypto/md5" // nolint: gosec,revive // ok for content verification
+ "encoding/base64"
+ "io"
+ "testing"
+
+ smithymiddleware "github.com/aws/smithy-go/middleware"
+ smithyhttp "github.com/aws/smithy-go/transport/http"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+// TestRemoveRequestChecksumMiddlewareRemovesAllOnDeleteObjects verifies that
on
+// the DeleteObjects stack — the operation that carries the request-checksum
+// middleware and that strict S3-compatible backends reject — all present
+// request-side checksum middleware are removed by their published IDs while
+// unrelated middleware are left untouched.
+func TestRemoveRequestChecksumMiddlewareRemovesAllOnDeleteObjects(t
*testing.T) {
+ stack := smithymiddleware.NewStack("DeleteObjects", func() any { return
nil })
+
+ addInitializeStub(t, stack, "AWSChecksum:SetupInputContext")
+ addInitializeStub(t, stack, "Unrelated:OtherInitialize")
+ addFinalizeStub(t, stack, "AWSChecksum:ComputeInputPayloadChecksum")
+ addFinalizeStub(t, stack, "addInputChecksumTrailer")
+ addFinalizeStub(t, stack, "Unrelated:OtherFinalize")
+
+ err := removeRequestChecksumMiddleware(stack)
+ require.NoError(t, err)
+
+ _, ok := stack.Initialize.Get("AWSChecksum:SetupInputContext")
+ assert.False(t, ok, "SetupInputContext middleware should have been
removed")
+ _, ok = stack.Finalize.Get("AWSChecksum:ComputeInputPayloadChecksum")
+ assert.False(t, ok, "ComputeInputPayloadChecksum middleware should have
been removed")
+ _, ok = stack.Finalize.Get("addInputChecksumTrailer")
+ assert.False(t, ok, "addInputChecksumTrailer middleware should have
been removed")
+
+ _, ok = stack.Initialize.Get("Unrelated:OtherInitialize")
+ assert.True(t, ok, "unrelated initialize middleware should remain")
+ _, ok = stack.Finalize.Get("Unrelated:OtherFinalize")
+ assert.True(t, ok, "unrelated finalize middleware should remain")
+}
+
+// TestRemoveRequestChecksumMiddlewareErrorsWhenSetupAbsentOnDeleteObjects
+// verifies that removal fails loudly when AWSChecksum:SetupInputContext is
+// missing from the DeleteObjects stack. DeleteObjects is RequireChecksum=true,
+// so the SDK always installs that middleware; its ID disappearing means a
future
+// SDK has renamed or refactored the request-checksum path, so the checksum
would
+// silently return and break strict S3-compatible backends again. Surfacing an
+// error makes an SDK bump fail the DeleteObjects path loudly at runtime
instead
+// of regressing silently on master. Note this test pins the guard's contract
+// against a synthetic stack with the literal ID; a real upstream rename
surfaces
+// only on a live DeleteObjects call, not here.
+func TestRemoveRequestChecksumMiddlewareErrorsWhenSetupAbsentOnDeleteObjects(t
*testing.T) {
+ stack := smithymiddleware.NewStack("DeleteObjects", func() any { return
nil })
+ addInitializeStub(t, stack, "Unrelated:OnlyInitialize")
+ addFinalizeStub(t, stack, "AWSChecksum:ComputeInputPayloadChecksum")
+
+ err := removeRequestChecksumMiddleware(stack)
+ require.Error(t, err)
+ assert.Contains(t, err.Error(), "AWSChecksum:SetupInputContext")
+ assert.Contains(t, err.Error(), "DeleteObjects")
+
+ _, ok := stack.Initialize.Get("Unrelated:OnlyInitialize")
+ assert.True(t, ok, "unrelated initialize middleware should remain")
+}
+
+// TestRemoveRequestChecksumMiddlewareToleratesAbsentOnReadOps verifies that
on a
+// read operation's stack (e.g. GetObject) — which the SDK never equips with
the
+// request-checksum middleware — a missing AWSChecksum:SetupInputContext is NOT
+// an error. This APIOption runs once per operation against that operation's
own
+// stack, so failing on read ops would break every read. This is the regression
+// guard for treating absence as fatal everywhere.
+func TestRemoveRequestChecksumMiddlewareToleratesAbsentOnReadOps(t *testing.T)
{
+ stack := smithymiddleware.NewStack("GetObject", func() any { return nil
})
+ addInitializeStub(t, stack, "Unrelated:OnlyInitialize")
+ addFinalizeStub(t, stack, "Unrelated:OnlyFinalize")
+
+ err := removeRequestChecksumMiddleware(stack)
+ require.NoError(t, err)
+
+ _, ok := stack.Initialize.Get("Unrelated:OnlyInitialize")
+ assert.True(t, ok, "unrelated initialize middleware should remain")
+ _, ok = stack.Finalize.Get("Unrelated:OnlyFinalize")
+ assert.True(t, ok, "unrelated finalize middleware should remain")
+}
+
+// TestAddContentMD5ForDeleteObjects_AddsHeader verifies that for a
DeleteObjects
+// operation with a non-empty body, the middleware sets Content-MD5 to the
+// base64-encoded MD5 of the body, restores the stream so downstream middleware
+// can read it again, and sets ContentLength to the body's byte length.
+func TestAddContentMD5ForDeleteObjects_AddsHeader(t *testing.T) {
+ body := []byte(`<?xml version="1.0"
encoding="UTF-8"?><Delete><Object><Key>a</Key></Object></Delete>`)
+ expectedMD5 := md5.Sum(body)
+ expectedHeader := base64.StdEncoding.EncodeToString(expectedMD5[:])
+
+ req := smithyhttp.NewStackRequest().(*smithyhttp.Request)
+ req, err := req.SetStream(bytes.NewReader(body))
+ require.NoError(t, err)
+ req.ContentLength = -1
+
+ captured := invokeContentMD5Middleware(t, "DeleteObjects", req)
+
+ require.NotNil(t, captured, "next handler must have been invoked")
+ assert.Equal(t, expectedHeader, captured.Header.Get("Content-MD5"))
+ assert.Equal(t, int64(len(body)), captured.ContentLength)
+
+ roundtrip, err := io.ReadAll(captured.GetStream())
+ require.NoError(t, err)
+ assert.Equal(t, body, roundtrip, "body must be readable end-to-end
after the middleware runs")
+}
+
+// TestAddContentMD5ForDeleteObjects_SkipsOtherOperations verifies that
+// non-DeleteObjects operations pass through untouched: no Content-MD5 header
is
+// added and the stream is not consumed.
+func TestAddContentMD5ForDeleteObjects_SkipsOtherOperations(t *testing.T) {
+ body := []byte("not a delete-objects body")
+ req := smithyhttp.NewStackRequest().(*smithyhttp.Request)
+ req, err := req.SetStream(bytes.NewReader(body))
+ require.NoError(t, err)
+
+ captured := invokeContentMD5Middleware(t, "PutObject", req)
+
+ require.NotNil(t, captured)
+ assert.Empty(t, captured.Header.Get("Content-MD5"), "Content-MD5 must
not be set for non-DeleteObjects ops")
+
+ roundtrip, err := io.ReadAll(captured.GetStream())
+ require.NoError(t, err)
+ assert.Equal(t, body, roundtrip, "stream must not be consumed for
non-DeleteObjects ops")
+}
+
+// TestAddContentMD5ForDeleteObjects_SkipsWhenNoStream verifies that the
+// middleware safely no-ops on a DeleteObjects request with no body (defensive
+// case — the SDK always sends a body, but the middleware should not panic if
+// upstream behavior changes).
+func TestAddContentMD5ForDeleteObjects_SkipsWhenNoStream(t *testing.T) {
+ req := smithyhttp.NewStackRequest().(*smithyhttp.Request)
+
+ captured := invokeContentMD5Middleware(t, "DeleteObjects", req)
+
+ require.NotNil(t, captured)
+ assert.Empty(t, captured.Header.Get("Content-MD5"))
+ assert.Nil(t, captured.GetStream())
+}
+
+// invokeContentMD5Middleware registers addContentMD5ForDeleteObjects on a
fresh
+// stack, then drives only its Build phase with the supplied operation name and
+// request. It returns the captured request: the in.Request value seen by the
+// next handler, i.e. what the middleware passed downstream.
+func invokeContentMD5Middleware(t *testing.T, opName string, req
*smithyhttp.Request) *smithyhttp.Request {
+ t.Helper()
+
+ stack := smithymiddleware.NewStack("test", smithyhttp.NewStackRequest)
+ require.NoError(t, addContentMD5ForDeleteObjects(stack))
+
+ m, ok := stack.Build.Get("ContentMD5ForDeleteObjects")
+ require.True(t, ok, "middleware must be registered on the Build step")
+
+ var captured *smithyhttp.Request
+ next := smithymiddleware.BuildHandlerFunc(func(_ context.Context, in
smithymiddleware.BuildInput) (smithymiddleware.BuildOutput,
smithymiddleware.Metadata, error) {
+ captured = in.Request.(*smithyhttp.Request)
+ return smithymiddleware.BuildOutput{},
smithymiddleware.Metadata{}, nil
+ })
+
+ ctx := smithymiddleware.WithOperationName(context.Background(), opName)
+ _, _, err := m.HandleBuild(ctx, smithymiddleware.BuildInput{Request:
req}, next)
+ require.NoError(t, err)
+ return captured
+}
+
+func addInitializeStub(t *testing.T, stack *smithymiddleware.Stack, id string)
{
+ t.Helper()
+ m := smithymiddleware.InitializeMiddlewareFunc(id, func(
+ ctx context.Context, in smithymiddleware.InitializeInput, next
smithymiddleware.InitializeHandler,
+ ) (smithymiddleware.InitializeOutput, smithymiddleware.Metadata, error)
{
+ return next.HandleInitialize(ctx, in)
+ })
+ require.NoError(t, stack.Initialize.Add(m, smithymiddleware.After))
+}
+
+func addFinalizeStub(t *testing.T, stack *smithymiddleware.Stack, id string) {
+ t.Helper()
+ m := smithymiddleware.FinalizeMiddlewareFunc(id, func(
+ ctx context.Context, in smithymiddleware.FinalizeInput, next
smithymiddleware.FinalizeHandler,
+ ) (smithymiddleware.FinalizeOutput, smithymiddleware.Metadata, error) {
+ return next.HandleFinalize(ctx, in)
+ })
+ require.NoError(t, stack.Finalize.Add(m, smithymiddleware.After))
+}
++++++ gitlab-container-registry.obsinfo ++++++
--- /var/tmp/diff_new_pack.iKZUWF/_old 2026-06-28 21:08:47.274631652 +0200
+++ /var/tmp/diff_new_pack.iKZUWF/_new 2026-06-28 21:08:47.278631788 +0200
@@ -1,5 +1,5 @@
name: gitlab-container-registry
-version: 4.40.1
-mtime: 1779476874
-commit: b4c21f9e3907860dbb70cb2a3d6ee438077032cb
+version: 4.40.2
+mtime: 1782310797
+commit: 14eed6857a7cd4b1e053502dce1aa6f3f74f4be1
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/gitlab-container-registry/vendor.tar.gz
/work/SRC/openSUSE:Factory/.gitlab-container-registry.new.11887/vendor.tar.gz
differ: char 19, line 1
