diff options
author | dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2021-06-29 12:30:56 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-29 12:30:56 +0000 |
commit | fb5f70296b1fddd48024b5f1bef70d182b6c2008 (patch) | |
tree | fc2a3dcd054a40d7a3ee5f7db49d61528177bb1e /vendor/github.com | |
parent | c260cbd29d831597df660fcf095e9db587ab856a (diff) | |
download | podman-fb5f70296b1fddd48024b5f1bef70d182b6c2008.tar.gz podman-fb5f70296b1fddd48024b5f1bef70d182b6c2008.tar.bz2 podman-fb5f70296b1fddd48024b5f1bef70d182b6c2008.zip |
Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.1...v1.1.2)
---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Diffstat (limited to 'vendor/github.com')
-rw-r--r-- | vendor/github.com/containers/ocicrypt/ADOPTERS.md | 10 | ||||
-rw-r--r-- | vendor/github.com/containers/ocicrypt/README.md | 6 | ||||
-rw-r--r-- | vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go | 21 |
3 files changed, 28 insertions, 9 deletions
diff --git a/vendor/github.com/containers/ocicrypt/ADOPTERS.md b/vendor/github.com/containers/ocicrypt/ADOPTERS.md new file mode 100644 index 000000000..fa4b03bb8 --- /dev/null +++ b/vendor/github.com/containers/ocicrypt/ADOPTERS.md @@ -0,0 +1,10 @@ +Below are list of adopters of the `ocicrypt` library or supports use of OCI encrypted images: +- [skopeo](https://github.com/containers/skopeo) +- [buildah](https://github.com/containers/buildah) +- [containerd](https://github.com/containerd/imgcrypt) +- [nerdctl](https://github.com/containerd/nerdctl) +- [distribution](https://github.com/distribution/distribution) + +Below are the list of projects that are in the process of adopting support: +- [quay](https://github.com/quay/quay) +- [kata-containers](https://github.com/kata-containers/kata-containers) diff --git a/vendor/github.com/containers/ocicrypt/README.md b/vendor/github.com/containers/ocicrypt/README.md index 84cab7a40..b69d14e3b 100644 --- a/vendor/github.com/containers/ocicrypt/README.md +++ b/vendor/github.com/containers/ocicrypt/README.md @@ -34,6 +34,12 @@ The implementation for both symmetric and asymmetric encryption used in this lib We note that adding interfaces here is risky outside the OCI spec is not recommended, unless for very specialized and confined usecases. Please open an issue or PR if there is a general usecase that could be added to the OCI spec. + +#### Keyprovider interface + +As part of the keywrap interface, there is a [keyprovider](https://github.com/containers/ocicrypt/blob/main/docs/keyprovider.md) implementation that allows one to call out to a binary or service. + + ## Security Issues We consider security issues related to this library critical. Please report and security related issues by emailing maintainers in the [MAINTAINERS](MAINTAINERS) file. diff --git a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go index 198c554aa..717e7f218 100644 --- a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go +++ b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go @@ -89,7 +89,11 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, [] func processx509Certs(keys []string) ([][]byte, error) { var x509s [][]byte for _, key := range keys { - tmp, err := ioutil.ReadFile(strings.Split(key, ":")[0]) + fileName := strings.Split(key, ":")[0] + if _, err := os.Stat(fileName); os.IsNotExist(err) { + continue + } + tmp, err := ioutil.ReadFile(fileName) if err != nil { return nil, errors.Wrap(err, "Unable to read file") } @@ -157,7 +161,7 @@ func processPrivateKeyFiles(keyFilesAndPwds []string) ([][]byte, [][]byte, [][]b var password []byte // treat "provider" protocol separately - if strings.HasPrefix(keyfileAndPwd, "provider:"){ + if strings.HasPrefix(keyfileAndPwd, "provider:") { keyProviders = append(keyProviders, []byte(keyfileAndPwd[len("provider:"):])) continue } @@ -207,14 +211,13 @@ func CreateDecryptCryptoConfig(keys []string, decRecipients []string) (encconfig return encconfig.CryptoConfig{}, err } - if len(x509s) > 0 { - // x509 certs can also be passed in via keys - x509FromKeys, err := processx509Certs(keys) - if err != nil { - return encconfig.CryptoConfig{}, err - } - x509s = append(x509s, x509FromKeys...) + // x509 certs can also be passed in via keys + x509FromKeys, err := processx509Certs(keys) + if err != nil { + return encconfig.CryptoConfig{}, err } + x509s = append(x509s, x509FromKeys...) + gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privKeys, privKeysPasswords, pkcs11Yamls, keyProviders, err := processPrivateKeyFiles(keys) if err != nil { return encconfig.CryptoConfig{}, err |