Update image spec fork with code from upstream #1
Open
katiewasnothere wants to merge 148 commits into
Open
Conversation
In b6d5a8c ("Change platform ref from runtime-spec"), the conversion to runtime-spec for the "os" and "architecture" fields was removed (as the fields had also been removed in runtime-spec). Re-add the conversion as an annotation field rather than a verbatim field. Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: zhouhao <zhouhao@cn.fujitsu.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
validate: add '\n'
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
travis: use Go 1.9
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This only commits the result of (make schema-fs) and is otherwise unrelated to the rest of the PR. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Francesco Mari <mari.francesco@gmail.com>
After updating gojsonschema to include xeipuuv/gojsonschema#171 , tests fail with > unable to validate: Could not read schema from HTTP, response status is 404 Not Found Before that gojsonschema change, "$ref" links were interpreted by taking the current schema source file's URI as a base, and treating "$ref" as relative to this. For example, starting with the [file://]/image-manifest-schema.json URI, as used by Validator.Validate (based on the "specs" map), the > "$ref": "content-descriptor.json" reference used to evaluate to file:///content-descriptor.json. gojsonschema.jsonReferenceLoader would then load these file:///*.json URIs via _escFS. After the gojsonschema change, "$ref" links are evaluated relative to a URI base specified by the "id" attribute inside the schema source, regardless of the "external" URI passed to the gojsonschema.JSONLoader. This is consistent with http://json-schema.org/latest/json-schema-core.html#rfc.section.8 and http://json-schema.org/latest/json-schema-core.html#rfc.section.9.2 (apart from the "id" vs. "$id" attribute name). In the same example, [file://]/image-manifest-schema.json URI contains > "id": "https://opencontainers.org/schema/image/manifest", so the same > "$ref": "content-descriptor.json" now evaluates to "https://opencontainers.org/schema/image/content-descriptor.json", which is not found by gojsonschema.jsonReferenceLoader (it uses _escFS only for file:/// URIs), resulting in the 404 quoted above. This is a minimal fix, making the schema files available to gojsonschema at the https:// URIs, while continuing to read them from _escFS. Because gojsonschema.jsonReferenceLoader can only use the provided fs for file:/// URIs, we are forced to implement our own gojsonschema.JSONLoaderFactory and gojsonschema.JSONLoader; something like this might be more generally useful and should therefore instead be provided by the gojsonschema library. This particular JSONLoader{Factory,} implementation, though, is image-spec specific because it locally works around various inconsistencies in the image-spec JSON schemas, and thus is not suitable for gojsonschema as is. Namely, the specs/*.json schema files use URIs with two URI path prefixes, https://opencontainers.org/schema/{,image/} in the top-level "id" attributes, and the nested "id" attributes along with "$ref" references use _several more_ URI path prefixes, e.g. > "id": "https://opencontainers.org/schema/image/manifest/annotations", > "$ref": "defs-descriptor.json#/definitions/annotations" in image-manifest-schema.json specifies the https://opencontainers.org/schema/image/manifest/defs-descriptor.json URI. In fact, defs-descriptor.json references use all of the following URIs: > https://opencontainers.org/schema/defs-descriptor.json > https://opencontainers.org/schema/image/defs-descriptor.json > https://opencontainers.org/schema/image/descriptor/defs-descriptor.json > https://opencontainers.org/schema/image/index/defs-descriptor.json > https://opencontainers.org/schema/image/manifest/defs-descriptor.json So, this commit introduces a loader which preserves the original _escFS layout by recognizing and stripping all of these prefixes, and using the same /*.json paths for _escFS lookups as before; this is clearly unsuitable for gojsonschema inclusion. Finally, the reason this commit uses such a fairly hacky loader is that merely changing the _escFS structure is still not sufficient to get consistent schema: the schema/*.json paths in this repository, and the "$ref" values, do not match the "id" values inside the schemas at all. E.g. image-manifest-schema.json refers to https://opencontainers.org/schema/image/manifest/content-descriptor.json , while content-descriptor.json identifies itself as https://opencontainers.org/schema/descriptor , matching neither the path prefix nor the file name. Overall, it is completely unclear to me which of the URIs is the canonical URI of the "content descriptor" schema, and the owner of the URI namespace needs to decide on the canonical schema URIs. Only afterwards can the code be cleanly modified to match the specification; until then, this commit at least keeps the tests passing, and the validator usable by external callers who want to use the public image-spec/schema.ValidateMediaType*.Validate() API. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Make JSON schema available for verification under https:// URIs
conversion: add platform conversions LGTMs: @jonboulle @stevvooe Closes opencontainers#711
clarification about nested index
The "id" values in JSON schema files must be unique, per RFC draft 8.3.1: > A schema MAY (and likely will) have multiple URIs, but there is no > way for a URI to identify more than one schema. and recent gojsonschema fails when handling such inputs (fairly nontransparently, it silently fails to resolve $ref references to absolute URIs and reports something like > Reference defs.json#/definitions/mapStringString must be canonical .) In particular, the https://opencontainers.org/schema/image/descriptor/annotations id value had three definitions. To resolve this: - Leave the definition in image-index-schema.json; although using the /descriptor subnamespace for the "manifests" array is a bit surprising, the /image/ part clearly belongs to image-index-schema.json - Rename the id definition in content-descriptor.json, to use the generic "blob descriptor" namespace. - Remove the definition in defs-descriptor.json; that seems to be an "utility" schema file describing common structures, but it's better for users to reference schema fragments by purpose than by common structure (so that we can let the structure diverge in the future if necessary). Finally, changing the content-descriptor.json "id" value changes the resolved absolute value of the reference to defs-descriptor.json, so add another namespace to be handled by fsLoaderFactory. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Run (make schema/fs.go) to make the previous commit effective Fix duplicate "id" values in JSON schema LGTMs: @jonboulle @cyphar Closes opencontainers#750
Release v1.0.1
descriptor: fix link
Signed-off-by: Harald Nordgren <haraldnordgren@gmail.com>
Bump Go versions
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
Makefile: variable cleanup and creation LGTMs: @cyphar Closes opencontainers#755
Move "prefix" to out of the code backtick. Signed-off-by: Yusuke Nakamura <yusuke1994525@gmail.com>
Signed-off-by: Jimmy Zelinskie <jimmy.zelinskie+git@gmail.com>
Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
updating link to code of conduct in org repository LGTMs: @vbatts @cyphar Closes opencontainers#762
Signed-off-by: Vanessa Sochat <vsochat@stanford.edu>
fixing code of conduct link LGTMs: @vbatts @cyphar Closes opencontainers#765
Signed-off-by: xiekeyang <keyang.xie@gmail.com>
Advisory fix 2
Add ACR to Implementations
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
ensure main is tracking v1.0 releases
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
github: bring forward the versions of golang tested/built with
Closes opencontainers#810 Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
Remove unneeded docker pull of pandoc image
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
Signed-off-by: Stephen Day <stephen.day@getcruise.com>
Signed-off-by: Stephen Day <stephen.day@getcruise.com>
*: switch to golangci-lint
Minor spelling correction
Signed-off-by: Stephen Day <stephen.day@getcruise.com>
The OCI scope table no-longer exists. Fixes opencontainers#812 Signed-off-by: sanshirookazaki <sanshirookazaki@gmail.com>
README.md: Remove link to OCI scope table
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Brandon Mitchell (1): Handle multiple matching index entries LGTMs: vbatts jonjohnsonjr stevvooe cyphar Closes opencontainers#880
having seen opencontainers#895, it's worth ensuring these other languages are listed implementations Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
implementations||adopters: point to C and Rust libraries
Signed-off-by: Brandon Mitchell <git@bmitch.net>
Define the data field
Fixing charter link
Signed-off-by: Michael Brown <brownxmi@amazon.com>
schema: use Go's embed package instead of esc
Add mediaType fields into example manifest & image index JSON references
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
Author
|
@kevpar fyi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR updates our fork of image-spec with the commits from upstream so that we can vendor it into our containerd fork at fork/release/1.6. This is necessary because we currently rely on the
ArgsEscapedfield temporarily added in this fork, but containerd 1.6 relies on code in image-spec that's more up to date than this fork.Once opencontainers#892 is merged in upstream, we can remove the need for this fork entirely. Since we don't know when that will happen, updating this fork to use in the meantime.