From aea0ade801dfbd6443c01d1bb7d2b03b44fb95a3 Mon Sep 17 00:00:00 2001 From: Yan Song Date: Mon, 19 Jun 2023 03:43:46 +0000 Subject: [PATCH 1/2] nydus: append useful annotations for manifest Add the following annotations for each manifest of nydus image: - containerd.io/snapshot/nydus-source-digest - containerd.io/snapshot/nydus-source-reference - containerd.io/snapshot/nydus-fs-version - containerd.io/snapshot/nydus-builder-version And allow external tool (for example nydusify) to append extra annotations using `converter.WithAnnotation` option. Signed-off-by: Yan Song --- pkg/adapter/annotation/annotation.go | 74 +++++++++----------------- pkg/converter/converter.go | 22 ++++---- pkg/converter/opts.go | 12 +++++ pkg/driver/nydus/nydus.go | 77 ++++++++++++++++++++++++---- 4 files changed, 111 insertions(+), 74 deletions(-) diff --git a/pkg/adapter/annotation/annotation.go b/pkg/adapter/annotation/annotation.go index 810d3bd8..dfcbd247 100644 --- a/pkg/adapter/annotation/annotation.go +++ b/pkg/adapter/annotation/annotation.go @@ -18,57 +18,31 @@ import ( "context" "fmt" + "github.com/containerd/containerd/content" "github.com/containerd/containerd/images" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" - providerContent "github.com/goharbor/acceleration-service/pkg/content" - nydusutils "github.com/goharbor/acceleration-service/pkg/driver/nydus/utils" "github.com/goharbor/acceleration-service/pkg/utils" ) -type Appended struct { - DriverName string - DriverVersion string - SourceDigest string - ExtraAnnotations map[string]string -} - -const ( - // The name annotation is used to identify different accelerated image formats in harbor. - // Example value: `nydus`, `estargz`. - AnnotationAccelerationDriverName = "io.goharbor.artifact.v1alpha1.acceleration.driver.name" - // The version annotation is used to identify different accelerated image format versions - // with same driver in harbor. - AnnotationAccelerationDriverVersion = "io.goharbor.artifact.v1alpha1.acceleration.driver.version" - // The digest annotation is used to reference the source (original) image, which can be - // used to avoid duplicate conversion or track the relationship between the source image - // and converted image in harbor. - // Example value: `sha256:2d64e20e048640ecb619b82a26c168b7649a173d4ad6cf2af3feda9b64fe6fb8`. - AnnotationAccelerationSourceDigest = "io.goharbor.artifact.v1alpha1.acceleration.source.digest" -) - -func annotate(annotations map[string]string, appended Appended) map[string]string { +func annotate(annotations map[string]string, appended map[string]string) map[string]string { if annotations == nil { annotations = make(map[string]string) } - annotations[AnnotationAccelerationDriverName] = appended.DriverName - if appended.DriverVersion != "" { - annotations[AnnotationAccelerationDriverVersion] = appended.DriverVersion - } - if appended.SourceDigest != "" { - annotations[AnnotationAccelerationSourceDigest] = appended.SourceDigest - } - - for k, v := range appended.ExtraAnnotations { + for k, v := range appended { annotations[k] = v } return annotations } -func Append(ctx context.Context, provider providerContent.Provider, desc *ocispec.Descriptor, appended Appended) (*ocispec.Descriptor, error) { +func Append(ctx context.Context, cs content.Store, desc *ocispec.Descriptor, appended map[string]string) (*ocispec.Descriptor, error) { + if appended == nil { + return desc, nil + } + var labels map[string]string var err error @@ -76,13 +50,13 @@ func Append(ctx context.Context, provider providerContent.Provider, desc *ocispe // Refer: https://github.com/goharbor/harbor/blob/main/src/controller/artifact/abstractor.go#L75 case ocispec.MediaTypeImageManifest, images.MediaTypeDockerSchema2Manifest: var manifest ocispec.Manifest - labels, err = utils.ReadJSON(ctx, provider.ContentStore(), &manifest, *desc) + labels, err = utils.ReadJSON(ctx, cs, &manifest, *desc) if err != nil { return nil, errors.Wrap(err, "read manifest") } manifest.Annotations = annotate(manifest.Annotations, appended) - desc, err := utils.WriteJSON(ctx, provider.ContentStore(), manifest, *desc, "", labels) + desc, err := utils.WriteJSON(ctx, cs, manifest, *desc, "", labels) if err != nil { return nil, errors.Wrap(err, "write manifest") } @@ -92,28 +66,26 @@ func Append(ctx context.Context, provider providerContent.Provider, desc *ocispe // Refer: https://github.com/goharbor/harbor/blob/main/src/controller/artifact/abstractor.go#L79 case ocispec.MediaTypeImageIndex, images.MediaTypeDockerSchema2ManifestList: var index ocispec.Index - labels, err = utils.ReadJSON(ctx, provider.ContentStore(), &index, *desc) + labels, err = utils.ReadJSON(ctx, cs, &index, *desc) if err != nil { return nil, errors.Wrap(err, "read manifest index") } for idx, maniDesc := range index.Manifests { - if maniDesc.Platform != nil && maniDesc.Platform.OSFeatures[0] == nydusutils.ManifestOSFeatureNydus { - var manifest ocispec.Manifest - labels, err = utils.ReadJSON(ctx, provider.ContentStore(), &manifest, maniDesc) - if err != nil { - return nil, errors.Wrap(err, "read manifest") - } - - manifest.Annotations = annotate(maniDesc.Annotations, appended) - newManiDesc, err := utils.WriteJSON(ctx, provider.ContentStore(), manifest, maniDesc, "", labels) - if err != nil { - return nil, errors.Wrap(err, "write manifest") - } - index.Manifests[idx] = *newManiDesc + var manifest ocispec.Manifest + labels, err = utils.ReadJSON(ctx, cs, &manifest, maniDesc) + if err != nil { + return nil, errors.Wrap(err, "read manifest") + } + + manifest.Annotations = annotate(maniDesc.Annotations, appended) + newManiDesc, err := utils.WriteJSON(ctx, cs, manifest, maniDesc, "", labels) + if err != nil { + return nil, errors.Wrap(err, "write manifest") } + index.Manifests[idx] = *newManiDesc } - desc, err := utils.WriteJSON(ctx, provider.ContentStore(), index, *desc, "", labels) + desc, err := utils.WriteJSON(ctx, cs, index, *desc, "", labels) if err != nil { return nil, errors.Wrap(err, "write manifest index") } diff --git a/pkg/converter/converter.go b/pkg/converter/converter.go index fc93c55b..fae1d97a 100644 --- a/pkg/converter/converter.go +++ b/pkg/converter/converter.go @@ -34,9 +34,10 @@ import ( var logger = logrus.WithField("module", "converter") type Converter struct { - driver driver.Driver - provider content.Provider - platformMC platforms.MatchComparer + driver driver.Driver + provider content.Provider + platformMC platforms.MatchComparer + extraAnnotations map[string]string } func New(opts ...ConvertOpt) (*Converter, error) { @@ -58,9 +59,10 @@ func New(opts ...ConvertOpt) (*Converter, error) { } handler := &Converter{ - driver: driver, - provider: options.provider, - platformMC: platformMC, + driver: driver, + provider: options.provider, + platformMC: platformMC, + extraAnnotations: options.annotations, } return handler, nil @@ -124,13 +126,9 @@ func (cvt *Converter) Convert(ctx context.Context, source, target string) (*Metr if err != nil { return nil, errors.Wrap(err, "convert image") } - desc, err = annotation.Append(ctx, cvt.provider, desc, annotation.Appended{ - DriverName: cvt.driver.Name(), - DriverVersion: cvt.driver.Version(), - ExtraAnnotations: desc.Annotations, - }) + desc, err = annotation.Append(ctx, cvt.provider.ContentStore(), desc, cvt.extraAnnotations) if err != nil { - return nil, errors.Wrap(err, "append annotation") + return nil, errors.Wrap(err, "append extra annotations") } metric.ConversionElapsed = time.Since(start) if err := metric.SetTargetImageSize(ctx, cvt, desc); err != nil { diff --git a/pkg/converter/opts.go b/pkg/converter/opts.go index 0181f957..e86c9e78 100644 --- a/pkg/converter/opts.go +++ b/pkg/converter/opts.go @@ -24,10 +24,12 @@ type ConvertOpts struct { driverType string driverConfig map[string]string platformMC platforms.MatchComparer + annotations map[string]string } type ConvertOpt func(opts *ConvertOpts) error +// WithDriver specifies the image store provider. func WithProvider(provider content.Provider) ConvertOpt { return func(opts *ConvertOpts) error { opts.provider = provider @@ -35,6 +37,7 @@ func WithProvider(provider content.Provider) ConvertOpt { } } +// WithDriver specifies the conversion driver type and config. func WithDriver(typ string, config map[string]string) ConvertOpt { return func(opts *ConvertOpts) error { opts.driverType = typ @@ -43,9 +46,18 @@ func WithDriver(typ string, config map[string]string) ConvertOpt { } } +// WithPlatform specifies the platforms only to convert. func WithPlatform(platformMC platforms.MatchComparer) ConvertOpt { return func(opts *ConvertOpts) error { opts.platformMC = platformMC return nil } } + +// WithAnnotation appends extra annotations for each target image manifest. +func WithAnnotation(annotations map[string]string) ConvertOpt { + return func(opts *ConvertOpts) error { + opts.annotations = annotations + return nil + } +} diff --git a/pkg/driver/nydus/nydus.go b/pkg/driver/nydus/nydus.go index 9cee7191..2c8b3cf3 100644 --- a/pkg/driver/nydus/nydus.go +++ b/pkg/driver/nydus/nydus.go @@ -19,7 +19,11 @@ import ( "context" "fmt" "os" + "os/exec" + "regexp" "strconv" + "strings" + "sync" "github.com/goharbor/acceleration-service/pkg/adapter/annotation" accelcontent "github.com/goharbor/acceleration-service/pkg/content" @@ -29,6 +33,7 @@ import ( "github.com/goharbor/acceleration-service/pkg/utils" "github.com/containerd/containerd/content" + "github.com/containerd/containerd/images" "github.com/containerd/containerd/images/converter" "github.com/containerd/containerd/platforms" "github.com/containerd/nydus-snapshotter/pkg/backend" @@ -40,10 +45,19 @@ import ( ) const ( - // annotationNydusFlag is used to indicate a image which is nydus format. - annotationNydusFlag = "containerd.io/snapshot/nydus" + // annotationSourceDigest indicates the source OCI image digest. + annotationSourceDigest = "containerd.io/snapshot/nydus-source-digest" + // annotationSourceReference indicates the source OCI image reference name. + annotationSourceReference = "containerd.io/snapshot/nydus-source-reference" + // annotationFsVersion indicates the fs version (rafs v5/v6) of nydus image. + annotationFsVersion = "containerd.io/snapshot/nydus-fs-version" + // annotationBuilderVersion indicates the nydus builder (nydus-image) version. + annotationBuilderVersion = "containerd.io/snapshot/nydus-builder-version" ) +var builderVersion string +var builderVersionOnce sync.Once + type chunkDictInfo struct { BootstrapPath string } @@ -65,6 +79,23 @@ type Driver struct { platformMC platforms.MatchComparer } +func detectBuilderVersion(ctx context.Context, builder string) string { + builderVersionOnce.Do(func() { + cmd := exec.CommandContext(ctx, builder, "--version") + output, err := cmd.Output() + if err != nil { + return + } + + re := regexp.MustCompile(`Version:\s*(v.*)`) + matches := re.FindSubmatch(output) + if len(matches) > 1 { + builderVersion = strings.TrimSpace(string(matches[1])) + } + }) + return builderVersion +} + func parseBool(v string) (bool, error) { parsed := false if v != "" { @@ -174,26 +205,22 @@ func (d *Driver) Version() string { return "" } -func (d *Driver) Convert(ctx context.Context, provider accelcontent.Provider, source string) (*ocispec.Descriptor, error) { - image, err := provider.Image(ctx, source) +func (d *Driver) Convert(ctx context.Context, provider accelcontent.Provider, sourceRef string) (*ocispec.Descriptor, error) { + image, err := provider.Image(ctx, sourceRef) if err != nil { return nil, errors.Wrap(err, "get source image") } - desc, err := d.convert(ctx, provider, *image) + desc, err := d.convert(ctx, provider, *image, sourceRef) if err != nil { return nil, err } - desc.Annotations = map[string]string{ - annotationNydusFlag: "true", - annotation.AnnotationAccelerationSourceDigest: image.Digest.String(), - } if d.mergeManifest { return d.makeManifestIndex(ctx, provider.ContentStore(), *image, *desc) } return desc, err } -func (d *Driver) convert(ctx context.Context, provider accelcontent.Provider, source ocispec.Descriptor) (*ocispec.Descriptor, error) { +func (d *Driver) convert(ctx context.Context, provider accelcontent.Provider, source ocispec.Descriptor, sourceRef string) (*ocispec.Descriptor, error) { cs := provider.ContentStore() chunkDictPath := "" @@ -228,8 +255,35 @@ func (d *Driver) convert(ctx context.Context, provider accelcontent.Provider, so OCI: d.docker2oci, OCIRef: packOpt.OCIRef, } + convertHookFunc := func( + ctx context.Context, cs content.Store, orgDesc ocispec.Descriptor, newDesc *ocispec.Descriptor, + ) (*ocispec.Descriptor, error) { + // Append the nydus bootstrap layer for image manifest. + desc, err := nydusify.ConvertHookFunc(mergeOpt)(ctx, cs, orgDesc, newDesc) + if err != nil { + return nil, err + } + if !images.IsManifestType(desc.MediaType) { + return desc, err + } + + // Append the nydus related annotations for image manifest. + appended := map[string]string{ + annotationSourceDigest: string(orgDesc.Digest), + annotationSourceReference: sourceRef, + annotationFsVersion: d.fsVersion, + } + if version := detectBuilderVersion(ctx, d.builderPath); version != "" { + appended[annotationBuilderVersion] = version + } + desc, err = annotation.Append(ctx, cs, desc, appended) + if err != nil { + return nil, errors.Wrap(err, "append annotations") + } + return desc, err + } convertHooks := converter.ConvertHooks{ - PostConvertHook: nydusify.ConvertHookFunc(mergeOpt), + PostConvertHook: convertHookFunc, } indexConvertFunc := converter.IndexConvertFuncWithHook( nydusify.LayerConvertFunc(packOpt), @@ -237,6 +291,7 @@ func (d *Driver) convert(ctx context.Context, provider accelcontent.Provider, so d.platformMC, convertHooks, ) + return indexConvertFunc(ctx, cs, source) } From 9f6ae0e0bb5f50a8de69572115a13382dc021431 Mon Sep 17 00:00:00 2001 From: Yan Song Date: Mon, 19 Jun 2023 07:07:50 +0000 Subject: [PATCH 2/2] vendor: bump nydus-snapshotter v0.9.0 Signed-off-by: Yan Song --- go.mod | 10 ++++++++-- go.sum | 26 ++++++++++++++++++++++---- 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 5eeb88d5..c9622fc0 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.18 require ( github.com/containerd/containerd v1.7.2 - github.com/containerd/nydus-snapshotter v0.8.0 + github.com/containerd/nydus-snapshotter v0.9.0 github.com/containerd/stargz-snapshotter v0.14.3 github.com/containerd/stargz-snapshotter/estargz v0.14.3 github.com/docker/cli v23.0.3+incompatible @@ -14,7 +14,7 @@ require ( github.com/labstack/echo/v4 v4.10.2 github.com/labstack/gommon v0.4.0 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b + github.com/opencontainers/image-spec v1.1.0-rc3 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.14.0 github.com/sirupsen/logrus v1.9.0 @@ -57,6 +57,7 @@ require ( github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/ttrpc v1.2.2 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect + github.com/containers/ocicrypt v1.1.7 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect @@ -76,6 +77,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.17 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/miekg/pkcs11 v1.1.1 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/sys/mountinfo v0.6.2 // indirect github.com/moby/sys/sequential v0.5.0 // indirect @@ -88,10 +90,12 @@ require ( github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect github.com/vbatts/tar-split v0.11.2 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect + go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel v1.14.0 // indirect go.opentelemetry.io/otel/trace v1.14.0 // indirect @@ -99,10 +103,12 @@ require ( golang.org/x/mod v0.9.0 // indirect golang.org/x/net v0.8.0 // indirect golang.org/x/sys v0.7.0 // indirect + golang.org/x/term v0.6.0 // indirect golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.7.0 // indirect google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect google.golang.org/grpc v1.53.0 // indirect google.golang.org/protobuf v1.30.0 // indirect + gopkg.in/square/go-jose.v2 v2.5.1 // indirect ) diff --git a/go.sum b/go.sum index ab40789f..b7193f0c 100644 --- a/go.sum +++ b/go.sum @@ -66,8 +66,8 @@ github.com/containerd/continuity v0.4.1 h1:wQnVrjIyQ8vhU2sgOiL5T07jo+ouqc2bnKsv5 github.com/containerd/continuity v0.4.1/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= -github.com/containerd/nydus-snapshotter v0.8.0 h1:3Hlz/oZBUlOmM0Tf6Y1SrYc3+OOvfZ0q/CFKoGXGtxQ= -github.com/containerd/nydus-snapshotter v0.8.0/go.mod h1:UJILTN5LVBRY+dt8BGJbp72Xy729hUZsOugObEI3/O8= +github.com/containerd/nydus-snapshotter v0.9.0 h1:f0Tr3srVKDlURgLG/Kocy4WQIYsmSoc8ihHxdzfB2S0= +github.com/containerd/nydus-snapshotter v0.9.0/go.mod h1:xEsAzeM0gZEW6POBPOa+1X7EThYsEJNWnO/fhf2moYU= github.com/containerd/stargz-snapshotter v0.14.3 h1:OTUVZoPSPs8mGgmQUE1dqw3WX/3nrsmsurW7UPLWl1U= github.com/containerd/stargz-snapshotter v0.14.3/go.mod h1:j2Ya4JeA5gMZJr8BchSkPjlcCEh++auAxp4nidPI6N0= github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= @@ -76,6 +76,8 @@ github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtO github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= +github.com/containers/ocicrypt v1.1.7 h1:thhNr4fu2ltyGz8aMx8u48Ae0Pnbip3ePP9/mzkZ/3U= +github.com/containers/ocicrypt v1.1.7/go.mod h1:7CAhjcj2H8AYp5YvEie7oVSK2AhBY8NscCYRawuDNtw= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w= @@ -137,6 +139,7 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -177,6 +180,8 @@ github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPn github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= +github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= @@ -189,8 +194,9 @@ github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8= -github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= +github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= +github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/opencontainers/runc v1.1.5 h1:L44KXEpKmfWDcS02aeGm8QNTFXTo2D+8MYGDIJ/GDEs= github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= @@ -223,10 +229,13 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 h1:lIOOHPEbXzO3vnmx2gok1Tfs31Q8GQqKLc8vVqyQq/I= +github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -253,6 +262,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ= go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= +go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= +go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM= @@ -262,6 +273,7 @@ go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+go golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -282,6 +294,7 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -316,6 +329,8 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= @@ -368,11 +383,14 @@ google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cn google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w= +gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=