Currently, whenever the chart is printed, the digest of the .tar.gz
content layer is printed as the digest. The manifest digest is important
for OCI purposes, particularly in pushing to a registry.
Resolves#8248.
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
Add a unit test that proves the digest of the received content being
checked. The check should ensure that the digest of the received content
is identical to the digest provided by the manifest in the layers[0]
descriptor. This check is currently implemented in containerd, so the
unit test ensures security in the case a breaking change is made in
containerd.
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
With a large list of charts, `helm chart list` will crash with the
following message:
```
$ helm chart list --debug
Error: open
/home/me/.cache/helm/registry/cache/blobs/sha256/109971e44d63f7fd11fff60d19db41c2429a136943be2e3f8fd3e4c165156536:
too many open files
helm.go:75: [debug] open
/home/me/.cache/helm/registry/cache/blobs/sha256/109971e44d63f7fd11fff60d19db41c2429a136943be2e3f8fd3e4c165156536:
too many open files
```
Signed-off-by: Peter Engelbert <pmengelbert@gmail.com>
* fix: add new static linter and fix issues it found
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
* fixed two additional linter errors.
Signed-off-by: Matt Butcher <matt.butcher@microsoft.com>
Mediatype changed to application/tar+gzip. Please see the
following OCI mailing list item for more info:
https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/pdc1lucm_Ak
Also, improved check for invalid manifests, a nil reference error was
occurring when upgrading from existing cache with old mediatype.
Signed-off-by: Josh Dolitsky <393494+jdolitsky@users.noreply.github.com>
Also:
* add --insecure flag to "registry login"
* fix bug parsing correct tag when port number present
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
* allow repository config via cli
* make `helm repo add` create repo config file if it does not exist
* squash a ton of bugs
Signed-off-by: Adam Reese <adam@reese.io>
Go 1.12.8 introduced some breaking fixes (see 3226f2d492)
for a CVE. This broke the way we were doing registry reference parsing.
This removes the call to the containerd libraries in favor of our own
parsing and adds additional unit tests
Signed-off-by: Taylor Thomas <taylor.thomas@microsoft.com>
No more magic separating the metadata from chart tarball - charts are
pushed to registry as a single tarball layer with Chart.yaml in tact.
No more fragile custom symlink chart storage, now following
the OCI Image Layout Specification for chart filesystem cache.
Also:
- Update to ORAS 0.6.0
- Simplify registry client setup with NewClientWithDefaults()
- Remove needless annotations and constants
Fixes#6068Fixes#6141
Signed-off-by: Josh Dolitsky <jdolitsky@gmail.com>
This adds a new `gates` package used for interacting with feature gates. It also marks the OCI registry work as experimental, signalling to users that it is not a stable feature of Helm.
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
bellkeyang
Peter Engelbert
Guangwen Feng
Matthew Fisher
Adam Reese
Peter Engelbert
Juned Memon
EItanya
Matt Butcher
Josh Dolitsky
Josh Soref
Matt Farina
Josh Dolitsky
Adam Reese
Taylor Thomas