summaryrefslogtreecommitdiff
path: root/vendor/github.com
diff options
context:
space:
mode:
authordependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>2021-06-29 12:30:56 +0000
committerGitHub <noreply@github.com>2021-06-29 12:30:56 +0000
commitfb5f70296b1fddd48024b5f1bef70d182b6c2008 (patch)
treefc2a3dcd054a40d7a3ee5f7db49d61528177bb1e /vendor/github.com
parentc260cbd29d831597df660fcf095e9db587ab856a (diff)
downloadpodman-fb5f70296b1fddd48024b5f1bef70d182b6c2008.tar.gz
podman-fb5f70296b1fddd48024b5f1bef70d182b6c2008.tar.bz2
podman-fb5f70296b1fddd48024b5f1bef70d182b6c2008.zip
Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.1 to 1.1.2. - [Release notes](https://github.com/containers/ocicrypt/releases) - [Commits](https://github.com/containers/ocicrypt/compare/v1.1.1...v1.1.2) --- updated-dependencies: - dependency-name: github.com/containers/ocicrypt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Diffstat (limited to 'vendor/github.com')
-rw-r--r--vendor/github.com/containers/ocicrypt/ADOPTERS.md10
-rw-r--r--vendor/github.com/containers/ocicrypt/README.md6
-rw-r--r--vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go21
3 files changed, 28 insertions, 9 deletions
diff --git a/vendor/github.com/containers/ocicrypt/ADOPTERS.md b/vendor/github.com/containers/ocicrypt/ADOPTERS.md
new file mode 100644
index 000000000..fa4b03bb8
--- /dev/null
+++ b/vendor/github.com/containers/ocicrypt/ADOPTERS.md
@@ -0,0 +1,10 @@
+Below are list of adopters of the `ocicrypt` library or supports use of OCI encrypted images:
+- [skopeo](https://github.com/containers/skopeo)
+- [buildah](https://github.com/containers/buildah)
+- [containerd](https://github.com/containerd/imgcrypt)
+- [nerdctl](https://github.com/containerd/nerdctl)
+- [distribution](https://github.com/distribution/distribution)
+
+Below are the list of projects that are in the process of adopting support:
+- [quay](https://github.com/quay/quay)
+- [kata-containers](https://github.com/kata-containers/kata-containers)
diff --git a/vendor/github.com/containers/ocicrypt/README.md b/vendor/github.com/containers/ocicrypt/README.md
index 84cab7a40..b69d14e3b 100644
--- a/vendor/github.com/containers/ocicrypt/README.md
+++ b/vendor/github.com/containers/ocicrypt/README.md
@@ -34,6 +34,12 @@ The implementation for both symmetric and asymmetric encryption used in this lib
We note that adding interfaces here is risky outside the OCI spec is not recommended, unless for very specialized and confined usecases. Please open an issue or PR if there is a general usecase that could be added to the OCI spec.
+
+#### Keyprovider interface
+
+As part of the keywrap interface, there is a [keyprovider](https://github.com/containers/ocicrypt/blob/main/docs/keyprovider.md) implementation that allows one to call out to a binary or service.
+
+
## Security Issues
We consider security issues related to this library critical. Please report and security related issues by emailing maintainers in the [MAINTAINERS](MAINTAINERS) file.
diff --git a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
index 198c554aa..717e7f218 100644
--- a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
+++ b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
@@ -89,7 +89,11 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, []
func processx509Certs(keys []string) ([][]byte, error) {
var x509s [][]byte
for _, key := range keys {
- tmp, err := ioutil.ReadFile(strings.Split(key, ":")[0])
+ fileName := strings.Split(key, ":")[0]
+ if _, err := os.Stat(fileName); os.IsNotExist(err) {
+ continue
+ }
+ tmp, err := ioutil.ReadFile(fileName)
if err != nil {
return nil, errors.Wrap(err, "Unable to read file")
}
@@ -157,7 +161,7 @@ func processPrivateKeyFiles(keyFilesAndPwds []string) ([][]byte, [][]byte, [][]b
var password []byte
// treat "provider" protocol separately
- if strings.HasPrefix(keyfileAndPwd, "provider:"){
+ if strings.HasPrefix(keyfileAndPwd, "provider:") {
keyProviders = append(keyProviders, []byte(keyfileAndPwd[len("provider:"):]))
continue
}
@@ -207,14 +211,13 @@ func CreateDecryptCryptoConfig(keys []string, decRecipients []string) (encconfig
return encconfig.CryptoConfig{}, err
}
- if len(x509s) > 0 {
- // x509 certs can also be passed in via keys
- x509FromKeys, err := processx509Certs(keys)
- if err != nil {
- return encconfig.CryptoConfig{}, err
- }
- x509s = append(x509s, x509FromKeys...)
+ // x509 certs can also be passed in via keys
+ x509FromKeys, err := processx509Certs(keys)
+ if err != nil {
+ return encconfig.CryptoConfig{}, err
}
+ x509s = append(x509s, x509FromKeys...)
+
gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privKeys, privKeysPasswords, pkcs11Yamls, keyProviders, err := processPrivateKeyFiles(keys)
if err != nil {
return encconfig.CryptoConfig{}, err