Merge branch 'main' into e47fdependabot/go_modules/github.com/contain…

…erd/containerd-1.7.11

.github/workflows/buildcomponents.yaml

@@ -60,7 +60,7 @@ jobs:
           make ctf
 
       - name: Upload OCM Archive
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: ocm.ctf
           path: gen/ctf

.github/workflows/release.yaml

@@ -143,7 +143,7 @@ jobs:
       uses: anchore/sbom-action/download-syft@5ecf649a417b8ae17dc8383dc32d46c03f2312df # v0.15.1
 
     - name: Setup Cosign
-      uses: sigstore/cosign-installer@v3.2.0
+      uses: sigstore/cosign-installer@v3.3.0
 
     - name: Setup git config
       run: |

cmds/ocm/commands/ocmcmds/components/sign/cmd_test.go

@@ -30,6 +30,7 @@ import (
 	"github.com/open-component-model/ocm/pkg/signing/signutils"
 )
 
+const COMPARCH = "/tmp/ca"
 const ARCH = "/tmp/ctf"
 const ARCH2 = "/tmp/ctf2"
 const PROVIDER = "mandelsoft"
@@ -239,15 +240,48 @@ Error: signing: github.com/mandelsoft/ref:v1: failed resolving component referen
 			buf := bytes.NewBuffer(nil)
 			Expect(env.CatchErrorOutput(buf).Execute("sign", "components", "-s", SIGNATURE, "-K", PRIVKEY, "--repo", ARCH, COMPONENTB+":"+VERSION)).To(HaveOccurred())
 			Expect(buf.String()).To(StringEqualTrimmedWithContext(`
-Error: signing: github.com/mandelsoft/ref:v1: failed resolving component reference ref[github.com/mandelsoft/test:v1]: component "github.com/mandelsoft/test" not found in ComponentArchive
+Error: signing: github.com/mandelsoft/ref:v1: failed resolving component reference ref[github.com/mandelsoft/test:v1]: ocm reference "github.com/mandelsoft/test:v1" not found
 `))
 		})
 
 		It("sign archive", func() {
 			buf := bytes.NewBuffer(nil)
 			Expect(env.CatchErrorOutput(buf).Execute("sign", "components", "-s", SIGNATURE, "-K", PRIVKEY, ARCH)).To(HaveOccurred())
 			Expect(buf.String()).To(StringEqualTrimmedWithContext(`
-Error: signing: github.com/mandelsoft/ref:v1: failed resolving component reference ref[github.com/mandelsoft/test:v1]: component "github.com/mandelsoft/test" not found in ComponentArchive
+Error: signing: github.com/mandelsoft/ref:v1: failed resolving component reference ref[github.com/mandelsoft/test:v1]: ocm reference "github.com/mandelsoft/test:v1" not found
+`))
+		})
+	})
+
+	Context("component archive", func() {
+		BeforeEach(func() {
+			env.OCMCommonTransport(ARCH, accessio.FormatDirectory, func() {
+				env.Component(COMPONENTA, func() {
+					env.Version(VERSION, func() {
+						env.Provider(PROVIDER)
+						env.Resource("testdata", "", "PlainText", metav1.LocalRelation, func() {
+							env.BlobStringData(mime.MIME_TEXT, "testdata")
+						})
+					})
+				})
+			})
+
+			env.ComponentArchive(COMPARCH, accessio.FormatDirectory, COMPONENTB, VERSION, func() {
+				env.Reference("ref", COMPONENTA, VERSION)
+			})
+		})
+
+		It("signs comp arch with lookup", func() {
+			buf := bytes.NewBuffer(nil)
+
+			MustBeSuccessful(env.CatchOutput(buf).Execute("sign", "components", "-s", SIGNATURE, "-K", PRIVKEY, "--lookup", ARCH, "--repo", COMPARCH))
+			Expect(buf.String()).To(StringEqualTrimmedWithContext(`
+applying to version "github.com/mandelsoft/ref:v1"[github.com/mandelsoft/ref:v1]...
+  no digest found for "github.com/mandelsoft/test:v1"
+  applying to version "github.com/mandelsoft/test:v1"[github.com/mandelsoft/ref:v1]...
+    resource 0:  "name"="testdata": digest SHA-256:810ff2fb242a5dee4220f2cb0e6a519891fb67f2f828a6cab4ef8894633b1f50[genericBlobDigest/v1]
+  reference 0:  github.com/mandelsoft/test:v1: digest SHA-256:5923de2b3b68e904eecb58eca91727926b36623623555025dc5a8700edfa9daa[jsonNormalisation/v1]
+successfully signed github.com/mandelsoft/ref:v1 (digest SHA-256:3d1bf98adce06320809393473bed3aaaccf8696418bd1ef5b4d35fa632082d05)
 `))
 		})
 	})

docs/reference/ocm.md

@@ -45,7 +45,7 @@ The command accepts some top level options, they can only be given before the su
 
 With the option <code>--cred</code> it is possible to specify arbitrary credentials
 for various environments on the command line. Nevertheless it is always preferrable
-to use the CLI [config file](./ocm_configfile.md).
+to use the cli config file.
 Every credential setting is related to a dedicated consumer and provides a set of
 credential attributes. All this can be specified by a sequence of <code>--cred</code>
 options.
@@ -198,7 +198,7 @@ The value can be a simple type or a JSON/YAML string for complex values
   Note that the host name part of the transfer target <code>ghcr.io/acme</code> is excluded from the
   prefix but the path <code>acme</code> is considered.
 
-  The same using a [config file](./ocm_configfile.md) <code>.ocmconfig</code>:
+  The same using a config file <code>.ocmconfig</code>:
   <pre>
   type: generic.config.ocm.software/v1
   configurations:
@@ -303,7 +303,9 @@ start with the prefix <code>!</code> or as direct string with the prefix
 With <code>--issuer</code> it is possible to declare expected issuer
 constraints for public key certificates provided as part of a signature
 required to accept the provisioned public key (besides the successful
-validation of the certificate).
+validation of the certificate). By default, the issuer constraint is
+derived from the signature name. If it is not a formal distinguished name,
+it is assumed to be a plain common name.
 
 With <code>--ca-cert</code> it is possible to define additional root
 certificates for signature verification, if public keys are provided
@@ -339,7 +341,6 @@ by a certificate delivered with the signature.
 
 * [ocm <b>cache</b>](ocm_cache.md)	 &mdash; Cache related commands
 * [ocm <b>credentials</b>](ocm_credentials.md)	 &mdash; Commands acting on credentials
-* [ocm <b>hash</b>](ocm_hash.md)	 &mdash; Commands acting on hashes
 * [ocm <b>oci</b>](ocm_oci.md)	 &mdash; Dedicated command flavors for the OCI layer
 * [ocm <b>ocm</b>](ocm_ocm.md)	 &mdash; Dedicated command flavors for the Open Component Model
 * [ocm <b>toi</b>](ocm_toi.md)	 &mdash; Dedicated command flavors for the TOI layer

docs/reference/ocm_add_resource-configuration.md

@@ -288,7 +288,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*
@@ -387,7 +387,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*

docs/reference/ocm_add_resources.md

@@ -298,7 +298,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*
@@ -397,7 +397,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*

docs/reference/ocm_add_source-configuration.md

@@ -288,7 +288,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*
@@ -387,7 +387,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*

docs/reference/ocm_add_sources.md

@@ -295,7 +295,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*
@@ -394,7 +394,7 @@ with the field <code>type</code> in the <code>input</code> field:
   This blob type specification supports the following fields:
   - **<code>path</code>** *string*
 
-    This REQUIRED property describes the file path to the helm chart relative to the
+    This REQUIRED property describes the path to the file relative to the
     resource file location.
 
   - **<code>mediaType</code>** *string*

docs/reference/ocm_configfile.md

@@ -3,7 +3,7 @@
 ### Description
 
 
-The command line client supports configuration using a configuration file.
+The command line client supports configuring by a given configuration file.
 If existent, by default, the file <code>$HOME/.ocmconfig</code> will be read.
 Using the option <code>--config</code> an alternative file can be specified.
 
@@ -305,9 +305,7 @@ The following configuration types are supported:
 
 ### Examples
 
-Pointing to an existing Docker config json:
-
-```yaml
+```
 type: generic.config.ocm.software/v1
 configurations:
   - type: credentials.config.ocm.software
@@ -326,49 +324,6 @@ configurations:
 #           process: true
 ```
 
-Pointing to an existing Docker config json and configure two additional consumers
-for a Github repository and a Helm chart repository. Caching for OCM component versions is switched on.
-A key pair for signing / verifiying OCM component versions has been configured, too.
-
-```yaml
-type: generic.config.ocm.software/v1
-configurations:
-  - type: credentials.config.ocm.software
-    consumers:
-      - identity:
-          type: HelmChartRepository
-          hostname: my.repository.mycomp.com
-          pathprefix: artifactory/myhelm-repo
-          port: "443"
-        credentials:
-          - type: Credentials
-            properties:
-              username: myuser
-              password: 8eYwL5Ru44L6ZySyLUcyP
-      - identity:
-          type: Github
-          hostname: github.com
-        credentials:
-          - type: Credentials
-            properties:
-              token: ghp_QRP489abcd1234A9q3x17a8BlD42kabv65
-    repositories:
-      - repository:
-          type: DockerConfig/v1
-          dockerConfigFile: ~/.docker/config.json
-          propagateConsumerIdentity: true
-  - type: attributes.config.ocm.software
-    attributes:
-      cache: ~/.ocm/cache
-  - type: keys.config.ocm.software
-    privateKeys:
-      sap.com:
-        path: /Users/myuser/.ocm/keys/mycomp.com.key
-    publicKeys:
-      sap.com:
-        path: /Users/myuser/.ocm/keys/mycomp.com.pub
-```
-
 ### SEE ALSO
 
 ##### Parents

docs/reference/ocm_hash.md

@@ -1,4 +1,4 @@
-## ocm hash — Commands Acting On Hashes
+## ocm hash — Hash And Normalization Operations
 
 ### Synopsis
 
@@ -21,5 +21,5 @@ ocm hash [<options>] <sub command> ...
 
 ##### Sub Commands
 
-* ocm hash <b>sign</b>	 &mdash; sign hash
+* [ocm hash <b>componentversions</b>](ocm_hash_componentversions.md)	 &mdash; hash component version
 

go.mod

@@ -19,7 +19,7 @@ require (
 	github.com/spf13/cobra v1.8.0
 	github.com/xeipuuv/gojsonschema v1.2.0
 	golang.org/x/net v0.17.0
-	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
 	k8s.io/apimachinery v0.28.4
 	sigs.k8s.io/yaml v1.4.0
 )
@@ -67,7 +67,7 @@ require (
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
 	golang.org/x/oauth2 v0.13.0
-	golang.org/x/text v0.13.0
+	golang.org/x/text v0.14.0
 	google.golang.org/api v0.149.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.12.2
@@ -337,10 +337,10 @@ require (
 	go.uber.org/zap v1.26.0 // indirect
 	go4.org/intern v0.0.0-20230525184215-6c62f75575cb // indirect
 	go4.org/unsafe/assume-no-moving-gc v0.0.0-20230525183740-e7c30c78aeb2 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/mod v0.13.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/term v0.15.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect

go.sum

@@ -2503,8 +2503,9 @@ golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -2839,8 +2840,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -2854,8 +2856,9 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
 golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -2873,8 +2876,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

pkg/common/accessobj/accessstate.go

@@ -311,7 +311,7 @@ func (f *fileBasedAccess) Get() (blobaccess.BlobAccess, error) {
 		return nil, err
 	}
 	if !ok {
-		return nil, errors.ErrNotFoundWrap(vfs.ErrNotExist, "file", f.path)
+		return nil, errors.ErrNotFoundWrap(vfs.ErrNotExist, "file", f.path, f.filesystem.Name())
 	}
 	return blobaccess.ForFile(f.mimeType, f.path, f.filesystem), nil
 }

pkg/common/accessobj/check.go

@@ -40,6 +40,7 @@ func CheckFile(kind string, createHint string, forcedType bool, path string, fs
 			return mapErr(forcedType, err)
 		}
 		defer file.Close()
+		forcedType = false
 		r, _, err := compression.AutoDecompress(file)
 		if err != nil {
 			return mapErr(forcedType, err)
@@ -63,6 +64,12 @@ func CheckFile(kind string, createHint string, forcedType bool, path string, fs
 			}
 		}
 	} else {
+		if forcedType {
+			entries, err := vfs.ReadDir(fs, path)
+			if err == nil && len(entries) > 0 {
+				forcedType = false
+			}
+		}
 		if ok, err := vfs.FileExists(fs, filepath.Join(path, descriptorname)); !ok || err != nil {
 			if err != nil {
 				return mapErr(forcedType, err)