Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package containerd for openSUSE:Factory
checked in at 2021-11-22 23:03:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/containerd (Old)
and /work/SRC/openSUSE:Factory/.containerd.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "containerd"
Mon Nov 22 23:03:44 2021 rev:46 rq:932376 version:1.4.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/containerd/containerd.changes 2021-10-20
20:24:38.737391457 +0200
+++ /work/SRC/openSUSE:Factory/.containerd.new.1895/containerd.changes
2021-11-22 23:03:51.417997889 +0100
@@ -1,0 +2,6 @@
+Fri Nov 19 00:01:23 UTC 2021 - Aleksa Sarai <asa...@suse.com>
+
+- Update to containerd v1.4.12 for Docker 20.10.11-ce.
+ bsc#1192814 CVE-2021-41190
+
+-------------------------------------------------------------------
Old:
----
containerd-1.4.11_5b46e404f6b9.tar.xz
New:
----
containerd-1.4.12_7b11cfaabd73.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ containerd.spec ++++++
--- /var/tmp/diff_new_pack.a4lB4I/_old 2021-11-22 23:03:52.081995661 +0100
+++ /var/tmp/diff_new_pack.a4lB4I/_new 2021-11-22 23:03:52.085995648 +0100
@@ -23,11 +23,11 @@
%endif
# MANUAL: Update the git_version.
-%define git_version 5b46e404f6b9f661a205e28d59c982d3634148f8
-%define git_short 5b46e404f6b9
+%define git_version 7b11cfaabd73bb80907dd23182b9347b4245eb5d
+%define git_short 7b11cfaabd73
Name: containerd
-Version: 1.4.11
+Version: 1.4.12
Release: 0
Summary: Standalone OCI Container Daemon
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.a4lB4I/_old 2021-11-22 23:03:52.113995554 +0100
+++ /var/tmp/diff_new_pack.a4lB4I/_new 2021-11-22 23:03:52.113995554 +0100
@@ -3,8 +3,8 @@
<param name="url">https://github.com/containerd/containerd.git</param>
<param name="scm">git</param>
<param name="filename">containerd</param>
- <param name="versionformat">1.4.11_%h</param>
- <param name="revision">v1.4.11</param>
+ <param name="versionformat">1.4.12_%h</param>
+ <param name="revision">v1.4.12</param>
<param name="exclude">.git</param>
</service>
<service name="recompress" mode="disabled">
++++++ containerd-1.4.11_5b46e404f6b9.tar.xz ->
containerd-1.4.12_7b11cfaabd73.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/.github/workflows/ci.yml
new/containerd-1.4.12_7b11cfaabd73/.github/workflows/ci.yml
--- old/containerd-1.4.11_5b46e404f6b9/.github/workflows/ci.yml 2021-10-04
17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/.github/workflows/ci.yml 2021-11-17
20:52:12.000000000 +0100
@@ -26,7 +26,7 @@
- name: Install Go
uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
@@ -82,7 +82,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
@@ -128,7 +128,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
@@ -166,7 +166,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
@@ -199,7 +199,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
@@ -285,7 +285,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/.github/workflows/nightly.yml
new/containerd-1.4.12_7b11cfaabd73/.github/workflows/nightly.yml
--- old/containerd-1.4.11_5b46e404f6b9/.github/workflows/nightly.yml
2021-10-04 17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/.github/workflows/nightly.yml
2021-11-17 20:52:12.000000000 +0100
@@ -14,7 +14,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Checkout
uses: actions/checkout@v1
@@ -138,7 +138,7 @@
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Checkout
uses: actions/checkout@v1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/.github/workflows/release.yml
new/containerd-1.4.12_7b11cfaabd73/.github/workflows/release.yml
--- old/containerd-1.4.11_5b46e404f6b9/.github/workflows/release.yml
2021-10-04 17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/.github/workflows/release.yml
2021-11-17 20:52:12.000000000 +0100
@@ -62,7 +62,7 @@
- name: Install Go
uses: actions/setup-go@v2
with:
- go-version: '1.16.8'
+ go-version: '1.16.10'
- name: Set env
shell: bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/containerd-1.4.11_5b46e404f6b9/.travis.yml
new/containerd-1.4.12_7b11cfaabd73/.travis.yml
--- old/containerd-1.4.11_5b46e404f6b9/.travis.yml 2021-10-04
17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/.travis.yml 2021-11-17
20:52:12.000000000 +0100
@@ -15,7 +15,7 @@
- linux
go:
- - "1.16.8"
+ - "1.16.10"
env:
- TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1
TRAVIS_DISTRO=bionic GOPROXY=direct
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/.zuul/playbooks/containerd-build/run.yaml
new/containerd-1.4.12_7b11cfaabd73/.zuul/playbooks/containerd-build/run.yaml
---
old/containerd-1.4.11_5b46e404f6b9/.zuul/playbooks/containerd-build/run.yaml
2021-10-04 17:24:47.000000000 +0200
+++
new/containerd-1.4.12_7b11cfaabd73/.zuul/playbooks/containerd-build/run.yaml
2021-11-17 20:52:12.000000000 +0100
@@ -2,7 +2,7 @@
become: yes
roles:
- role: config-golang
- go_version: '1.16.8'
+ go_version: '1.16.10'
arch: arm64
tasks:
- name: Build containerd
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/containerd-1.4.11_5b46e404f6b9/Vagrantfile
new/containerd-1.4.12_7b11cfaabd73/Vagrantfile
--- old/containerd-1.4.11_5b46e404f6b9/Vagrantfile 2021-10-04
17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/Vagrantfile 2021-11-17
20:52:12.000000000 +0100
@@ -77,7 +77,7 @@
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = {
- 'GO_VERSION': ENV['GO_VERSION'] || "1.16.8",
+ 'GO_VERSION': ENV['GO_VERSION'] || "1.16.10",
}
sh.inline = <<~SHELL
#!/usr/bin/env bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/contrib/Dockerfile.test
new/containerd-1.4.12_7b11cfaabd73/contrib/Dockerfile.test
--- old/containerd-1.4.11_5b46e404f6b9/contrib/Dockerfile.test 2021-10-04
17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/contrib/Dockerfile.test 2021-11-17
20:52:12.000000000 +0100
@@ -10,7 +10,7 @@
#
# docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc93 -f
Dockerfile.test ../
-ARG GOLANG_VERSION=1.16.8
+ARG GOLANG_VERSION=1.16.10
FROM golang:${GOLANG_VERSION} AS golang-base
RUN mkdir -p /go/src/github.com/containerd/containerd
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/containerd-1.4.11_5b46e404f6b9/images/image.go
new/containerd-1.4.12_7b11cfaabd73/images/image.go
--- old/containerd-1.4.11_5b46e404f6b9/images/image.go 2021-10-04
17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/images/image.go 2021-11-17
20:52:12.000000000 +0100
@@ -19,6 +19,7 @@
import (
"context"
"encoding/json"
+ "fmt"
"sort"
"time"
@@ -154,6 +155,10 @@
return nil, err
}
+ if err := validateMediaType(p, desc.MediaType); err !=
nil {
+ return nil, errors.Wrapf(err, "manifest:
invalid desc %s", desc.Digest)
+ }
+
var manifest ocispec.Manifest
if err := json.Unmarshal(p, &manifest); err != nil {
return nil, err
@@ -194,6 +199,10 @@
return nil, err
}
+ if err := validateMediaType(p, desc.MediaType); err !=
nil {
+ return nil, errors.Wrapf(err, "manifest:
invalid desc %s", desc.Digest)
+ }
+
var idx ocispec.Index
if err := json.Unmarshal(p, &idx); err != nil {
return nil, err
@@ -336,6 +345,10 @@
return nil, err
}
+ if err := validateMediaType(p, desc.MediaType); err != nil {
+ return nil, errors.Wrapf(err, "children: invalid desc
%s", desc.Digest)
+ }
+
// TODO(stevvooe): We just assume oci manifest, for now. There
may be
// subtle differences from the docker version.
var manifest ocispec.Manifest
@@ -351,6 +364,10 @@
return nil, err
}
+ if err := validateMediaType(p, desc.MediaType); err != nil {
+ return nil, errors.Wrapf(err, "children: invalid desc
%s", desc.Digest)
+ }
+
var index ocispec.Index
if err := json.Unmarshal(p, &index); err != nil {
return nil, err
@@ -368,6 +385,44 @@
return descs, nil
}
+// unknownDocument represents a manifest, manifest list, or index that has not
+// yet been validated.
+type unknownDocument struct {
+ MediaType string `json:"mediaType,omitempty"`
+ Config json.RawMessage `json:"config,omitempty"`
+ Layers json.RawMessage `json:"layers,omitempty"`
+ Manifests json.RawMessage `json:"manifests,omitempty"`
+ FSLayers json.RawMessage `json:"fsLayers,omitempty"` // schema 1
+}
+
+// validateMediaType returns an error if the byte slice is invalid JSON or if
+// the media type identifies the blob as one format but it contains elements of
+// another format.
+func validateMediaType(b []byte, mt string) error {
+ var doc unknownDocument
+ if err := json.Unmarshal(b, &doc); err != nil {
+ return err
+ }
+ if len(doc.FSLayers) != 0 {
+ return fmt.Errorf("media-type: schema 1 not supported")
+ }
+ switch mt {
+ case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
+ if len(doc.Manifests) != 0 ||
+ doc.MediaType == MediaTypeDockerSchema2ManifestList ||
+ doc.MediaType == ocispec.MediaTypeImageIndex {
+ return fmt.Errorf("media-type: expected manifest but
found index (%s)", mt)
+ }
+ case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
+ if len(doc.Config) != 0 || len(doc.Layers) != 0 ||
+ doc.MediaType == MediaTypeDockerSchema2Manifest ||
+ doc.MediaType == ocispec.MediaTypeImageManifest {
+ return fmt.Errorf("media-type: expected index but found
manifest (%s)", mt)
+ }
+ }
+ return nil
+}
+
// RootFS returns the unpacked diffids that make up and images rootfs.
//
// These are used to verify that a set of layers unpacked to the expected
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/containerd-1.4.11_5b46e404f6b9/images/image_test.go
new/containerd-1.4.12_7b11cfaabd73/images/image_test.go
--- old/containerd-1.4.11_5b46e404f6b9/images/image_test.go 1970-01-01
01:00:00.000000000 +0100
+++ new/containerd-1.4.12_7b11cfaabd73/images/image_test.go 2021-11-17
20:52:12.000000000 +0100
@@ -0,0 +1,150 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package images
+
+import (
+ "encoding/json"
+ "testing"
+
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+func TestValidateMediaType(t *testing.T) {
+ docTests := []struct {
+ mt string
+ index bool
+ }{
+ {MediaTypeDockerSchema2Manifest, false},
+ {ocispec.MediaTypeImageManifest, false},
+ {MediaTypeDockerSchema2ManifestList, true},
+ {ocispec.MediaTypeImageIndex, true},
+ }
+ for _, tc := range docTests {
+ t.Run("manifest-"+tc.mt, func(t *testing.T) {
+ manifest := ocispec.Manifest{
+ Config: ocispec.Descriptor{Size: 1},
+ Layers: []ocispec.Descriptor{{Size: 2}},
+ }
+ b, err := json.Marshal(manifest)
+ if err != nil {
+ t.Fatal("failed to marshal manifest", err)
+ }
+
+ err = validateMediaType(b, tc.mt)
+ if tc.index {
+ if err == nil {
+ t.Error("manifest should not be a valid
index")
+ }
+ } else {
+ if err != nil {
+ t.Error("manifest should be valid")
+ }
+ }
+ })
+ t.Run("index-"+tc.mt, func(t *testing.T) {
+ index := ocispec.Index{
+ Manifests: []ocispec.Descriptor{{Size: 1}},
+ }
+ b, err := json.Marshal(index)
+ if err != nil {
+ t.Fatal("failed to marshal index", err)
+ }
+
+ err = validateMediaType(b, tc.mt)
+ if tc.index {
+ if err != nil {
+ t.Error("index should be valid")
+ }
+ } else {
+ if err == nil {
+ t.Error("index should not be a valid
manifest")
+ }
+ }
+ })
+ }
+
+ mtTests := []struct {
+ mt string
+ valid []string
+ invalid []string
+ }{{
+ MediaTypeDockerSchema2Manifest,
+ []string{MediaTypeDockerSchema2Manifest,
ocispec.MediaTypeImageManifest},
+ []string{MediaTypeDockerSchema2ManifestList,
ocispec.MediaTypeImageIndex},
+ }, {
+ ocispec.MediaTypeImageManifest,
+ []string{MediaTypeDockerSchema2Manifest,
ocispec.MediaTypeImageManifest},
+ []string{MediaTypeDockerSchema2ManifestList,
ocispec.MediaTypeImageIndex},
+ }, {
+ MediaTypeDockerSchema2ManifestList,
+ []string{MediaTypeDockerSchema2ManifestList,
ocispec.MediaTypeImageIndex},
+ []string{MediaTypeDockerSchema2Manifest,
ocispec.MediaTypeImageManifest},
+ }, {
+ ocispec.MediaTypeImageIndex,
+ []string{MediaTypeDockerSchema2ManifestList,
ocispec.MediaTypeImageIndex},
+ []string{MediaTypeDockerSchema2Manifest,
ocispec.MediaTypeImageManifest},
+ }}
+ for _, tc := range mtTests {
+ for _, v := range tc.valid {
+ t.Run("valid-"+tc.mt+"-"+v, func(t *testing.T) {
+ doc := struct {
+ MediaType string `json:"mediaType"`
+ }{MediaType: v}
+ b, err := json.Marshal(doc)
+ if err != nil {
+ t.Fatal("failed to marshal document",
err)
+ }
+
+ err = validateMediaType(b, tc.mt)
+ if err != nil {
+ t.Error("document should be valid", err)
+ }
+ })
+ }
+ for _, iv := range tc.invalid {
+ t.Run("invalid-"+tc.mt+"-"+iv, func(t *testing.T) {
+ doc := struct {
+ MediaType string `json:"mediaType"`
+ }{MediaType: iv}
+ b, err := json.Marshal(doc)
+ if err != nil {
+ t.Fatal("failed to marshal document",
err)
+ }
+
+ err = validateMediaType(b, tc.mt)
+ if err == nil {
+ t.Error("document should not be valid")
+ }
+ })
+ }
+ }
+ t.Run("schema1", func(t *testing.T) {
+ doc := struct {
+ FSLayers []string `json:"fsLayers"`
+ }{FSLayers: []string{"1"}}
+ b, err := json.Marshal(doc)
+ if err != nil {
+ t.Fatal("failed to marshal document", err)
+ }
+
+ err = validateMediaType(b, "")
+ if err == nil {
+ t.Error("document should not be valid")
+ }
+
+ })
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/containerd-1.4.11_5b46e404f6b9/releases/v1.4.12.toml
new/containerd-1.4.12_7b11cfaabd73/releases/v1.4.12.toml
--- old/containerd-1.4.11_5b46e404f6b9/releases/v1.4.12.toml 1970-01-01
01:00:00.000000000 +0100
+++ new/containerd-1.4.12_7b11cfaabd73/releases/v1.4.12.toml 2021-11-17
20:52:12.000000000 +0100
@@ -0,0 +1,23 @@
+# commit to be tagged for new release
+commit = "HEAD"
+
+project_name = "containerd"
+github_repo = "containerd/containerd"
+match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$"
+
+# previous release
+previous = "v1.4.11"
+
+pre_release = false
+
+preface = """\
+The twelfth patch release for containerd 1.4 contains a few minor bug fixes
+and an update to mitigate
[CVE-2021-41190](https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m).
+
+### Notable Updates
+
+* **Handle ambiguous OCI manifest parsing**
([GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35))
+* **Update pull to try next mirror for non-404 errors**
([#5275](https://github.com/containerd/containerd/pull/5275))
+* **Update pull to handle of non-https urls in descriptors**
([#6221](https://github.com/containerd/containerd/pull/6221))
+
+See the changelog for complete list of changes"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/remotes/docker/fetcher.go
new/containerd-1.4.12_7b11cfaabd73/remotes/docker/fetcher.go
--- old/containerd-1.4.11_5b46e404f6b9/remotes/docker/fetcher.go
2021-10-04 17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/remotes/docker/fetcher.go
2021-11-17 20:52:12.000000000 +0100
@@ -60,6 +60,10 @@
log.G(ctx).WithError(err).Debug("failed to
parse")
continue
}
+ if u.Scheme != "http" && u.Scheme != "https" {
+ log.G(ctx).Debug("non-http(s) alternative url
is unsupported")
+ continue
+ }
log.G(ctx).Debug("trying alternative url")
// Try this first, parse it
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/remotes/docker/resolver.go
new/containerd-1.4.12_7b11cfaabd73/remotes/docker/resolver.go
--- old/containerd-1.4.11_5b46e404f6b9/remotes/docker/resolver.go
2021-10-04 17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/remotes/docker/resolver.go
2021-11-17 20:52:12.000000000 +0100
@@ -238,10 +238,10 @@
}
var (
- lastErr error
- paths [][]string
- dgst = refspec.Digest()
- caps = HostCapabilityPull
+ firstErr error
+ paths [][]string
+ dgst = refspec.Digest()
+ caps = HostCapabilityPull
)
if dgst != "" {
@@ -292,8 +292,8 @@
err = errors.Wrapf(err, "pull access
denied, repository does not exist or may require authorization")
}
// Store the error for referencing later
- if lastErr == nil {
- lastErr = err
+ if firstErr == nil {
+ firstErr = err
}
log.G(ctx).WithError(err).Info("trying next
host")
continue // try another host
@@ -305,7 +305,14 @@
log.G(ctx).Info("trying next host -
response was http.StatusNotFound")
continue
}
- return "", ocispec.Descriptor{},
errors.Errorf("unexpected status code %v: %v", u, resp.Status)
+ if resp.StatusCode > 399 {
+ // Set firstErr when encountering the
first non-404 status code.
+ if firstErr == nil {
+ firstErr =
errors.Errorf("pulling from host %s failed with status code %v: %v", host.Host,
u, resp.Status)
+ }
+ continue // try another host
+ }
+ return "", ocispec.Descriptor{},
errors.Errorf("pulling from host %s failed with unexpected status code %v: %v",
host.Host, u, resp.Status)
}
size := resp.ContentLength
contentType := getManifestMediaType(resp)
@@ -368,8 +375,8 @@
}
// Prevent resolving to excessively large manifests
if size > MaxManifestSize {
- if lastErr == nil {
- lastErr =
errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size,
ref)
+ if firstErr == nil {
+ firstErr =
errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size,
ref)
}
continue
}
@@ -385,11 +392,15 @@
}
}
- if lastErr == nil {
- lastErr = errors.Wrap(errdefs.ErrNotFound, ref)
+ // If above loop terminates without return, then there was an error.
+ // "firstErr" contains the first non-404 error. That is, "firstErr ==
nil"
+ // means that either no registries were given or each registry returned
404.
+
+ if firstErr == nil {
+ firstErr = errors.Wrap(errdefs.ErrNotFound, ref)
}
- return "", ocispec.Descriptor{}, lastErr
+ return "", ocispec.Descriptor{}, firstErr
}
func (r *dockerResolver) Fetcher(ctx context.Context, ref string)
(remotes.Fetcher, error) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/containerd-1.4.11_5b46e404f6b9/remotes/docker/schema1/converter.go
new/containerd-1.4.12_7b11cfaabd73/remotes/docker/schema1/converter.go
--- old/containerd-1.4.11_5b46e404f6b9/remotes/docker/schema1/converter.go
2021-10-04 17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/remotes/docker/schema1/converter.go
2021-11-17 20:52:12.000000000 +0100
@@ -256,6 +256,9 @@
if err := json.Unmarshal(b, &m); err != nil {
return err
}
+ if len(m.Manifests) != 0 || len(m.Layers) != 0 {
+ return errors.New("converter: expected schema1 document but
found extra keys")
+ }
c.pulledManifest = &m
return nil
@@ -472,8 +475,10 @@
}
type manifest struct {
- FSLayers []fsLayer `json:"fsLayers"`
- History []history `json:"history"`
+ FSLayers []fsLayer `json:"fsLayers"`
+ History []history `json:"history"`
+ Layers json.RawMessage `json:"layers,omitempty"` // OCI manifest
+ Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index
}
type v1History struct {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/containerd-1.4.11_5b46e404f6b9/version/version.go
new/containerd-1.4.12_7b11cfaabd73/version/version.go
--- old/containerd-1.4.11_5b46e404f6b9/version/version.go 2021-10-04
17:24:47.000000000 +0200
+++ new/containerd-1.4.12_7b11cfaabd73/version/version.go 2021-11-17
20:52:12.000000000 +0100
@@ -23,7 +23,7 @@
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
- Version = "1.4.11+unknown"
+ Version = "1.4.12+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to
build
// the program at linking time.
