diff --git a/Makefile b/Makefile index a265d23e4..403f9a736 100644 --- a/Makefile +++ b/Makefile @@ -41,16 +41,16 @@ REGISTRY ?= "" ifneq (,$(findstring arm64,$(ARCH))) SUPPORTED_ARCH = true LIMA_ARCH = aarch64 - # From https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Cloud/aarch64/images/ - FINCH_OS_BASENAME ?= Fedora-Cloud-Base-39-1.5.aarch64-20240212173442.qcow2 - LIMA_URL ?= https://deps.runfinch.com/aarch64/lima-and-qemu.macos-aarch64.1707815767.tar.gz + # From https://dl.fedoraproject.org/pub/fedora/linux/releases/39/Cloud/aarch64/images/ + FINCH_OS_BASENAME ?= Fedora-Cloud-Base-39-1.5.aarch64-20240322230317.qcow2 + LIMA_URL ?= https://deps.runfinch.com/aarch64/lima-and-qemu.macos-aarch64.1711141590.tar.gz else ifneq (,$(findstring x86_64,$(ARCH))) SUPPORTED_ARCH = true LIMA_ARCH = x86_64 - # From https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Cloud/x86_64/images/ - FINCH_OS_BASENAME ?= Fedora-Cloud-Base-39-1.5.x86_64-20240212173527.qcow2 - LIMA_URL ?= https://deps.runfinch.com/x86-64/lima-and-qemu.macos-x86_64.1707815767.tar.gz - FINCH_ROOTFS_URL ?= https://deps.runfinch.com/common/x86-64/finch-rootfs-production-amd64-1707772837.tar.gz + # From https://dl.fedoraproject.org/pub/fedora/linux/releases/39/Cloud/x86_64/images/ + FINCH_OS_BASENAME ?= Fedora-Cloud-Base-39-1.5.x86_64-20240322192200.qcow2 + LIMA_URL ?= https://deps.runfinch.com/x86-64/lima-and-qemu.macos-x86_64.1711141590.tar.gz + FINCH_ROOTFS_URL ?= https://deps.runfinch.com/common/x86-64/finch-rootfs-production-amd64-1711139710.tar.gz FINCH_ROOTFS_BASENAME := $(notdir $(FINCH_ROOTFS_URL)) endif diff --git a/deps/finch-core b/deps/finch-core index 6f5456609..1deaace0f 160000 --- a/deps/finch-core +++ b/deps/finch-core @@ -1 +1 @@ -Subproject commit 6f5456609ab40741a979f6e86e0981baf7a1b706 +Subproject commit 1deaace0fd93bf38ad9012992bf7563c098f8c0f diff --git a/e2e/container/cosign_data/test-1.key b/e2e/container/cosign_data/test-1.key index 118e1fe95..e2768f573 100644 --- a/e2e/container/cosign_data/test-1.key +++ b/e2e/container/cosign_data/test-1.key @@ -1,11 +1,11 @@ ------BEGIN ENCRYPTED COSIGN PRIVATE KEY----- -eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6 -OCwicCI6MX0sInNhbHQiOiIvYW9saHRuZEZTSHZsQjBZSnBTOVI1VlcyOE5HUmox -VkJNL2VDZWlvVEV3PSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94 -Iiwibm9uY2UiOiJGRGpKU1BTdnN4WmQ0N2orRlgvUjlPbVB0WlpkTVh4dyJ9LCJj -aXBoZXJ0ZXh0IjoibzlCOXJJbmZPNXZaeE9PMFBSdFdjYlNUQmxibXA5OVVWTnEv -ZFhJN0hzd09yZFpVeTA1MmdUT3AyVkFsSjk2aTNFZitiY095QlU1MWt1UDd2R2gy -U1ljU2VkbWQvejEzM3owNUovZytjUll3bHRuNkowOTgwZ0xUR1NKdWxobFNIYWpC -Q25LS1RmY2tIb0dUU0dsZkU1aFk1UFdyRGlQTmc3VVA4bk1lc2JCWlRPMnFjaUdE -bTI0a21ON1RIOEljRlJ4T3Y1NkFNWm1tTUE9PSJ9 ------END ENCRYPTED COSIGN PRIVATE KEY----- +-----BEGIN ENCRYPTED SIGSTORE PRIVATE KEY----- +eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjo2NTUzNiwiciI6 +OCwicCI6MX0sInNhbHQiOiJtaGFxWTNwdEdoWlV2VE9ESXZQaGFxeEhPdmJrRmdt +Vk9RUk5DQ0Y2ckVJPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94 +Iiwibm9uY2UiOiJkenVqeFRZdldkNjJ2em9OUU12MDRvQkk3M24yMHlmTiJ9LCJj +aXBoZXJ0ZXh0IjoiN1ZPMC9VNVhqT1VTdnNTeHZwYi9TOGFGSGlFWFo1bGdwQlZr +dGxKSHdsTjNZdnZJM29CK3p2d3hTbElSRDRVOGlhVHBhL3Q5TlFhSVRHdFVrWUo3 +NGtFMm5rZ2FEZFV3QjJ2WDM1RG1JaXB2VGx6TFZ6cmVBcVR5QkNUQkZnMzVPL294 +RWJrT2dzSVFrUkRLQmlNWlgzT1BxMUZlNUM1cS95QVZaUzZVQThLUDJNSkNDVnFn +WUoxay9kZlRFU0JyOC9iWkM4MEl6WU9QL2c9PSJ9 +-----END ENCRYPTED SIGSTORE PRIVATE KEY----- \ No newline at end of file diff --git a/e2e/container/cosign_data/test-1.pub b/e2e/container/cosign_data/test-1.pub index 598bfa34c..1d18a5fd6 100644 --- a/e2e/container/cosign_data/test-1.pub +++ b/e2e/container/cosign_data/test-1.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfkODzHTFabSz0T+X758IqIB6pi3u -Km4JQCcEDFv94s6J4msvNOhmiAv3PQ/b9dutQ7QODWJAdm3cp6CMd87e1w== ------END PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEI+bq1hlp3SRyGIuCwOVpvAEOMdNu +OVAucydf203gS17N+YtLGYQb8Q1GAPjz3B+pg7emaRSlndB44D8Bwe9zBg== +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/e2e/container/cosign_data/test-2.key b/e2e/container/cosign_data/test-2.key index e4e97c381..a23c84760 100644 --- a/e2e/container/cosign_data/test-2.key +++ b/e2e/container/cosign_data/test-2.key @@ -1,11 +1,11 @@ ------BEGIN ENCRYPTED COSIGN PRIVATE KEY----- -eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjozMjc2OCwiciI6 -OCwicCI6MX0sInNhbHQiOiJiYlVrSzkzdmY2dEhIM1czNTJ1UWM2ajNidzduUjdW -cTdReHJaRVlJYXM4PSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94 -Iiwibm9uY2UiOiJBWlhuSThncGhjbzdFdDBVOGhzKy91Tk5OdFpyTWNBOSJ9LCJj -aXBoZXJ0ZXh0IjoiaVJsUG9IRlJnQmJTamc2NnhvTTM4dm0vNExwelJXeUlKZi8x -dFIraEJ3dHdRMTQwZjBsQlpHdHRRMXZYcEE4UktHK09vTnNUcFNUSGh6R2phd3VN -ZXNzaVdsWkxHVTVjSTU5UVZ4TW40bGI4ME5iNWF2NlA5ZjVYT2x2aHhXbnMzUnpt -R091L0hCOHd1ZnBUUnBlQlZNLzZkZmFyV05ZbE92VzRYaWVvZXNEQ0hOV3JWbzFJ -WWdCbysxTEFYbzdYWkQ4cXNVWFdJd3ZONkE9PSJ9 ------END ENCRYPTED COSIGN PRIVATE KEY----- +-----BEGIN ENCRYPTED SIGSTORE PRIVATE KEY----- +eyJrZGYiOnsibmFtZSI6InNjcnlwdCIsInBhcmFtcyI6eyJOIjo2NTUzNiwiciI6 +OCwicCI6MX0sInNhbHQiOiJFaWV0cE5zeEV5U1dBeTJEeHIreGtsdVZiaDIvQWNi +dVd0WXg2aG1tU3QwPSJ9LCJjaXBoZXIiOnsibmFtZSI6Im5hY2wvc2VjcmV0Ym94 +Iiwibm9uY2UiOiJnVEJDa3I4VDVGNlQ2SGRzWWFqU09vWURJSU5LTTU0diJ9LCJj +aXBoZXJ0ZXh0IjoicHJ4NTJhVDQ3N3VNUmtIOEs2akVSRDd2RzBlMEZoNlBCcjVi +eC9tR3BHejg0QjIvbVA5bU0xQnJidTEzKzNha3doTjlhbFpPR0xvcmVpaXdRT0R2 +bXg2d1BDK2FRRGtNK2dXUkplM2JvbUtDTUkwZzZCZXJ6bVVIVHRKMVdpeTlLNGgx +TU11cWZteklHY1Q4bkw1Q01qSmZwdHIvRlpzNXpnM3YzeWpQSEQ3V1hENnAxUS9h +RVNUNEI0K2UwUFhyZDJBajAwWEUrUGwyNEE9PSJ9 +-----END ENCRYPTED SIGSTORE PRIVATE KEY----- diff --git a/e2e/container/cosign_data/test-2.pub b/e2e/container/cosign_data/test-2.pub index 49248d56c..025a156ed 100644 --- a/e2e/container/cosign_data/test-2.pub +++ b/e2e/container/cosign_data/test-2.pub @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERyYVqiPX1IGvTiAuJCZIOfPllOm/ -HTi7DaswFLwNXVOOC7FLP3L9YzQ0q24bFBqkSQqgWeycKsOOPCbF0nMLHQ== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJx6KpdJPBgARBVf4Fp778v1VWTnP +6jE7/XrpOCMkK4S+HA3s7kBOgqR/FQgybbl99eKfgNixBmLToBX/vbAzgg== -----END PUBLIC KEY----- diff --git a/e2e/container/cosign_test.go b/e2e/container/cosign_test.go index bf579c998..389d66ea3 100644 --- a/e2e/container/cosign_test.go +++ b/e2e/container/cosign_test.go @@ -76,10 +76,6 @@ var testCosign = func(o *option.Option) { tag).Err.Contents()).Should(gomega.ContainSubstring("no matching signatures")) gomega.Expect(command.RunWithoutSuccessfulExit(o, "run", "-d", "--verify=cosign", "--cosign-key=./cosign_data/test-2.pub", tag).Err.Contents()).Should(gomega.ContainSubstring("no matching signatures")) - gomega.Expect(command.RunWithoutSuccessfulExit(o, "pull", "--verify=cosign", "--cosign-key=./cosign_data/test-2.pub", - alpineImage).Err.Contents()).Should(gomega.ContainSubstring("no signatures found for image")) - gomega.Expect(command.RunWithoutSuccessfulExit(o, "run", "-d", "--verify=cosign", "--cosign-key=./cosign_data/test-2.pub", - alpineImage).Err.Contents()).Should(gomega.ContainSubstring("no signatures found for image")) }) }) } diff --git a/e2e/vm/version_test.go b/e2e/vm/version_test.go index 6edb74631..77fbab9df 100644 --- a/e2e/vm/version_test.go +++ b/e2e/vm/version_test.go @@ -17,9 +17,9 @@ import ( ) const ( - nerdctlVersion = "v1.7.3" + nerdctlVersion = "v1.7.5" buildKitVersion = "v0.12.5" - containerdVersion = "v1.7.13" + containerdVersion = "v1.7.14" runcVersion = "1.1.12" ) diff --git a/go.mod b/go.mod index 8221c4cf9..d72740223 100644 --- a/go.mod +++ b/go.mod @@ -9,11 +9,11 @@ require ( github.com/golang/mock v1.6.0 github.com/google/go-licenses v1.6.1-0.20230903011517-706b9c60edd4 github.com/lima-vm/lima v0.21.0 - github.com/onsi/ginkgo/v2 v2.16.0 + github.com/onsi/ginkgo/v2 v2.17.1 github.com/onsi/gomega v1.32.0 github.com/pelletier/go-toml v1.9.5 github.com/pkg/sftp v1.13.6 - github.com/runfinch/common-tests v0.7.15 + github.com/runfinch/common-tests v0.7.18 github.com/shirou/gopsutil/v3 v3.24.2 github.com/sirupsen/logrus v1.9.3 github.com/spf13/afero v1.11.0 diff --git a/go.sum b/go.sum index 562d4fc31..fcf526055 100644 --- a/go.sum +++ b/go.sum @@ -126,8 +126,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 h1:zYyBkD/k9seD2A7fsi6Oo2LfFZAehjjQMERAvZLEDnQ= github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8= -github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= -github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -154,8 +154,8 @@ github.com/power-devops/perfstat v0.0.0-20221212215047-62379fc7944b/go.mod h1:Om github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/runfinch/common-tests v0.7.15 h1:gLYjCyYen0n0mImAefQaPxG+ARaLujQVIX7LiF9RycI= -github.com/runfinch/common-tests v0.7.15/go.mod h1:4JVWZRyjSQ5+X9DRP4tg/Uvxi80AK8pOoe0qrBDi4y4= +github.com/runfinch/common-tests v0.7.18 h1:BBlnV9qztZwHViPQ2wmJl7L8jJaWQiqrn2NSGBpa8C0= +github.com/runfinch/common-tests v0.7.18/go.mod h1:Gp3zzIUg1B0gM8TpiAlPxZpbyZneKyRFyBJ6PLODrOQ= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= diff --git a/pkg/config/lima_config_applier.go b/pkg/config/lima_config_applier.go index cd4991ee7..4459acfb8 100644 --- a/pkg/config/lima_config_applier.go +++ b/pkg/config/lima_config_applier.go @@ -18,7 +18,7 @@ import ( ) const ( - sociVersion = "0.4.0" + sociVersion = "0.5.0" snapshotterProvisioningScriptHeader = "# snapshotter provisioning script" sociInstallationProvisioningScriptHeader = snapshotterProvisioningScriptHeader + ": soci" sociFileNameFormat = "soci-snapshotter-%s-linux-%s.tar.gz" @@ -31,7 +31,7 @@ if [ ! -f /usr/local/bin/soci ]; then set -e curl --retry 2 --retry-max-time 120 -OL "%s" # move to usr/local/bin - tar -C /usr/local/bin -xvf %s soci soci-snapshotter-grpc + tar -C /usr/local/bin -xvf %s ./soci ./soci-snapshotter-grpc # install as a systemd service curl --retry 2 --retry-max-time 120 -OL "%s"