Update vendors to versioning

Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2020-02-24 22:08:31 +00:00 · 2020-02-24 22:08:31 +00:00 · 808ae59cf6
commit 808ae59cf6
parent 7a24da0375
7 changed files with 30 additions and 7 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -89,7 +89,7 @@ github.com/containernetworking/cni 4cfb7b568922a3c79a23e438dc52fe537fc9687e # v0
 github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9

 # image decrypt depedencies
-github.com/containerd/imgcrypt 99334633d4657af3f32670947eb1008250e564d9
-github.com/containers/ocicrypt 142388cb70de0fe8c7edd921df79e477ab8b3051
-gopkg.in/square/go-jose.v2 v2.3.1 https://github.com/square/go-jose.git
-github.com/fullsailor/pkcs7 8306686428a5fe132eac8cb7c4848af725098bd4
+github.com/containerd/imgcrypt v1.0.1
+github.com/containers/ocicrypt v1.0.1 # from containerd/imgcrypt
+gopkg.in/square/go-jose.v2 v2.3.1 https://github.com/square/go-jose.git # from containers/ocicrypt
+github.com/fullsailor/pkcs7 8306686428a5fe132eac8cb7c4848af725098bd4 # from containers/ocicrypt
--- a/vendor/github.com/containerd/imgcrypt/go.mod
+++ b/vendor/github.com/containerd/imgcrypt/go.mod
@ -13,7 +13,7 @@ require (
 	github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda // indirect
 	github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8 // indirect
 	github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd
-	github.com/containers/ocicrypt v0.0.0-20190930154801-b87a4a69c741
+	github.com/containers/ocicrypt v1.0.1
 	github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b // indirect
 	github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible // indirect
 	github.com/docker/go-events v0.0.0-20170721190031-9461782956ad // indirect
--- a/vendor/github.com/containers/ocicrypt/encryption.go
+++ b/vendor/github.com/containers/ocicrypt/encryption.go
@ -196,10 +196,13 @@ func decryptLayerKeyOptsData(dc *config.DecryptConfig, desc ocispec.Descriptor)
 		if b64Annotation != "" {
 			keywrapper := GetKeyWrapper(scheme)

-			if len(keywrapper.GetPrivateKeys(dc.Parameters)) == 0 {
+			if keywrapper.NoPossibleKeys(dc.Parameters) {
 				continue
 			}
-			privKeyGiven = true
+
+			if len(keywrapper.GetPrivateKeys(dc.Parameters)) > 0 {
+				privKeyGiven = true
+			}

 			optsData, err := preUnwrapKey(keywrapper, dc, b64Annotation)
 			if err != nil {
--- a/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go
+++ b/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go
@ -91,6 +91,10 @@ func (kw *jweKeyWrapper) UnwrapKey(dc *config.DecryptConfig, jweString []byte) (
 	return nil, errors.New("JWE: No suitable private key found for decryption")
 }

+func (kw *jweKeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool {
+	return len(kw.GetPrivateKeys(dcparameters)) == 0
+}
+
 func (kw *jweKeyWrapper) GetPrivateKeys(dcparameters map[string][][]byte) [][]byte {
 	return dcparameters["privkeys"]
 }
--- a/vendor/github.com/containers/ocicrypt/keywrap/keywrap.go
+++ b/vendor/github.com/containers/ocicrypt/keywrap/keywrap.go
@ -26,15 +26,23 @@ type KeyWrapper interface {
 	WrapKeys(ec *config.EncryptConfig, optsData []byte) ([]byte, error)
 	UnwrapKey(dc *config.DecryptConfig, annotation []byte) ([]byte, error)
 	GetAnnotationID() string
+
+	// NoPossibleKeys returns true if there is no possibility of performing
+	// decryption for parameters provided.
+	NoPossibleKeys(dcparameters map[string][][]byte) bool
+
 	// GetPrivateKeys (optional) gets the array of private keys. It is an optional implementation
 	// as in some key services, a private key may not be exportable (i.e. HSM)
+	// If not implemented, return nil
 	GetPrivateKeys(dcparameters map[string][][]byte) [][]byte

 	// GetKeyIdsFromPacket (optional) gets a list of key IDs. This is optional as some encryption
 	// schemes may not have a notion of key IDs
+	// If not implemented, return the nil slice
 	GetKeyIdsFromPacket(packet string) ([]uint64, error)

 	// GetRecipients (optional) gets a list of recipients. It is optional due to the validity of
 	// recipients in a particular encryptiong scheme
+	// If not implemented, return the nil slice
 	GetRecipients(packet string) ([]string, error)
 }
--- a/vendor/github.com/containers/ocicrypt/keywrap/pgp/keywrapper_gpg.go
+++ b/vendor/github.com/containers/ocicrypt/keywrap/pgp/keywrapper_gpg.go
@ -191,6 +191,10 @@ func (kw *gpgKeyWrapper) GetRecipients(b64pgpPackets string) ([]string, error) {
 	return array, nil
 }

+func (kw *gpgKeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool {
+	return len(kw.GetPrivateKeys(dcparameters)) == 0
+}
+
 func (kw *gpgKeyWrapper) GetPrivateKeys(dcparameters map[string][][]byte) [][]byte {
 	return dcparameters["gpg-privatekeys"]
 }
--- a/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
+++ b/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
@ -70,6 +70,10 @@ func collectX509s(x509s [][]byte) ([]*x509.Certificate, error) {
 	return x509Certs, nil
 }

+func (kw *pkcs7KeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool {
+	return len(kw.GetPrivateKeys(dcparameters)) == 0
+}
+
 func (kw *pkcs7KeyWrapper) GetPrivateKeys(dcparameters map[string][][]byte) [][]byte {
 	return dcparameters["privkeys"]
 }