Go passes x509 verification off to the platform and different
platforms provide different responses. The Go tests for x509
even have different test files for different platform providers
that check for different messages.
This update haldes darwins difference for x509 authority handling
Closes#11159
Signed-off-by: Matt Farina <matt@mattfarina.com>
The directory created by `T.TempDir` is automatically removed when the
test and all its subtests complete.
Reference: https://pkg.go.dev/testing#T.TempDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
For more information, please see the following URL:
https://github.com/helm/community/blob/main/hips/hip-0006.md
Note: OCI support remains experimental, and you are still
required to set HELM_EXPERIMENTAL_OCI=1 in your environment.
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
ref: https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx
* Skip invalid chart versions when reading the repository index file or
when programmatically adding a chart version.
* Adds semver validation and strips non-printable characters and
normalizes spaces for string fields in Metadata.Validate()
* Fixes a unit test that was pulling a remote repo. Now uses a local
repo.
* Fixes ignored error in repo update command
Signed-off-by: Adam Reese <adam@reese.io>
* Implement `helm dep update` for oci dependencies
* New unit tests
* Remove `helm chart pull` command
* New `helm pull` does not depend on registry cache
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Chart.yaml files have an annotation field that allow a chart to
have custom information similar to the way Kubernetes annotations
work.
In an index.yaml file each chart version can have annotations in
a similar manner to the Chart.yaml file. It is derived from the
same underlying struct.
These enable extension points where people can add their own info.
One thing missing is the ability to extend the top level of an
index file. This change adds annotations to the top level of an
index.yaml file. This would provide top level support for vendors
to extent index.yaml files.
Closes#8767
Signed-off-by: Matt Farina <matt@mattfarina.com>
A recent change merged into Helm fixes a number of security issues related to parsing malformed index files. Unfortunately, it also broke the ability for users to load index files from chartmuseum, which adds a "server info" field to add additional metadata.
This commit adds that field so that index files from chartmuseum can be validated. Since Helm does not use this field for anything, the information is discarded and unused.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
For backward compatibility, as suggested by @bacongobbler, we introduce
a new API NewTempServerWithCleanup
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
* fix: write index.yaml file atomically
This refactors the already-existing `AtomicWriteFile` utility
to a central location and uses it to write index files
atomically.
This is done to avoid having half-written index files break
client requests.
Drive-bys:
- Add test for AtomicWriteFile.
- Add test IndexFile.WriteFile.
Signed-off-by: rabadin <rvbadin@gmail.com>
* Review fix: use RenameWithFallback instead of os.Rename
Signed-off-by: rabadin <rvbadin@gmail.com>
Co-authored-by: rabadin <rvbadin@gmail.com>
* fix: update unit test for go 1.14 error string change
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* changed strategy based on conversation with Adam
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Matt Farina
Martin Hickey
CI
Soule BA
Markus Lehtonen
Eng Zer Jun
Thomas Runyon
Josh Dolitsky
Matthew Fisher
John Howard
André Schröder
Nicolas De Loof
Mathieu Parent
Matt Farina
yxxhero
Josh Soref
Adam Reese
Peter Engelbert
Ma Xinjian
Matt Butcher
zouyu
Li Zhijian
Manuel Rüger
Raphaël