Releases: hauler-dev/cosign
v2.4.1+carbide.2
amartin120
Adam Martin
ee9b762
amartin120
Adam Martin
Changes:
-
In order to support Hauler hauls seeding RKE2 in an air-gapped installation, we needed to adjust an annotation in the image.json created by our cosign fork.
-
the annotation for default registry needs to be
docker.ioinstead ofindex.docker.iodespite them being the same thing.
Verification/Testing of Changes:
Doesn't work:
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:c2280d2f5f56cf9c9a01bb64b2db4651e35efd6d62a54dcfc12049fe6449c5e4",
"annotations": {
"io.containerd.image.name": "index.docker.io/rancher/mirrored-pause:3.6",
"kind": "dev.cosignproject.cosign/image",
"org.opencontainers.image.ref.name": "rancher/mirrored-pause:3.6"
}
}
]
}Works:
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"size": 526,
"digest": "sha256:c2280d2f5f56cf9c9a01bb64b2db4651e35efd6d62a54dcfc12049fe6449c5e4",
"annotations": {
"io.containerd.image.name": "docker.io/rancher/mirrored-pause:3.6",
"kind": "dev.cosignproject.cosign/image",
"org.opencontainers.image.ref.name": "rancher/mirrored-pause:3.6"
}
}
]
}Additional Context:
-
Libraries like
github.com/google/go-containerregistrydefault toindex.docker.iowhen parsing an image reference. This behavior originates from historical conventions tied to Docker Hub's full domain name (index.docker.io), which was explicitly used in the early days of Docker. -
Why
index.docker.ioingo-containerregistry?- Historical Naming:
Docker Hub was initially identified asindex.docker.io, and this full domain persisted in older tooling and libraries.
Whiledocker.iobecame the shorthand,index.docker.ioremained the "canonical" name in certain libraries and APIs. - Standardized Parsing:
Thego-containerregistrylibrary adheres to a stricter parsing approach, considering the full domain name (index.docker.io) rather than relying on the default aliasdocker.io.
This avoids ambiguities when working with other registries or configurations that might not aliasdocker.iocorrectly. - Compatibility with OCI Image Spec:
The library prioritizes adherence to the OCI image spec, where fully qualified references are preferred.
Usingindex.docker.ioensures an explicit, unambiguous reference to the Docker Hub.
- Historical Naming:
-
Impact on
containerdand Similar Tools:- When using
go-containerregistryor similar libraries, the explicit reference toindex.docker.iomight cause issues with tools likecontainerdthat do not treatindex.docker.ioas a default alias fordocker.io.
- When using
Full Changelog: v2.4.1+carbide.1...v2.4.1+carbide.2
v2.4.1+carbide.1
amartin120
Adam Martin
b8416a2
amartin120
Adam Martin
What's Changed
- Updated fork to include upstream cosign 2.4.1. by @amartin120
- Binaries are no longer necessary to include here in the release. Fork now used as library in Hauler.
Full Changelog: https://github.com/hauler-dev/cosign/commits/v2.4.1+carbide.1
Contributors
Assets 2
v2.2.3+carbide.3
What's Changed
io.containerd.image.nameadded as an additional annotation inindex.jsonby @amartin120 in #11
Full Changelog: v2.2.3+carbide.2...v2.2.3+carbide.3
Contributors
Assets 9
v2.2.3+carbide.2
What's Changed
- 4954236 - revert ReplaceIndex back to AppendIndex - bugfix
Full Changelog: v2.2.3+carbide.1...v2.2.3+carbide.2
v2.2.3+carbide.1
What's Changed
- updated to v2.2.3 by @amartin120 in #8
- image caching for
cosign save+ duplicate index.json entry fixes by @amartin120 in #9
Full Changelog: v2.2.2+carbide.2...v2.2.3+carbide.1
Contributors
Assets 9
v2.2.2+carbide.2
What's Changed
- fixed bug with save platform. by @amartin120 in #7
Contributors
Assets 8
v2.2.2+carbide.1
What's Changed
- add platform flag to cosign save. by @amartin120 in #3
Contributors
Assets 8
v2.2.0+carbide.2
What's Changed
- Allow cosign save to reuse save directory to help dedupe shared layers. by @amartin120 in #1
- Save/Load to include SBOMS by @amartin120 in #2
Contributors
Assets 8
v2.2.0+carbide.1
Allow cosign save to reuse save directory to help dedupe shared layer…