Skip to content

Commit 8bc1069

Browse files
tonistiigitonistiigi
committed
policy: image signature verification support
Signed-off-by: Tonis Tiigi <[email protected]>
1 parent c9ffb47 commit 8bc1069

File tree

994 files changed

+168712
-28092
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

994 files changed

+168712
-28092
lines changed

build/opt.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -344,7 +344,8 @@ func toSolveOpt(ctx context.Context, node builder.Node, multiDriver bool, opt *O
344344
Log: func(msg string) {
345345
log.Printf("[policy] %s", msg)
346346
},
347-
FS: opt.Inputs.policy.FS,
347+
FS: opt.Inputs.policy.FS,
348+
Config: cfg,
348349
})
349350
so.SourcePolicyProvider = policysession.NewPolicyProvider(p.CheckPolicy)
350351
}

go.mod

Lines changed: 68 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
module github.com/docker/buildx
22

3-
go 1.24.6
3+
go 1.25.0
44

55
require (
66
github.com/Masterminds/semver/v3 v3.4.0
77
github.com/Microsoft/go-winio v0.6.2
8-
github.com/aws/aws-sdk-go-v2/config v1.31.3
8+
github.com/aws/aws-sdk-go-v2/config v1.31.20
99
github.com/compose-spec/compose-go/v2 v2.9.1
1010
github.com/containerd/console v1.0.5
1111
github.com/containerd/containerd/v2 v2.2.1-0.20251115011841-efd86f2b0bc2 // release/2.2 ; https://github.com/containerd/containerd/pull/12508
@@ -33,6 +33,7 @@ require (
3333
github.com/moby/go-archive v0.1.0
3434
github.com/moby/moby/api v1.52.0
3535
github.com/moby/moby/client v0.1.0
36+
github.com/moby/policy-helpers v0.0.0-20251202162112-319fbb92a1cc
3637
github.com/moby/sys/atomicwriter v0.1.0
3738
github.com/moby/sys/mountinfo v0.7.2
3839
github.com/morikuni/aec v1.0.0
@@ -59,12 +60,13 @@ require (
5960
go.opentelemetry.io/otel/sdk v1.38.0
6061
go.opentelemetry.io/otel/trace v1.38.0
6162
go.yaml.in/yaml/v3 v3.0.4
62-
golang.org/x/mod v0.29.0
63-
golang.org/x/sync v0.17.0
64-
golang.org/x/sys v0.37.0
65-
golang.org/x/term v0.35.0
66-
golang.org/x/text v0.29.0
67-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5
63+
golang.org/x/crypto v0.45.0
64+
golang.org/x/mod v0.30.0
65+
golang.org/x/sync v0.18.0
66+
golang.org/x/sys v0.38.0
67+
golang.org/x/term v0.37.0
68+
golang.org/x/text v0.31.0
69+
google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101
6870
google.golang.org/grpc v1.76.0
6971
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1
7072
google.golang.org/protobuf v1.36.10
@@ -80,19 +82,21 @@ require (
8082
github.com/agnivade/levenshtein v1.2.1 // indirect
8183
github.com/apparentlymart/go-cidr v1.0.1 // indirect
8284
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
83-
github.com/aws/aws-sdk-go-v2 v1.38.1 // indirect
84-
github.com/aws/aws-sdk-go-v2/credentials v1.18.7 // indirect
85-
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 // indirect
86-
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 // indirect
87-
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 // indirect
88-
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
89-
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect
90-
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 // indirect
91-
github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 // indirect
92-
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 // indirect
93-
github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 // indirect
94-
github.com/aws/smithy-go v1.22.5 // indirect
85+
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
86+
github.com/aws/aws-sdk-go-v2 v1.39.6 // indirect
87+
github.com/aws/aws-sdk-go-v2/credentials v1.18.24 // indirect
88+
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.13 // indirect
89+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.13 // indirect
90+
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.13 // indirect
91+
github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
92+
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.3 // indirect
93+
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.13 // indirect
94+
github.com/aws/aws-sdk-go-v2/service/sso v1.30.3 // indirect
95+
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.7 // indirect
96+
github.com/aws/aws-sdk-go-v2/service/sts v1.40.2 // indirect
97+
github.com/aws/smithy-go v1.23.2 // indirect
9598
github.com/beorn7/perks v1.0.1 // indirect
99+
github.com/blang/semver v3.5.1+incompatible // indirect
96100
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
97101
github.com/cespare/xxhash/v2 v2.3.0 // indirect
98102
github.com/cloudflare/circl v1.6.0 // indirect
@@ -101,8 +105,10 @@ require (
101105
github.com/containerd/ttrpc v1.2.7 // indirect
102106
github.com/containerd/typeurl/v2 v2.2.3 // indirect
103107
github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
108+
github.com/cyberphone/json-canonicalization v0.0.0-20241213102144-19d51d7fe467 // indirect
104109
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect
105-
github.com/docker/distribution v2.8.3+incompatible // indirect
110+
github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
111+
github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
106112
github.com/docker/docker-credential-helpers v0.9.4 // indirect
107113
github.com/docker/go-connections v0.6.0 // indirect
108114
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
@@ -112,24 +118,43 @@ require (
112118
github.com/go-ini/ini v1.67.0 // indirect
113119
github.com/go-logr/logr v1.4.3 // indirect
114120
github.com/go-logr/stdr v1.2.2 // indirect
115-
github.com/go-openapi/jsonpointer v0.21.0 // indirect
116-
github.com/go-openapi/jsonreference v0.20.2 // indirect
117-
github.com/go-openapi/swag v0.23.0 // indirect
121+
github.com/go-openapi/analysis v0.24.1 // indirect
122+
github.com/go-openapi/errors v0.22.4 // indirect
123+
github.com/go-openapi/jsonpointer v0.22.1 // indirect
124+
github.com/go-openapi/jsonreference v0.21.3 // indirect
125+
github.com/go-openapi/loads v0.23.2 // indirect
126+
github.com/go-openapi/runtime v0.29.2 // indirect
127+
github.com/go-openapi/spec v0.22.1 // indirect
128+
github.com/go-openapi/strfmt v0.25.0 // indirect
129+
github.com/go-openapi/swag v0.25.3 // indirect
130+
github.com/go-openapi/swag/cmdutils v0.25.3 // indirect
131+
github.com/go-openapi/swag/conv v0.25.3 // indirect
132+
github.com/go-openapi/swag/fileutils v0.25.3 // indirect
133+
github.com/go-openapi/swag/jsonname v0.25.3 // indirect
134+
github.com/go-openapi/swag/jsonutils v0.25.3 // indirect
135+
github.com/go-openapi/swag/loading v0.25.3 // indirect
136+
github.com/go-openapi/swag/mangling v0.25.3 // indirect
137+
github.com/go-openapi/swag/netutils v0.25.3 // indirect
138+
github.com/go-openapi/swag/stringutils v0.25.3 // indirect
139+
github.com/go-openapi/swag/typeutils v0.25.3 // indirect
140+
github.com/go-openapi/swag/yamlutils v0.25.3 // indirect
141+
github.com/go-openapi/validate v0.25.1 // indirect
118142
github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
119143
github.com/gobwas/glob v0.2.3 // indirect
120144
github.com/goccy/go-json v0.10.5 // indirect
121145
github.com/gogo/protobuf v1.3.2 // indirect
122146
github.com/golang/protobuf v1.5.4 // indirect
147+
github.com/google/certificate-transparency-go v1.3.2 // indirect
123148
github.com/google/gnostic-models v0.7.0 // indirect
124149
github.com/google/go-cmp v0.7.0 // indirect
125-
github.com/gorilla/mux v1.7.0 // indirect
150+
github.com/google/go-containerregistry v0.20.6 // indirect
126151
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
127-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
152+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 // indirect
128153
github.com/hashicorp/errwrap v1.1.0 // indirect
129154
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
130155
github.com/hiddeco/sshsig v0.2.0 // indirect
156+
github.com/in-toto/attestation v1.1.2 // indirect
131157
github.com/inconshreveable/mousetrap v1.1.0 // indirect
132-
github.com/josharian/intern v1.0.0 // indirect
133158
github.com/json-iterator/go v1.1.12 // indirect
134159
github.com/klauspost/compress v1.18.1 // indirect
135160
github.com/lestrrat-go/blackmagic v1.0.4 // indirect
@@ -140,7 +165,6 @@ require (
140165
github.com/lestrrat-go/jwx/v3 v3.0.11 // indirect
141166
github.com/lestrrat-go/option v1.0.1 // indirect
142167
github.com/lestrrat-go/option/v2 v2.0.0 // indirect
143-
github.com/mailru/easyjson v0.7.7 // indirect
144168
github.com/mattn/go-runewidth v0.0.16 // indirect
145169
github.com/mattn/go-shellwords v1.0.12 // indirect
146170
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
@@ -157,6 +181,7 @@ require (
157181
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
158182
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
159183
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
184+
github.com/oklog/ulid v1.3.1 // indirect
160185
github.com/pmezard/go-difflib v1.0.0 // indirect
161186
github.com/prometheus/client_golang v1.23.2 // indirect
162187
github.com/prometheus/client_model v0.6.2 // indirect
@@ -169,19 +194,29 @@ require (
169194
github.com/secure-systems-lab/go-securesystemslib v0.9.1 // indirect
170195
github.com/segmentio/asm v1.2.0 // indirect
171196
github.com/shibumi/go-pathspec v1.3.0 // indirect
197+
github.com/sigstore/protobuf-specs v0.5.0 // indirect
198+
github.com/sigstore/rekor v1.4.3 // indirect
199+
github.com/sigstore/rekor-tiles/v2 v2.0.1 // indirect
200+
github.com/sigstore/sigstore v1.10.0 // indirect
201+
github.com/sigstore/sigstore-go v1.1.4-0.20251124094504-b5fe07a5a7d7 // indirect
202+
github.com/sigstore/timestamp-authority/v2 v2.0.2 // indirect
172203
github.com/tchap/go-patricia/v2 v2.3.3 // indirect
204+
github.com/theupdateframework/go-tuf/v2 v2.3.0 // indirect
173205
github.com/tonistiigi/dchapes-mode v0.0.0-20250318174251-73d941a28323 // indirect
174206
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
175207
github.com/tonistiigi/vt100 v0.0.0-20240514184818-90bafcd6abab // indirect
208+
github.com/transparency-dev/formats v0.0.0-20251017110053-404c0d5b696c // indirect
209+
github.com/transparency-dev/merkle v0.0.2 // indirect
176210
github.com/valyala/fastjson v1.6.4 // indirect
177211
github.com/vektah/gqlparser/v2 v2.5.30 // indirect
178212
github.com/x448/float16 v0.8.4 // indirect
179213
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
180214
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
181215
github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
182216
github.com/yashtewari/glob-intersection v0.2.0 // indirect
217+
go.mongodb.org/mongo-driver v1.17.6 // indirect
183218
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
184-
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect
219+
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
185220
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.61.0 // indirect
186221
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0 // indirect
187222
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.38.0 // indirect
@@ -191,12 +226,11 @@ require (
191226
go.opentelemetry.io/otel/sdk/metric v1.38.0 // indirect
192227
go.opentelemetry.io/proto/otlp v1.7.1 // indirect
193228
go.yaml.in/yaml/v2 v2.4.2 // indirect
194-
golang.org/x/crypto v0.42.0 // indirect
195-
golang.org/x/net v0.44.0 // indirect
196-
golang.org/x/oauth2 v0.30.0 // indirect
229+
golang.org/x/net v0.47.0 // indirect
230+
golang.org/x/oauth2 v0.33.0 // indirect
197231
golang.org/x/time v0.14.0 // indirect
198-
golang.org/x/tools v0.37.0 // indirect
199-
google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect
232+
golang.org/x/tools v0.38.0 // indirect
233+
google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 // indirect
200234
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
201235
gopkg.in/inf.v0 v0.9.1 // indirect
202236
gopkg.in/yaml.v3 v3.0.1 // indirect

0 commit comments

Comments
 (0)