Azure
/
ARO-RP
зеркало из https://github.com/Azure/ARO-RP.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bump github.com/sylabs/sif/v2 from 2.7.0 to 2.8.1 

Bumps [github.com/sylabs/sif/v2](https://github.com/sylabs/sif) from 2.7.0 to 2.8.1.
- [Release notes](https://github.com/sylabs/sif/releases)
- [Changelog](https://github.com/sylabs/sif/blob/main/.goreleaser.yml)
- [Commits](https://github.com/sylabs/sif/compare/v2.7.0...v2.8.1)

---
updated-dependencies:
- dependency-name: github.com/sylabs/sif/v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-07-14 16:28:36 +00:00 коммит произвёл GitHub
Родитель 3b6a3ce949
Коммит b9b7fa8872
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
7 изменённых файлов: 173 добавлений и 85 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
go.mod
Просмотреть файл

@ -259,7 +259,7 @@ require (
github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/sylabs/sif/v2 v2.7.1 // indirect
github.com/sylabs/sif/v2 v2.8.1 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/tchap/go-patricia v2.3.0+incompatible // indirect
github.com/theupdateframework/go-tuf v0.3.1 // indirect

4
go.sum
Просмотреть файл

@ -1769,8 +1769,8 @@ github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gt
github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/sylabs/sif/v2 v2.7.0/go.mod h1:TiyBWsgWeh5yBeQFNuQnvROwswqK7YJT8JA1L53bsXQ=
github.com/sylabs/sif/v2 v2.7.1 h1:XXt9AP39sQfsMCGOGQ/XP9H47yqZOvAonalkaCaNIYM=
github.com/sylabs/sif/v2 v2.7.1/go.mod h1:bBse2nEFd3yHkmq6KmAOFEWQg5LdFYiQUdVcgamxlc8=
github.com/sylabs/sif/v2 v2.8.1 h1:whr4Vz12RXfLnYyVGHoD/rD/hbF2g9OW7BJHa+WIqW8=
github.com/sylabs/sif/v2 v2.8.1/go.mod h1:LQOdYXC9a8i7BleTKRw9lohi0rTbXkJOeS9u0ebvgyM=
github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=

14
vendor/github.com/sylabs/sif/v2/pkg/sif/buffer.go сгенерированный поставляемый
Просмотреть файл

@ -1,4 +1,4 @@
// Copyright (c) 2021, Sylabs Inc. All rights reserved.
// Copyright (c) 2021-2022, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
// LICENSE file distributed with the sources of this project regarding your
// rights to use or distribute this software.
@ -25,7 +25,7 @@ func NewBuffer(buf []byte) *Buffer {
var errNegativeOffset = errors.New("negative offset")
// ReadAt implements the io.ReaderAt interface.
func (b *Buffer) ReadAt(p []byte, off int64) (n int, err error) {
func (b *Buffer) ReadAt(p []byte, off int64) (int, error) {
if off < 0 {
return 0, errNegativeOffset
}
@ -34,17 +34,17 @@ func (b *Buffer) ReadAt(p []byte, off int64) (n int, err error) {
return 0, io.EOF
}
n = copy(p, b.buf[off:])
n := copy(p, b.buf[off:])
if n < len(p) {
err = io.EOF
return n, io.EOF
}
return n, err
return n, nil
}
var errNegativePosition = errors.New("negative position")
// Write implements the io.Writer interface.
func (b *Buffer) Write(p []byte) (n int, err error) {
func (b *Buffer) Write(p []byte) (int, error) {
if b.pos < 0 {
return 0, errNegativePosition
}
@ -53,7 +53,7 @@ func (b *Buffer) Write(p []byte) (n int, err error) {
b.buf = append(b.buf, make([]byte, need-have)...)
}
n = copy(b.buf[b.pos:], p)
n := copy(b.buf[b.pos:], p)
b.pos += int64(n)
return n, nil
}

31
vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor.go сгенерированный поставляемый
Просмотреть файл

@ -1,4 +1,4 @@
// Copyright (c) 2018-2021, Sylabs Inc. All rights reserved.
// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
// Copyright (c) 2017, SingularityWare, LLC. All rights reserved.
// Copyright (c) 2017, Yannick Cote <yhcote@gmail.com> All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
@ -56,6 +56,11 @@ type cryptoMessage struct {
Messagetype MessageType
}
// sbom represents the SIF SBOM data object descriptor.
type sbom struct {
Format SBOMFormat
}
var errNameTooLarge = errors.New("name value too large")
// setName encodes name into the name field of d.
@ -96,7 +101,7 @@ func (d *rawDescriptor) setExtra(v interface{}) error {
}
// getPartitionMetadata gets metadata for a partition data object.
func (d rawDescriptor) getPartitionMetadata() (fs FSType, pt PartType, arch string, err error) {
func (d rawDescriptor) getPartitionMetadata() (FSType, PartType, string, error) {
if got, want := d.DataType, DataPartition; got != want {
return 0, 0, "", &unexpectedDataTypeError{got, []DataType{want}}
}
@ -142,6 +147,8 @@ func (d Descriptor) GroupID() uint32 { return d.raw.GroupID &^ descrGroupMask }
// LinkedID returns the object/group ID d is linked to, or zero if d does not contain a linked
// ID. If isGroup is true, the returned id is an object group ID. Otherwise, the returned id is a
// data object ID.
//
//nolint:nonamedreturns // Named returns effective as documentation.
func (d Descriptor) LinkedID() (id uint32, isGroup bool) {
return d.raw.LinkedID &^ descrGroupMask, d.raw.LinkedID&descrGroupMask == descrGroupMask
}
@ -162,6 +169,8 @@ func (d Descriptor) ModifiedAt() time.Time { return time.Unix(d.raw.ModifiedAt,
func (d Descriptor) Name() string { return strings.TrimRight(string(d.raw.Name[:]), "\000") }
// PartitionMetadata gets metadata for a partition data object.
//
//nolint:nonamedreturns // Named returns effective as documentation.
func (d Descriptor) PartitionMetadata() (fs FSType, pt PartType, arch string, err error) {
return d.raw.getPartitionMetadata()
}
@ -186,6 +195,8 @@ func getHashType(ht hashType) (crypto.Hash, error) {
}
// SignatureMetadata gets metadata for a signature data object.
//
//nolint:nonamedreturns // Named returns effective as documentation.
func (d Descriptor) SignatureMetadata() (ht crypto.Hash, fp []byte, err error) {
if got, want := d.raw.DataType, DataSignature; got != want {
return ht, fp, &unexpectedDataTypeError{got, []DataType{want}}
@ -224,6 +235,22 @@ func (d Descriptor) CryptoMessageMetadata() (FormatType, MessageType, error) {
return m.Formattype, m.Messagetype, nil
}
// SBOMMetadata gets metadata for a SBOM data object.
func (d Descriptor) SBOMMetadata() (SBOMFormat, error) {
if got, want := d.raw.DataType, DataSBOM; got != want {
return 0, &unexpectedDataTypeError{got, []DataType{want}}
}
var s sbom
b := bytes.NewReader(d.raw.Extra[:])
if err := binary.Read(b, binary.LittleEndian, &s); err != nil {
return 0, fmt.Errorf("%w", err)
}
return s.Format, nil
}
// GetData returns the data object associated with descriptor d.
func (d Descriptor) GetData() ([]byte, error) {
b := make([]byte, d.raw.Size)

35
vendor/github.com/sylabs/sif/v2/pkg/sif/descriptor_input.go сгенерированный поставляемый
Просмотреть файл

@ -1,4 +1,4 @@
// Copyright (c) 2021, Sylabs Inc. All rights reserved.
// Copyright (c) 2021-2022, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
// LICENSE file distributed with the sources of this project regarding your
// rights to use or distribute this software.
@ -10,7 +10,6 @@ import (
"errors"
"fmt"
"io"
"os"
"time"
)
@ -227,6 +226,24 @@ func OptSignatureMetadata(ht crypto.Hash, fp []byte) DescriptorInputOpt {
}
}
// OptSBOMMetadata sets metadata for a SBOM data object. The SBOM format is set to f.
//
// If this option is applied to a data object with an incompatible type, an error is returned.
func OptSBOMMetadata(f SBOMFormat) DescriptorInputOpt {
return func(t DataType, opts *descriptorOpts) error {
if got, want := t, DataSBOM; got != want {
return &unexpectedDataTypeError{got, []DataType{want}}
}
s := sbom{
Format: f,
}
opts.extra = s
return nil
}
}
// DescriptorInput describes a new data object.
type DescriptorInput struct {
dt DataType
@ -242,14 +259,15 @@ const DefaultObjectGroup = 1
//
// It is possible (and often necessary) to store additional metadata related to certain types of
// data objects. Consider supplying options such as OptCryptoMessageMetadata, OptPartitionMetadata,
// and OptSignatureMetadata for this purpose.
// OptSignatureMetadata, and OptSBOMMetadata for this purpose.
//
// By default, the data object will be placed in the default data object group (1). To override
// this behavior, use OptNoGroup or OptGroupID. To link this data object, use OptLinkedID or
// OptLinkedGroupID.
//
// By default, the data object will be aligned according to the system's memory page size. To
// override this behavior, consider using OptObjectAlignment.
// By default, the data object will not be aligned unless it is of type DataPartition, in which
// case it will be aligned on a 4096 byte boundary. To override this behavior, consider using
// OptObjectAlignment.
//
// By default, no name is set for data object. To set a name, use OptObjectName.
//
@ -258,8 +276,11 @@ const DefaultObjectGroup = 1
// image modification time. To override this behavior, consider using OptObjectTime.
func NewDescriptorInput(t DataType, r io.Reader, opts ...DescriptorInputOpt) (DescriptorInput, error) {
dopts := descriptorOpts{
groupID: DefaultObjectGroup,
alignment: os.Getpagesize(),
groupID: DefaultObjectGroup,
}
if t == DataPartition {
dopts.alignment = 4096
}
for _, opt := range opts {

168
vendor/github.com/sylabs/sif/v2/pkg/sif/sif.go сгенерированный поставляемый
Просмотреть файл

@ -1,4 +1,4 @@
// Copyright (c) 2018-2021, Sylabs Inc. All rights reserved.
// Copyright (c) 2018-2022, Sylabs Inc. All rights reserved.
// Copyright (c) 2017, SingularityWare, LLC. All rights reserved.
// Copyright (c) 2017, Yannick Cote <yhcote@gmail.com> All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
@ -10,69 +10,68 @@
//
// Layout of a SIF file (example):
//
// .================================================.
// | GLOBAL HEADER: Sifheader |
// | - launch: "#!/usr/bin/env..." |
// | - magic: "SIF_MAGIC" |
// | - version: "1" |
// | - arch: "4" |
// | - uuid: b2659d4e-bd50-4ea5-bd17-eec5e54f918e |
// | - ctime: 1504657553 |
// | - mtime: 1504657653 |
// | - ndescr: 3 |
// | - descroff: 120 | --.
// | - descrlen: 432 | |
// | - dataoff: 4096 | |
// | - datalen: 619362 | |
// |------------------------------------------------| <-'
// | DESCR[0]: Sifdeffile |
// | - Sifcommon |
// | - datatype: DATA_DEFFILE |
// | - id: 1 |
// | - groupid: 1 |
// | - link: NONE |
// | - fileoff: 4096 | --.
// | - filelen: 222 | |
// |------------------------------------------------| <-----.
// | DESCR[1]: Sifpartition | | |
// | - Sifcommon | | |
// | - datatype: DATA_PARTITION | | |
// | - id: 2 | | |
// | - groupid: 1 | | |
// | - link: NONE | | |
// | - fileoff: 4318 | ----. |
// | - filelen: 618496 | | | |
// | - fstype: Squashfs | | | |
// | - parttype: System | | | |
// | - content: Linux | | | |
// |------------------------------------------------| | | |
// | DESCR[2]: Sifsignature | | | |
// | - Sifcommon | | | |
// | - datatype: DATA_SIGNATURE | | | |
// | - id: 3 | | | |
// | - groupid: NONE | | | |
// | - link: 2 | ------'
// | - fileoff: 622814 | ------.
// | - filelen: 644 | | | |
// | - hashtype: SHA384 | | | |
// | - entity: @ | | | |
// |------------------------------------------------| <-' | |
// | Definition file data | | |
// | . | | |
// | . | | |
// | . | | |
// |------------------------------------------------| <---' |
// | File system partition image | |
// | . | |
// | . | |
// | . | |
// |------------------------------------------------| <-----'
// | Signed verification data |
// | . |
// | . |
// | . |
// `================================================'
//
// .================================================.
// | GLOBAL HEADER: Sifheader |
// | - launch: "#!/usr/bin/env..." |
// | - magic: "SIF_MAGIC" |
// | - version: "1" |
// | - arch: "4" |
// | - uuid: b2659d4e-bd50-4ea5-bd17-eec5e54f918e |
// | - ctime: 1504657553 |
// | - mtime: 1504657653 |
// | - ndescr: 3 |
// | - descroff: 120 | --.
// | - descrlen: 432 | |
// | - dataoff: 4096 | |
// | - datalen: 619362 | |
// |------------------------------------------------| <-'
// | DESCR[0]: Sifdeffile |
// | - Sifcommon |
// | - datatype: DATA_DEFFILE |
// | - id: 1 |
// | - groupid: 1 |
// | - link: NONE |
// | - fileoff: 4096 | --.
// | - filelen: 222 | |
// |------------------------------------------------| <-----.
// | DESCR[1]: Sifpartition | | |
// | - Sifcommon | | |
// | - datatype: DATA_PARTITION | | |
// | - id: 2 | | |
// | - groupid: 1 | | |
// | - link: NONE | | |
// | - fileoff: 4318 | ----. |
// | - filelen: 618496 | | | |
// | - fstype: Squashfs | | | |
// | - parttype: System | | | |
// | - content: Linux | | | |
// |------------------------------------------------| | | |
// | DESCR[2]: Sifsignature | | | |
// | - Sifcommon | | | |
// | - datatype: DATA_SIGNATURE | | | |
// | - id: 3 | | | |
// | - groupid: NONE | | | |
// | - link: 2 | ------'
// | - fileoff: 622814 | ------.
// | - filelen: 644 | | | |
// | - hashtype: SHA384 | | | |
// | - entity: @ | | | |
// |------------------------------------------------| <-' | |
// | Definition file data | | |
// | . | | |
// | . | | |
// | . | | |
// |------------------------------------------------| <---' |
// | File system partition image | |
// | . | |
// | . | |
// | . | |
// |------------------------------------------------| <-----'
// | Signed verification data |
// | . |
// | . |
// | . |
// `================================================'
package sif
import (
@ -133,6 +132,7 @@ const (
DataGenericJSON // generic JSON meta-data
DataGeneric // generic / raw data
DataCryptoMessage // cryptographic message data object
DataSBOM // software bill of materials
)
// String returns a human-readable representation of t.
@ -154,6 +154,8 @@ func (t DataType) String() string {
return "Generic/Raw"
case DataCryptoMessage:
return "Cryptographic Message"
case DataSBOM:
return "SBOM"
}
return "Unknown"
}
@ -268,6 +270,44 @@ func (t MessageType) String() string {
return "Unknown"
}
// SBOMFormat represents the format used to store an SBOM object.
type SBOMFormat int32
// List of supported SBOM formats.
const (
SBOMFormatCycloneDXJSON SBOMFormat = iota + 1 // CycloneDX (JSON)
SBOMFormatCycloneDXXML // CycloneDX (XML)
SBOMFormatGitHubJSON // GitHub dependency snapshot (JSON)
SBOMFormatSPDXJSON // SPDX (JSON)
SBOMFormatSPDXRDF // SPDX (RDF/xml)
SBOMFormatSPDXTagValue // SPDX (tag/value)
SBOMFormatSPDXYAML // SPDX (YAML)
SBOMFormatSyftJSON // Syft (JSON)
)
// String returns a human-readable representation of f.
func (f SBOMFormat) String() string {
switch f {
case SBOMFormatCycloneDXJSON:
return "cyclonedx-json"
case SBOMFormatCycloneDXXML:
return "cyclonedx-xml"
case SBOMFormatGitHubJSON:
return "github-json"
case SBOMFormatSPDXJSON:
return "spdx-json"
case SBOMFormatSPDXRDF:
return "spdx-rdf"
case SBOMFormatSPDXTagValue:
return "spdx-tag-value"
case SBOMFormatSPDXYAML:
return "spdx-yaml"
case SBOMFormatSyftJSON:
return "syft-json"
}
return "unknown"
}
// header describes a loaded SIF file.
type header struct {
LaunchScript [hdrLaunchLen]byte

4
vendor/modules.txt поставляемый
Просмотреть файл

@ -1585,8 +1585,8 @@ github.com/stoewer/go-strcase
## explicit; go 1.20
github.com/stretchr/testify/assert
github.com/stretchr/testify/require
# github.com/sylabs/sif/v2 v2.7.1
## explicit; go 1.17
# github.com/sylabs/sif/v2 v2.8.1
## explicit; go 1.18
github.com/sylabs/sif/v2/pkg/sif
# github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
## explicit