opencontainers/umoci
1
0
Fork 0
mirror of https://github.com/opencontainers/umoci.git synced 2026-02-05 09:45:50 +01:00
Code Issues Activity
1,419 Commits 2 Branches 20 Tags
main
Commit Graph

1419 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aleksa Sarai
2abf0e66c3 EXECUTE ORDER #666 
Aleksa Sarai (1):
  layer: reject empty whiteout name '.wh.'

LGTMs: cyphar
 2026-01-10 14:22:43 +01:00
Aleksa Sarai
635306a311 layer: reject empty whiteout name '.wh.' 
This is likely invalid according to the image-spec, and also is treated
strangely by umoci (effectively it is treated the same as an opaque
whiteout due to an implementation detail of how we represent opaque
whiteouts).

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2026-01-10 14:05:54 +01:00
dependabot[bot]
702d84258d Merge pull request #664 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.40.0 2026-01-10 11:14:21 +01:00
Aleksa Sarai
31b182ffbf merge #665 into opencontainers/umoci:main 
Aleksa Sarai (1):
  deps: update to github.com/vbatts/go-mtree@v0.7.0

LGTMs: cyphar
 2026-01-10 11:14:21 +01:00
dependabot[bot]
28fd75cb0e build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.39.0 to 0.40.0.
- [Commits](https://github.com/golang/sys/compare/v0.39.0...v0.40.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-10 11:14:21 +01:00
Aleksa Sarai
1a830460ef deps: update to github.com/vbatts/go-mtree@v0.7.0 
This includes all of the patches we had applied already, so we can
finally remove the "replace" statement.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2026-01-10 11:14:20 +01:00
Aleksa Sarai
712f78763a *: update license headers 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2026-01-10 11:14:14 +01:00
Aleksa Sarai
4e04bc5072 merge #663 into opencontainers/umoci:main 
Aleksa Sarai (1):
  go: bump github.com/vbatts/go-mtree fork

LGTMs: cyphar
 2025-12-28 01:19:53 +11:00
Aleksa Sarai
d0d42346cf go: bump github.com/vbatts/go-mtree fork 
The fork was rebased to pick up the golang.org/x/crypto version bump
that fixes some (completely unrelated to umoci) CVEs.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-12-21 20:54:35 +09:00
dependabot[bot]
8069b96b12 Merge pull request #659 from opencontainers/dependabot/go_modules/google.golang.org/protobuf-1.36.11 2025-12-21 11:54:19 +00:00
dependabot[bot]
d5306cfa7e Merge pull request #660 from opencontainers/dependabot/github_actions/actions/download-artifact-7 2025-12-21 11:04:17 +00:00
dependabot[bot]
f962674e65 Merge pull request #661 from opencontainers/dependabot/github_actions/actions/upload-artifact-6 2025-12-21 11:03:39 +00:00
dependabot[bot]
603510c096 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 
Bumps google.golang.org/protobuf from 1.36.10 to 1.36.11.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-21 10:56:39 +00:00
dependabot[bot]
8ac840492b build(deps): bump actions/download-artifact from 6 to 7 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-21 10:56:21 +00:00
dependabot[bot]
9750ea379e build(deps): bump actions/upload-artifact from 5 to 6 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-21 10:56:18 +00:00
Aleksa Sarai
f53b4ff695 gha: update modernise import URL 
Ref: https://go.dev/cl/706918
Ref: https://go.dev/cl/730820
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-12-21 19:53:30 +09:00
Aleksa Sarai
5b8022f5bb *: fix modernise failures 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-12-21 19:51:48 +09:00
dependabot[bot]
70fc5ee1f4 Merge pull request #658 from opencontainers/dependabot/github_actions/actions/cache-5 2025-12-13 05:41:54 +00:00
dependabot[bot]
ba7b1c6828 build(deps): bump actions/cache from 4 to 5 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-12 06:02:18 +00:00
dependabot[bot]
4eb239b7bb Merge pull request #657 from opencontainers/dependabot/docker/skopeo/stable-v1.21 2025-12-12 00:36:47 +00:00
dependabot[bot]
32d08a1562 build(deps): bump skopeo/stable from v1.20 to v1.21 
Bumps [skopeo/stable](https://github.com/containers/image_build) from v1.20 to v1.21.
- [Commits](https://github.com/containers/image_build/commits)

---
updated-dependencies:
- dependency-name: skopeo/stable
  dependency-version: v1.21
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-11 06:02:14 +00:00
dependabot[bot]
d55a80471c Merge pull request #656 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.39.0 2025-12-09 11:49:03 +00:00
dependabot[bot]
918717f5a5 build(deps): bump golang.org/x/sys from 0.38.0 to 0.39.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.38.0 to 0.39.0.
- [Commits](https://github.com/golang/sys/compare/v0.38.0...v0.39.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.39.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-09 06:02:28 +00:00
dependabot[bot]
5a7ac3c69d Merge pull request #655 from opencontainers/dependabot/github_actions/actions/checkout-6 2025-11-21 06:22:06 +00:00
dependabot[bot]
c12a43d7cf build(deps): bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-21 06:02:18 +00:00
dependabot[bot]
7815eede01 Merge pull request #654 from opencontainers/dependabot/go_modules/github.com/cyphar/filepath-securejoin-0.6.1 2025-11-20 07:41:36 +00:00
dependabot[bot]
0b6075924c build(deps): bump github.com/cyphar/filepath-securejoin 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-20 06:02:07 +00:00
Aleksa Sarai
5c1a29e544 gha: configure codecov slug properly 
Our main branch has been failing to upload coverage to CodeCov for a
month with the following error:

  error - 2025-11-11 05:32:32,830 -- Upload failed: {"message":"Repository not found"}

Hopefully configuring the slug explicitly will resolve this issue...

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-12 06:50:28 +11:00
Aleksa Sarai
530682fb72 merge #653 into opencontainers/umoci:main 
Aleksa Sarai (1):
  oci: convert: do not overwrite explicitly configured HOME

LGTMs: cyphar
 2025-11-12 06:29:21 +11:00
Aleksa Sarai
9b9f329c45 oci: convert: do not overwrite explicitly configured HOME 
User data should always take precedence, but we would forcefully
overwrite HOME with the value in /etc/passwd (if we found it). We should
only set HOME if it is not already set.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-12 06:17:06 +11:00
Aleksa Sarai
3e0f59e18d merge #651 into opencontainers/umoci:main 
Aleksa Sarai (1):
  lints: update to golangci-lint v2.6

LGTMs: cyphar
 2025-11-11 16:25:18 +11:00
Aleksa Sarai
4716af5b75 lints: update to golangci-lint v2.6 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-11-11 15:32:15 +11:00
dependabot[bot]
607c29541c Merge pull request #650 from opencontainers/dependabot/go_modules/golang.org/x/sys-0.38.0 2025-11-10 06:11:29 +00:00
dependabot[bot]
38cda024fa Merge pull request #649 from opencontainers/dependabot/github_actions/golangci/golangci-lint-action-9 2025-11-10 06:10:50 +00:00
dependabot[bot]
3434a1359d build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/sys/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-version: 0.38.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 06:02:38 +00:00
dependabot[bot]
55dba0302f build(deps): bump golangci/golangci-lint-action from 8 to 9 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 8 to 9.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v8...v9)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-10 06:02:33 +00:00
dependabot[bot]
a0b653cf08 Merge pull request #648 from opencontainers/dependabot/go_modules/github.com/opencontainers/runtime-spec-1.3.0 2025-11-05 07:00:21 +00:00
dependabot[bot]
6c3d3c2c15 build(deps): bump github.com/opencontainers/runtime-spec 
Bumps [github.com/opencontainers/runtime-spec](https://github.com/opencontainers/runtime-spec) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/opencontainers/runtime-spec/releases)
- [Changelog](https://github.com/opencontainers/runtime-spec/blob/main/ChangeLog)
- [Commits](https://github.com/opencontainers/runtime-spec/compare/v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/runtime-spec
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-05 06:02:05 +00:00
dependabot[bot]
ac85339a8c Merge pull request #647 from opencontainers/dependabot/go_modules/github.com/cyphar/filepath-securejoin-0.6.0 2025-11-03 06:27:32 +00:00
dependabot[bot]
9bbe33bb8e build(deps): bump github.com/cyphar/filepath-securejoin 
Bumps [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](https://github.com/cyphar/filepath-securejoin/compare/v0.5.0...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-03 06:03:27 +00:00
Aleksa Sarai
13c7ab54c4 go.mod: add comment for go-mtree replace directive 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-10-31 21:22:27 +11:00
dependabot[bot]
75c7d494f6 Merge pull request #644 from opencontainers/dependabot/github_actions/actions/download-artifact-6 2025-10-27 10:46:23 +00:00
dependabot[bot]
183a8a30ac Merge pull request #643 from opencontainers/dependabot/github_actions/actions/upload-artifact-5 2025-10-27 10:46:14 +00:00
dependabot[bot]
acb9f853b8 build(deps): bump actions/download-artifact from 5 to 6 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 06:20:51 +00:00
dependabot[bot]
5bb4ba16c1 build(deps): bump actions/upload-artifact from 4 to 5 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-27 06:16:30 +00:00
Aleksa Sarai
94413883fc tests: add handling for non-test binaries 
openSUSE QA has started running our tests with the actual package
binaries, which causes the xattr tests to fail (because we assume that
the binary is a test binary with special handling for forbidden xattrs).

The solution is to provide some information in "umoci --version" about
whether the binary is a test binary and then modify the test
accordingly.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-10-26 20:57:25 +11:00
Aleksa Sarai
f404574b38 lint: update to golangci-lint v2.5 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-10-24 12:23:26 +11:00
Aleksa Sarai
d6313283c3 deps: update github.com/AdaLogics/go-fuzz-headers to latest 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-10-17 01:13:58 +11:00
Aleksa Sarai
8d053d6682 merge #642 into opencontainers/umoci:main 
Aleksa Sarai (2):
  VERSION: back to development
  VERSION: release v0.6.0

LGTMs: cyphar
 2025-10-15 20:01:52 +11:00
Aleksa Sarai
35992baee4 VERSION: back to development 
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
 2025-10-15 19:50:14 +11:00