Merge branch 'main' into dependabot/go_modules/github.com/sigstore/co…

…sign/v2-2.2.4
open-component-model · Apr 18, 2024 · 4a33476 · 4a33476
2 parents a722e13 + 7d613d8
commit 4a33476
Show file tree

Hide file tree

Showing 34 changed files with 1,014 additions and 73 deletions.
diff --git a/.github/workflows/push_ocm.yaml b/.github/workflows/push_ocm.yaml
@@ -55,7 +55,7 @@ jobs:
           key: ${{ runner.os }}-go-build-cache-${{ hashFiles('**/go.sum') }}
 
       - name: inject go-build-cache into docker
-        uses: reproducible-containers/buildkit-cache-dance@v2
+        uses: reproducible-containers/buildkit-cache-dance@v3
         with:
           cache-source: go-build-cache
 

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -143,7 +143,7 @@ jobs:
       uses: anchore/sbom-action/download-syft@ab5d7b5f48981941c4c5d6bf33aeb98fe3bae38c # v0.15.10
 
     - name: Setup Cosign
-      uses: sigstore/cosign-installer@v3.4.0
+      uses: sigstore/cosign-installer@v3.5.0
 
     - name: Setup git config
       run: |

diff --git a/cmds/ocm/app/app.go b/cmds/ocm/app/app.go
@@ -45,6 +45,7 @@ import (
 	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/get"
 	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/hash"
 	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/install"
+	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/list"
 	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/show"
 	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/sign"
 	"github.com/open-component-model/ocm/cmds/ocm/commands/verbs/transfer"
@@ -234,6 +235,7 @@ func newCliCommand(opts *CLIOptions, mod ...func(clictx.Context, *cobra.Command)
 
 	cmd.AddCommand(check.NewCommand(opts.Context))
 	cmd.AddCommand(get.NewCommand(opts.Context))
+	cmd.AddCommand(list.NewCommand(opts.Context))
 	cmd.AddCommand(create.NewCommand(opts.Context))
 	cmd.AddCommand(add.NewCommand(opts.Context))
 	cmd.AddCommand(sign.NewCommand(opts.Context))

diff --git a/cmds/ocm/commands/common/options/keyoption/option.go b/cmds/ocm/commands/common/options/keyoption/option.go
@@ -47,7 +47,7 @@ func (o *Option) AddFlags(fs *pflag.FlagSet) {
 	fs.StringArrayVarP(&o.publicKeys, "public-key", "k", nil, "public key setting")
 	fs.StringArrayVarP(&o.privateKeys, "private-key", "K", nil, "private key setting")
 	fs.StringArrayVarP(&o.issuers, "issuer", "I", nil, "issuer name or distinguished name (DN) (optionally for dedicated signature) ([<name>:=]<dn>")
-	fs.StringArrayVarP(&o.rootCAs, "ca-cert", "", nil, "additional root certificate authorities")
+	fs.StringArrayVarP(&o.rootCAs, "ca-cert", "", nil, "additional root certificate authorities (for signing certificates)")
 }
 
 func (o *Option) Configure(ctx clictx.Context) error {

diff --git a/cmds/ocm/commands/misccmds/hash/sign/cmd.go b/cmds/ocm/commands/misccmds/hash/sign/cmd.go
@@ -5,6 +5,7 @@
 package sign
 
 import (
+	"crypto/x509"
 	"crypto/x509/pkix"
 	"fmt"
 	"strings"
@@ -36,6 +37,7 @@ type Command struct {
 
 	pubFile  string
 	rootFile string
+	rootCAs  []string
 
 	stype string
 	priv  signutils.GenericPrivateKey
@@ -72,7 +74,9 @@ $ ocm sign hash key.priv SHA-256:810ff2fb242a5dee4220f2cb0e6a519891fb67f2f828a6c
 func (o *Command) AddFlags(set *pflag.FlagSet) {
 	set.StringVarP(&o.stype, "algorithm", "S", rsa.Algorithm, "signature algorithm")
 	set.StringVarP(&o.pubFile, "publicKey", "", "", "public key certificate file")
-	set.StringVarP(&o.rootFile, "rootCerts", "", "", "root certificates file")
+	set.StringVarP(&o.rootFile, "rootCerts", "", "", "root certificates file (deprecated)")
+	set.StringArrayVarP(&o.rootCAs, "ca-cert", "", nil, "additional root certificate authorities (for signing certificates)")
+
 }
 
 func (o *Command) Complete(args []string) error {
@@ -109,6 +113,28 @@ func (o *Command) Complete(args []string) error {
 		}
 	}
 
+	if len(o.rootCAs) > 0 {
+		var list []*x509.Certificate
+		for _, r := range o.rootCAs {
+			data, err := utils2.ReadFile(r, o.FileSystem())
+			if err != nil {
+				return errors.Wrapf(err, "root CA")
+			}
+			certs, err := signutils.GetCertificateChain(data, false)
+			if err != nil {
+				return errors.Wrapf(err, "root CA")
+			}
+			list = append(list, certs...)
+		}
+		if o.roots != nil {
+			for _, c := range list {
+				o.roots.(*x509.CertPool).AddCert(c)
+			}
+		} else {
+			o.roots = list
+		}
+	}
+
 	o.priv, err = utils2.ReadFile(args[0], o.FileSystem())
 	if err != nil {
 		return err

diff --git a/cmds/ocm/commands/ocmcmds/common/addhdlrs/rscs/elements.go b/cmds/ocm/commands/ocmcmds/common/addhdlrs/rscs/elements.go
@@ -166,16 +166,5 @@ func (r *ResourceSpec) Validate(ctx clictx.Context, input *addhdlrs.ResourceInpu
 	if err := compdescv2.ValidateResource(fldPath, rsc, false); err != nil {
 		allErrs = append(allErrs, err...)
 	}
-
-	if input.Access != nil {
-		if r.Relation == metav1.LocalRelation {
-			allErrs = append(allErrs, field.Forbidden(fldPath.Child("relation"), "access requires external relation"))
-		}
-	}
-	if input.Input != nil {
-		if r.Relation != metav1.LocalRelation {
-			allErrs = append(allErrs, field.Forbidden(fldPath.Child("relation"), "input requires local relation"))
-		}
-	}
 	return allErrs.ToAggregate()
 }
diff --git a/cmds/ocm/commands/ocmcmds/common/handlers/comphdlr/sort.go b/cmds/ocm/commands/ocmcmds/common/handlers/comphdlr/sort.go
@@ -8,6 +8,7 @@ import (
 	"strings"
 
 	"github.com/open-component-model/ocm/cmds/ocm/pkg/processing"
+	"github.com/open-component-model/ocm/pkg/semverutils"
 )
 
 func Compare(a, b interface{}) int {
@@ -18,7 +19,7 @@ func Compare(a, b interface{}) int {
 	if c != 0 {
 		return c
 	}
-	return strings.Compare(aa.ComponentVersion.GetVersion(), ab.ComponentVersion.GetVersion())
+	return semverutils.Compare(aa.ComponentVersion.GetVersion(), ab.ComponentVersion.GetVersion())
 }
 
 // Sort is a processing chain sorting original objects provided by type handler.

diff --git a/cmds/ocm/commands/ocmcmds/common/handlers/vershdlr/options.go b/cmds/ocm/commands/ocmcmds/common/handlers/vershdlr/options.go
@@ -0,0 +1,99 @@
+// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package vershdlr
+
+import (
+	"github.com/Masterminds/semver/v3"
+
+	"github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/options/lookupoption"
+	"github.com/open-component-model/ocm/cmds/ocm/commands/ocmcmds/common/options/versionconstraintsoption"
+	"github.com/open-component-model/ocm/cmds/ocm/pkg/options"
+	"github.com/open-component-model/ocm/pkg/contexts/ocm"
+	"github.com/open-component-model/ocm/pkg/utils"
+)
+
+type Option interface {
+	ApplyToHandler(handler *TypeHandler)
+}
+
+type Options []Option
+
+func (o Options) ApplyToHandler(handler *TypeHandler) {
+	for _, e := range o {
+		e.ApplyToHandler(handler)
+	}
+}
+
+func OptionsFor(o options.OptionSetProvider) Options {
+	var hopts []Option
+	if constr := versionconstraintsoption.From(o); constr != nil {
+		if len(constr.Constraints) > 0 {
+			hopts = append(hopts, WithVersionConstraints(constr.Constraints))
+		}
+		if constr.Latest {
+			hopts = append(hopts, LatestOnly())
+		}
+	}
+	if lookup := lookupoption.From(o); lookup != nil {
+		hopts = append(hopts, Resolver(lookup))
+	}
+	return hopts
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+type constraints struct {
+	constraints []*semver.Constraints
+}
+
+func (o constraints) ApplyToHandler(handler *TypeHandler) {
+	handler.constraints = o.constraints
+}
+
+func WithVersionConstraints(c []*semver.Constraints) Option {
+	return constraints{c}
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+type latestonly struct {
+	flag bool
+}
+
+func (o latestonly) ApplyToHandler(handler *TypeHandler) {
+	handler.latest = o.flag
+}
+
+func LatestOnly(b ...bool) Option {
+	return latestonly{utils.OptionalDefaultedBool(true, b...)}
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+type resolver struct {
+	resolver ocm.ComponentVersionResolver
+}
+
+func (o resolver) ApplyToHandler(handler *TypeHandler) {
+	handler.resolver = o.resolver
+}
+
+func Resolver(r ocm.ComponentVersionResolver) Option {
+	return resolver{r}
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+type repository struct {
+	repository ocm.Repository
+}
+
+func (o repository) ApplyToHandler(handler *TypeHandler) {
+	handler.repobase = o.repository
+}
+
+func Repository(r ocm.Repository) Option {
+	return repository{r}
+}
diff --git a/cmds/ocm/commands/ocmcmds/common/handlers/vershdlr/sort.go b/cmds/ocm/commands/ocmcmds/common/handlers/vershdlr/sort.go
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package vershdlr
+
+import (
+	"strings"
+
+	"github.com/open-component-model/ocm/cmds/ocm/pkg/processing"
+	"github.com/open-component-model/ocm/pkg/semverutils"
+)
+
+func Compare(a, b interface{}) int {
+	aa := a.(*Object)
+	ab := b.(*Object)
+
+	c := strings.Compare(aa.Component, ab.Component)
+	if c != 0 {
+		return c
+	}
+	return semverutils.Compare(aa.Version, ab.Version)
+}
+
+// Sort is a processing chain sorting original objects provided by type handler.
+var Sort = processing.Sort(Compare)