diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/changelog golang-github-opencontainers-image-spec-1.0.1/debian/changelog --- golang-github-opencontainers-image-spec-1.0.1/debian/changelog 2019-11-03 15:24:00.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/changelog 2020-03-22 16:16:35.000000000 +0000 @@ -1,3 +1,19 @@ +golang-github-opencontainers-image-spec (1.0.1-4) unstable; urgency=medium + + * Team upload. + * Drop unused golang-github-spf13-cobra-dev from Depends + * Drop unused golang-github-opencontainers-specs-dev from Depends + * Update Standards-Version to 4.5.0 (no changes) + * Update maintainer address to team+pkg-go@tracker.debian.org + * Switch to debhelper-compat format + * Drop unused go-md2man from Build-Depends + * Remove unused Files-Excluded field in d/copyright + * Remove unused comments in d/rules + * Add Rules-Requires-Root + * Backport upstream patch to build with new gojsonschema + + -- Shengjing Zhu Mon, 23 Mar 2020 00:16:35 +0800 + golang-github-opencontainers-image-spec (1.0.1-3) unstable; urgency=medium * Priority: optional; Standards-Version: 4.4.1. diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/compat golang-github-opencontainers-image-spec-1.0.1/debian/compat --- golang-github-opencontainers-image-spec-1.0.1/debian/compat 2019-11-03 12:55:14.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -12 diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/control golang-github-opencontainers-image-spec-1.0.1/debian/control --- golang-github-opencontainers-image-spec-1.0.1/debian/control 2019-11-03 12:56:52.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/control 2020-03-22 16:16:35.000000000 +0000 @@ -1,35 +1,32 @@ Source: golang-github-opencontainers-image-spec Section: devel Priority: optional -Standards-Version: 4.4.1 -Maintainer: Debian Go Packaging Team +Standards-Version: 4.5.0 +Maintainer: Debian Go Packaging Team Uploaders: Dmitry Smirnov , - Michael Stapelberg -Build-Depends: debhelper (>= 12~) - ,dh-golang - ,golang-any - ,golang-github-pkg-errors-dev - ,golang-github-opencontainers-specs-dev - ,golang-github-spf13-cobra-dev - ,golang-github-xeipuuv-gojsonschema-dev (>= 0.0~git20161105~) - ,golang-github-opencontainers-go-digest-dev - ,golang-go4-dev - ,go-md2man + Michael Stapelberg , +Build-Depends: debhelper-compat (= 12), + dh-golang, + golang-any, + golang-github-opencontainers-go-digest-dev, + golang-github-pkg-errors-dev, + golang-github-xeipuuv-gojsonschema-dev (>= 1.2.0~), + golang-go4-dev, Homepage: https://github.com/opencontainers/image-spec Vcs-Browser: https://salsa.debian.org/go-team/packages/golang-github-opencontainers-image-spec Vcs-Git: https://salsa.debian.org/go-team/packages/golang-github-opencontainers-image-spec.git XS-Go-Import-Path: github.com/opencontainers/image-spec +Rules-Requires-Root: no Testsuite: autopkgtest-pkg-go Package: golang-github-opencontainers-image-spec-dev Architecture: all -Depends: ${shlibs:Depends}, ${misc:Depends} - ,golang-github-pkg-errors-dev - ,golang-github-opencontainers-specs-dev - ,golang-github-spf13-cobra-dev - ,golang-github-xeipuuv-gojsonschema-dev (>= 0.0~git20161105~) - ,golang-github-opencontainers-go-digest-dev - ,golang-go4-dev +Depends: golang-github-opencontainers-go-digest-dev, + golang-github-pkg-errors-dev, + golang-github-xeipuuv-gojsonschema-dev (>= 1.2.0~), + golang-go4-dev, + ${misc:Depends}, + ${shlibs:Depends}, Description: Open Container Initiative (OCI) Image Format Specification The OCI Image Format project creates and maintains the software shipping container image format spec (OCI Image Format). The goal of this diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/copyright golang-github-opencontainers-image-spec-1.0.1/debian/copyright --- golang-github-opencontainers-image-spec-1.0.1/debian/copyright 2018-05-05 17:20:17.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/copyright 2020-03-22 16:16:35.000000000 +0000 @@ -1,18 +1,6 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: image-spec Source: https://github.com/opencontainers/image-spec -Files-Excluded: - vendor/github.com/inconshreveable/mousetrap - vendor/github.com/opencontainers/runtime-spec - vendor/github.com/pkg/errors - vendor/github.com/russross/blackfriday - vendor/github.com/shurcooL/sanitized_anchor_name - vendor/github.com/spf13/cobra - vendor/github.com/spf13/pflag - vendor/github.com/xeipuuv/gojsonpointer - vendor/github.com/xeipuuv/gojsonreference - vendor/github.com/xeipuuv/gojsonschema - vendor/go4.org/errorutil Files: * Copyright: diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/gbp.conf golang-github-opencontainers-image-spec-1.0.1/debian/gbp.conf --- golang-github-opencontainers-image-spec-1.0.1/debian/gbp.conf 2018-05-05 17:20:17.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/gbp.conf 2020-03-22 16:16:35.000000000 +0000 @@ -1,7 +1,6 @@ [buildpackage] overlay = True export-dir = ../build-area/ -tarball-dir = ../ [dch] id-length = 0 diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-739.patch golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-739.patch --- golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-739.patch 1970-01-01 00:00:00.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-739.patch 2020-03-22 16:16:35.000000000 +0000 @@ -0,0 +1,466 @@ +From f2b70790248828eef9feda9fe156d840b76c0a50 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= +Date: Tue, 9 Jan 2018 16:54:34 +0100 +Subject: [PATCH 1/2] Rebuild schema/fs.go. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This only commits the result of (make schema-fs) and is otherwise +unrelated to the rest of the PR. + +Signed-off-by: Miloslav Trmač +--- + schema/fs.go | 74 +++++++++++++++++++++++++++------------------------- + 1 file changed, 38 insertions(+), 36 deletions(-) + +diff --git a/schema/fs.go b/schema/fs.go +index f83391b7..b18f7656 100644 +--- a/schema/fs.go ++++ b/schema/fs.go +@@ -12,6 +12,8 @@ + // See the License for the specific language governing permissions and + // limitations under the License. + ++// Code generated by "esc -private -pkg=schema -include=.*\.json$ ."; DO NOT EDIT. ++ + package schema + + import ( +@@ -170,7 +172,7 @@ func _escFSByte(useLocal bool, name string) ([]byte, error) { + return nil, err + } + b, err := ioutil.ReadAll(f) +- f.Close() ++ _ = f.Close() + return b, err + } + f, err := _escStatic.prepare(name) +@@ -205,27 +207,27 @@ var _escData = map[string]*_escFile{ + "/config-schema.json": { + local: "config-schema.json", + size: 2771, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/+RWQW/bPAy9+1cYbo9t/R2+U67dbgMyINh2KIZAsemEnSVqFD3MGPLfB8vJZtmym3XI +-aScDFB/f4xMl60eSplkJrmC0gmSyVZqtLZhHMqLQAKePZCrcpxsLBVZYKJ9118FuXXEArTrIQcSu8vzZ +-kbnvow/E+7xkVcn9f//nfeymx2F5hrhVnpMFU5zZnIf12TlqtYe88Pw9UloLHZZ2z1BIH7NMFlgQXLZK +-u3bSNCsYlED5KzCAOmE0fTkfr4i1km6lVAL3ghoyv3bsUzLVyIF4oVSYzcUBBQppGC7FkLs08+RFJHvg +-iI9HXPHxDw44iMwwDlh9ztvvlhyU74nFjfG3DJU3ECr30I3ATV5ChQa7UXG5VnbjK697jfH65tucLMWs +-2uxuuIQCeixjoZE0Pc6QCreW0MiYmwysu56eAoKQblHigswXpIZyR5IXVZimrsNKwzqfoxY86vKf7f0j +-1Y2GyThf2P9rp/7aXX0i/oJm/wZfdc7fqR3U17ZkE9n4a1qyEbIb3BtVX2xJMvyer18mkip6WV96/ZZY +-VVssJwZf/6475S91H9CCafRkx7NatcAuizuejFgzhq8Nsv8PP0U8GKtLhhXPnh/QCXEbMz00K2LU3PbM +-b1D07fCyW0vviMlWxN4UcYpZ/Enjdtf+RQ3SGiZ/vj8oANpKu/UTMV9kR1SDMjPzGZ6y5MQwnZvwWfX7 +-2RSey6SbnWPyMwAA//9KY9sL0woAAA== ++H4sIAAAAAAAC/+RWQY/TPBC951dE2T22m+/wnXot3JCKVAGHFarcZNLOEnvMeIKIUP87itNCkjpp6apc ++OEUaz7z35nns+EcUx0kOLmO0gmSSRZysLJglGVFogOMlmQJ38dpChgVmymfNmrJHl+1Bq6ZkL2IXafri ++yMzb6BPxLs1ZFTL/7/+0jT20dZifStwiTcmCyU5szpe12SlqtYM08/xtpdQWmlravkAmbcwyWWBBcMki ++btqJ4yRjUAL5r0Cn1AmjaeF8vCDWSpqVXAnMBTUkfu3QpiSqkj3xBFQ/m7M9CmRSMVxbQ+7azKMXgeyO ++Iz4ecMXHPzjgXmSEscPqc95+t+Qgf08sblj/yFB4A6FwT80IPKQ5FGiwGRWXamXXHnnVagzjm29jshSz ++qpNZdwkF9FDGRCNxfBghFa4toZEhNxlYNT099wj6dJMSJ2RekNqXO5A8qcJUZdlH6uJ8Dlqw1Pk/2/tH ++KisN7sb+b536e3f1ifgLmt0bvOmcv1NbKO9tyTqw8fe0ZC1k17gzqrzakqj7PV2/TCSFe831m2NRbDB3 ++f/+uO+ZPdd+jBVPpsx1PSlUDuyTseDRgTRi+Vsj+P/wc8GCoLuoinjzfoxPiOmR636yAUWPbM75BwbfD ++Zbem3hGB8T5/U1ze1FlA42ZbvwKDtIazP98fAIC2Um/8RIyDbIlKUGZkPvunLDoynM9N/1n1+9nUP5dR ++MzuH6GcAAAD//0pj2wvTCgAA + `, + }, + + "/content-descriptor.json": { + local: "content-descriptor.json", + size: 1085, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/5yTwW7UMBCG73mKUVqpl27NoeIQVb3AnQPcEAevPY6nbGwznlW1oL47mniXJoAo3Vsy ++H4sIAAAAAAAC/5yTwW7UMBCG73mKUVqpl27NoeIQVb3AnQPcEAevPY6nbGwznlW1oL47mniXJoAo3Vsy + +r+Zz8n4RwfQe6yOqQjl1A/QfyiY3uUklhIy6BMmgffHUGb4WNBRIGdn4lpbXFYXcbKKR5EyGPNQc9q0 + 6k3m0Xi2QTZvbk2rXTSO/AmpgzG5YHKnyXXGWtr4X9MbJ4eCSubtAzpptcK5IAth7QfQgwH0E3qyn1q4 + lf48r0SEOadNIQfQAmNAxuTQw2LGjF8yBuU8hrp5FrvRE18Yj4ESae9qnqfP7FNr0Vf6/pKPRoASbA+C +@@ -238,9 +240,9 @@ ERcrb5b9zhBc4s2zO7r2jN/2xKhin3+/McttXS9NB/Cle+p+BgAA///HjexwPQQAAA== + "/defs-descriptor.json": { + local: "defs-descriptor.json", + size: 922, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/6STX2/TMBTF3/spLl7FgDZN4QFp0Ria2DsP42lTV93ZN/Ed8R/ZrqYy9bsjJ1naFYFA ++H4sIAAAAAAAC/6STX2/TMBTF3/spLl7FgDZN4QFp0Ria2DsP42lTV93ZN/Ed8R/ZrqYy9bsjJ1naFYFA + PCSyj67Pub8b52kCIBRFGdgndlZUIK6oZst5F8FjSCw3LQZIDr56sl+cTciWAlwNx1yAa0+Sa5bYecx7 + 09FFVJBzAIQhxfht62mUAASrnKpT8rEqS+fJyueMuHChKaPUZLBkgw2Vakwt927zZ6/Ue4uYAttmr3tM + iUKHd3d7Wdxg8WNZnK32y1cn09fF3XoxWz0t5+8/fNyVf1c2FV3Erk8SihuK6ZDuaLhJE8iw9ck1Ab1m +@@ -254,9 +256,9 @@ ELULBvNXEJvAYtB3LzDQWpfw5fX8n7t46Dc2PQ1UZz9FdVw8RGdPyoPfojTor7ve+/cw50l+dpOfAQAA + "/defs.json": { + local: "defs.json", + size: 1670, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/7STza6bMBCF9zzFyO2S9oJtbGDb7hMpy6oLSiaJq2AjY6RWEe9e8RNChFuJKneRgGc8 ++H4sIAAAAAAAC/7STza6bMBCF9zzFyO2S9oJtbGDb7hMpy6oLSiaJq2AjY6RWEe9e8RNChFuJKneRgGc8 + 3zmeMbcAgByxKa2qnTKa5EC+4klp1a8aaBs8grtY054vpnXgLgi7GvUXo12hNFo41FiqkyqLoTwceTOA + 5NBLABClXTqvAIj7XWOvprTDM9qhckhUSquqrUgOn2KaPsLFrykcUzkEu3Amx2IrmlEpfPA+vsIzuhVP + Yy55ygT3aczJlZDgW4UyShmTNGIiTbiUIooij6Jn15N0+x/T8enQJFlxN8/GBxZJwtbozXPxoTnNeCYk +@@ -269,29 +271,29 @@ fIvD7in0ryMEy+fK1G6UfmdTE+tvpoL+1wV/AgAA//96IpqyhgYAAA== + "/image-index-schema.json": { + local: "image-index-schema.json", + size: 2993, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/6yWv27bMBDGdz/FQQmQJYmKIuhgBFnaJVOHBl2KDAx5ki61SPVIJ3ELv3tBMrIlUXZt +-1Zt95H33+07892cGkCm0kqlxZHQ2h+xrg/qz0U6QRob7WpQI91rhG3xrUFJBUoSplz733MoKa+HzKuea +-eZ4/W6OvYvTacJkrFoW7+nCTx9hZzCPVpth5npsGtWxL2pAWZ+fky+fky8dEt2rQp5qnZ5Quxho2DbIj +-tNkcvCWALOZ/R7bRVgynbh8qslAQLhTYaA8tuAohVIZQGaIYvEQ1EBaEBtIOS+SAEJQneMr7mBup1mVS +-oyZN9bLO5vBxGxNvbSyE1nEkq4WmAq2zXfutsmAWqw67w7o772g7bbEv7+01W+jxr/Y+wvhrSYy+1o9N +-1MOjIvHg0y67YUu/BxFFJVqXbUKPHfGRhZHI9wfSBeLXQpjtPYApwuJgLJBRS1SQWAoi54yFz1ZY2Cu1 +-6cm13x1nucKCNPkKNt+SdBTWqelDOP1EIA1PK4d2EusIIGn36WY33Hv/D8GTvGqcKVk0FUmQFcqfdllD +-VGhxI+Olt+H/NsI5ZA0Xt2JRGiZX1XfzW78WFaq7i+l9H66boa8lL4arJnUlYEER3U+Hgk0NrxXJCpw/ +-V6IXqMUKnhCUedULIxSq6dSBaidzsxCuMFyn3Mdt5o3OgHPnNoY9WzmMCZYVOZRuyTjIA8hMz1NvD8Pe +-fZxqp+OT3ed7oTvtsI5Jl9lgwnrM5inxjD0N1PVLckueAm4jexrIAoX/Dqdu4VZ3D2b/suyWTa7Ng00C +-rP9p+0UwCZ0erof0cLbrX//IEFobFx50I6fdcV3dHlx5V3XyWdcVmY15aX+te8+ecUeTXmdjNv7HgAcN +-mOlZmY29BDtPuBnA42w9+xsAAP//IKe/nbELAAA= ++H4sIAAAAAAAC/6yWz0/jOhDH7/0rRgGJC5CnJ/QOFeLy9sJpD4v2suJg7EkybGNnx1Ogu+r/vrJN2qRJ ++C4Te2rHnO5/vxL/+zAAyg14zNULOZnPIvjZo/3dWFFlkuK1ViXBrDb7AtwY1FaRVnHoeck+9rrBWIa8S ++aeZ5/uidvUjRS8dlblgVcvHPVZ5iJymPTJvi53nuGrS6LeljWpqdUyifUyifEmXVYEh1D4+oJcUadg2y ++EPpsDsESQJbyvyP7ZCuFh27vKvJQEC4M+GQPPUiFECtDrAxJDJ6SGigPygJZwRI5IkTlCZ7yPuZGqnU5 ++qFGTpXpZZ3P4dxtTL20shtZpJKuVpQK9+K79Vlkxq1WHXbDuzvuwnbbYl9f2ui30+Fd7HWH8tSTGUOvH ++Jhrg0ZC6C2nn3bCn3zsRQyV6yTah+474yMIYyPcHhgskrIU4O3gAV8TFwVggo9VoYGApipwyFiHbYOEv ++zKYnl2F3nOQGC7IUKvh8S9JRWA9Nv4czTASy8LAS9JNYRwDJyn9X++Fe+/8ePM2rRlzJqqlIg65Q//TL ++GpJCi5sYz4ON8LdRIsgWzq7VonRMUtU38+uwFg2am7Ppfd9dN7u+lrzwb7pSsKCEHqZDwa6G54p0BRLO ++leQFarWCBwTjnu3CKYNmOnWk2svcLJQUjush98c280Znh3PvNj60leOYYl2RoJYl404eQOZ6nnp7+PA+ ++HmoPxye7zw9Cd9rhhcmW2c6E9ZjNY+I5fxyoy6fBLXkMuI3scSALVOE7HLuFW90DmP3Lslt2cG2+2yTA +++k3bT4pJWRm3/EYPZ/v+9Y8MZa2T+KDznz01tgdX3lWdfNZ1RWZjXtpf696zZ9zRpNfZmI3PGAigEXN4 ++VmZjL8HOE24GcD9bz/4GAAD//yCnv52xCwAA + `, + }, + + "/image-layout-schema.json": { + local: "image-layout-schema.json", + size: 439, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/2yPQUvEMBCF7/0VQ/Sg4DYVPOW6pwVhD4IX8VDTaTvLNonJVFik/12SaRXRU5g38+W9 ++H4sIAAAAAAAC/2yPQUvEMBCF7/0VQ/Sg4DYVPOW6pwVhD4IX8VDTaTvLNonJVFik/12SaRXRU5g38+W9 + 91kBqA6TjRSYvFMG1DGg23vHLTmMcJjaAeGxvfiZ4cmOOLXqLlPXSQYDamQORutT8m4nau3joLvY9rxr + HrRoV8JRtyHJaO0DOruZpYLJtaZsrM/FWEi+BMysfzuhXbUQfcDIhEkZyG2yQyYl8TPGJLVk97fth1yA + 74FHhOP+8LvyDbmy8JZ2EgZ6OuNtsS8fbrESR3LDj45unpSBl3UGUPd1UzdqnV/Lu1QAS2kS8X2miN03 +@@ -302,9 +304,9 @@ HrRoV8JRtyHJaO0DOruZpYLJtaZsrM/FWEi+BMysfzuhXbUQfcDIhEkZyG2yQyYl8TPGJLVk97fth1yA + "/image-manifest-schema.json": { + local: "image-manifest-schema.json", + size: 921, +- modtime: 1498025574, ++ modtime: 1515512099, + compressed: ` +-H4sIAAAJbogA/5ySMW8iMRCF+/0VI0MJ+O501bZXUZxSJEoTpXB2x7uDWNsZmygo4r9HtnHAkCKifTvv ++H4sIAAAAAAAC/5ySMW8iMRCF+/0VI0MJ+O501bZXUZxSJEoTpXB2x7uDWNsZmygo4r9HtnHAkCKifTvv + zTdv/dEAiB59x+QCWSNaEHcOzT9rgiKDDOtJDQj/lSGNPsC9w440dSpNL6J97rsRJxWtYwiulXLjrVlm + dWV5kD0rHZa//sqszbKP+mLxrZTWoenKVp9seVpSJJDTkSB7w95hdNuXDXZHzbF1yIHQixbiYQAiRzwi + +3xclq9vfhjJgybc9uDzheghjAhpOZTlkPPgLQeC8qAMkAk4ICeKFH7bZbKG/Uort16tmcjQtJtEC39O +@@ -316,6 +318,6 @@ Dj+ZAwAA + + "/": { + isDir: true, +- local: "/", ++ local: "", + }, + } + +From 9cfed2f4b9de41bfc154cb9ea429a0b58356bccf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= +Date: Wed, 10 Jan 2018 19:10:42 +0100 +Subject: [PATCH 2/2] Make JSON schema available for verification under + https:// URIs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +After updating gojsonschema to include +https://github.com/xeipuuv/gojsonschema/pull/171 , tests fail with +> unable to validate: Could not read schema from HTTP, response status is 404 Not Found + +Before that gojsonschema change, "$ref" links were interpreted by taking +the current schema source file's URI as a base, and treating "$ref" +as relative to this. + +For example, starting with the [file://]/image-manifest-schema.json +URI, as used by Validator.Validate (based on the "specs" map), the +> "$ref": "content-descriptor.json" +reference used to evaluate to file:///content-descriptor.json. +gojsonschema.jsonReferenceLoader would then load these file:///*.json +URIs via _escFS. + +After the gojsonschema change, "$ref" links are evaluated relative to +a URI base specified by the "id" attribute inside the schema source, +regardless of the "external" URI passed to the gojsonschema.JSONLoader. + +This is consistent with +http://json-schema.org/latest/json-schema-core.html#rfc.section.8 and +http://json-schema.org/latest/json-schema-core.html#rfc.section.9.2 +(apart from the "id" vs. "$id" attribute name). + +In the same example, [file://]/image-manifest-schema.json URI contains +> "id": "https://opencontainers.org/schema/image/manifest", +so the same +> "$ref": "content-descriptor.json" +now evaluates to +"https://opencontainers.org/schema/image/content-descriptor.json", +which is not found by gojsonschema.jsonReferenceLoader (it uses +_escFS only for file:/// URIs), resulting in the 404 quoted above. + +This is a minimal fix, making the schema files available to +gojsonschema at the https:// URIs, while continuing to read them from +_escFS. + +Because gojsonschema.jsonReferenceLoader can only use the provided fs +for file:/// URIs, we are forced to implement our own +gojsonschema.JSONLoaderFactory and gojsonschema.JSONLoader; something +like this might be more generally useful and should therefore instead +be provided by the gojsonschema library. + +This particular JSONLoader{Factory,} implementation, though, is +image-spec specific because it locally works around various +inconsistencies in the image-spec JSON schemas, and thus is not suitable +for gojsonschema as is. + +Namely, the specs/*.json schema files use URIs with two URI path prefixes, +https://opencontainers.org/schema/{,image/} +in the top-level "id" attributes, and the nested "id" attributes along +with "$ref" references use _several more_ URI path prefixes, e.g. +> "id": "https://opencontainers.org/schema/image/manifest/annotations", +> "$ref": "defs-descriptor.json#/definitions/annotations" +in image-manifest-schema.json specifies the +https://opencontainers.org/schema/image/manifest/defs-descriptor.json +URI. + +In fact, defs-descriptor.json references use all of the following URIs: +> https://opencontainers.org/schema/defs-descriptor.json +> https://opencontainers.org/schema/image/defs-descriptor.json +> https://opencontainers.org/schema/image/descriptor/defs-descriptor.json +> https://opencontainers.org/schema/image/index/defs-descriptor.json +> https://opencontainers.org/schema/image/manifest/defs-descriptor.json + +So, this commit introduces a loader which preserves the original _escFS +layout by recognizing and stripping all of these prefixes, and using +the same /*.json paths for _escFS lookups as before; this is clearly +unsuitable for gojsonschema inclusion. + +Finally, the reason this commit uses such a fairly hacky loader is that merely +changing the _escFS structure is still not sufficient to get consistent +schema: the schema/*.json paths in this repository, and the "$ref" values, +do not match the "id" values inside the schemas at all. E.g. +image-manifest-schema.json refers to +https://opencontainers.org/schema/image/manifest/content-descriptor.json , +while content-descriptor.json identifies itself as +https://opencontainers.org/schema/descriptor , matching neither the path prefix +nor the file name. + +Overall, it is completely unclear to me which of the URIs is the canonical URI +of the "content descriptor" schema, and the owner of the URI namespace +needs to decide on the canonical schema URIs. Only afterwards can the +code be cleanly modified to match the specification; until then, this +commit at least keeps the tests passing, and the validator usable +by external callers who want to use the public +image-spec/schema.ValidateMediaType*.Validate() API. + +Signed-off-by: Miloslav Trmač +--- + schema/loader.go | 126 ++++++++++++++++++++++++++++++++++++++++++++ + schema/schema.go | 35 +++++++++--- + schema/validator.go | 2 +- + 3 files changed, 156 insertions(+), 7 deletions(-) + create mode 100644 schema/loader.go + +diff --git a/schema/loader.go b/schema/loader.go +new file mode 100644 +index 00000000..c6bde004 +--- /dev/null ++++ b/schema/loader.go +@@ -0,0 +1,126 @@ ++// Copyright 2018 The Linux Foundation ++// ++// Licensed under the Apache License, Version 2.0 (the "License"); ++// you may not use this file except in compliance with the License. ++// You may obtain a copy of the License at ++// ++// http://www.apache.org/licenses/LICENSE-2.0 ++// ++// Unless required by applicable law or agreed to in writing, software ++// distributed under the License is distributed on an "AS IS" BASIS, ++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++// See the License for the specific language governing permissions and ++// limitations under the License. ++ ++package schema ++ ++import ( ++ "bytes" ++ "encoding/json" ++ "fmt" ++ "io" ++ "io/ioutil" ++ "net/http" ++ "strings" ++ ++ "github.com/xeipuuv/gojsonreference" ++ "github.com/xeipuuv/gojsonschema" ++) ++ ++// fsLoaderFactory implements gojsonschema.JSONLoaderFactory by reading files under the specified namespaces from the root of fs. ++type fsLoaderFactory struct { ++ namespaces []string ++ fs http.FileSystem ++} ++ ++// newFSLoaderFactory returns a fsLoaderFactory reading files under the specified namespaces from the root of fs. ++func newFSLoaderFactory(namespaces []string, fs http.FileSystem) *fsLoaderFactory { ++ return &fsLoaderFactory{ ++ namespaces: namespaces, ++ fs: fs, ++ } ++} ++ ++func (factory *fsLoaderFactory) New(source string) gojsonschema.JSONLoader { ++ return &fsLoader{ ++ factory: factory, ++ source: source, ++ } ++} ++ ++// refContents returns the contents of ref, if available in fsLoaderFactory. ++func (factory *fsLoaderFactory) refContents(ref gojsonreference.JsonReference) ([]byte, error) { ++ refStr := ref.String() ++ path := "" ++ for _, ns := range factory.namespaces { ++ if strings.HasPrefix(refStr, ns) { ++ path = "/" + strings.TrimPrefix(refStr, ns) ++ break ++ } ++ } ++ if path == "" { ++ return nil, fmt.Errorf("Schema reference %#v unexpectedly not available in fsLoaderFactory with namespaces %#v", path, factory.namespaces) ++ } ++ ++ f, err := factory.fs.Open(path) ++ if err != nil { ++ return nil, err ++ } ++ defer f.Close() ++ ++ return ioutil.ReadAll(f) ++} ++ ++// fsLoader implements gojsonschema.JSONLoader by reading the document named by source from a fsLoaderFactory. ++type fsLoader struct { ++ factory *fsLoaderFactory ++ source string ++} ++ ++// JsonSource implements gojsonschema.JSONLoader.JsonSource. The "Json" capitalization needs to be maintained to conform to the interface. ++func (l *fsLoader) JsonSource() interface{} { // nolint: golint ++ return l.source ++} ++ ++func (l *fsLoader) LoadJSON() (interface{}, error) { ++ // Based on gojsonschema.jsonReferenceLoader.LoadJSON. ++ reference, err := gojsonreference.NewJsonReference(l.source) ++ if err != nil { ++ return nil, err ++ } ++ ++ refToURL := reference ++ refToURL.GetUrl().Fragment = "" ++ ++ body, err := l.factory.refContents(refToURL) ++ if err != nil { ++ return nil, err ++ } ++ ++ return decodeJSONUsingNumber(bytes.NewReader(body)) ++} ++ ++// decodeJSONUsingNumber returns JSON parsed from an io.Reader ++func decodeJSONUsingNumber(r io.Reader) (interface{}, error) { ++ // Copied from gojsonschema. ++ var document interface{} ++ ++ decoder := json.NewDecoder(r) ++ decoder.UseNumber() ++ ++ err := decoder.Decode(&document) ++ if err != nil { ++ return nil, err ++ } ++ ++ return document, nil ++} ++ ++// JsonReference implements gojsonschema.JSONLoader.JsonReference. The "Json" capitalization needs to be maintained to conform to the interface. ++func (l *fsLoader) JsonReference() (gojsonreference.JsonReference, error) { // nolint: golint ++ return gojsonreference.NewJsonReference(l.JsonSource().(string)) ++} ++ ++func (l *fsLoader) LoaderFactory() gojsonschema.JSONLoaderFactory { ++ return l.factory ++} +diff --git a/schema/schema.go b/schema/schema.go +index 6a317f13..2a560552 100644 +--- a/schema/schema.go ++++ b/schema/schema.go +@@ -35,13 +35,36 @@ var ( + // having the OCI JSON schema files in root "/". + fs = _escFS(false) + +- // specs maps OCI schema media types to schema files. ++ // schemaNamespaces is a set of URI prefixes which are treated as containing the schema files of fs. ++ // This is necessary because *.json schema files in this directory use "id" and "$ref" attributes which evaluate to such URIs, e.g. ++ // ./image-manifest-schema.json URI contains ++ // "id": "https://opencontainers.org/schema/image/manifest", ++ // and ++ // "$ref": "content-descriptor.json" ++ // which evaluates as a link to https://opencontainers.org/schema/image/content-descriptor.json . ++ // ++ // To support such links without accessing the network (and trying to load content which is not hosted at these URIs), ++ // fsLoaderFactory accepts any URI starting with one of the schemaNamespaces below, ++ // and uses _escFS to load them from the root of its in-memory filesystem tree. ++ // ++ // (Note that this must contain subdirectories before its parent directories for fsLoaderFactory.refContents to work.) ++ schemaNamespaces = []string{ ++ "https://opencontainers.org/schema/image/descriptor/", ++ "https://opencontainers.org/schema/image/index/", ++ "https://opencontainers.org/schema/image/manifest/", ++ "https://opencontainers.org/schema/image/", ++ "https://opencontainers.org/schema/", ++ } ++ ++ // specs maps OCI schema media types to schema URIs. ++ // These URIs are expected to be used only by fsLoaderFactory (which trims schemaNamespaces defined above) ++ // and should never cause a network access. + specs = map[Validator]string{ +- ValidatorMediaTypeDescriptor: "content-descriptor.json", +- ValidatorMediaTypeLayoutHeader: "image-layout-schema.json", +- ValidatorMediaTypeManifest: "image-manifest-schema.json", +- ValidatorMediaTypeImageIndex: "image-index-schema.json", +- ValidatorMediaTypeImageConfig: "config-schema.json", ++ ValidatorMediaTypeDescriptor: "https://opencontainers.org/schema/content-descriptor.json", ++ ValidatorMediaTypeLayoutHeader: "https://opencontainers.org/schema/image/image-layout-schema.json", ++ ValidatorMediaTypeManifest: "https://opencontainers.org/schema/image/image-manifest-schema.json", ++ ValidatorMediaTypeImageIndex: "https://opencontainers.org/schema/image/image-index-schema.json", ++ ValidatorMediaTypeImageConfig: "https://opencontainers.org/schema/image/config-schema.json", + } + ) + +diff --git a/schema/validator.go b/schema/validator.go +index e9f6d437..029217c3 100644 +--- a/schema/validator.go ++++ b/schema/validator.go +@@ -67,7 +67,7 @@ func (v Validator) Validate(src io.Reader) error { + } + } + +- sl := gojsonschema.NewReferenceLoaderFileSystem("file:///"+specs[v], fs) ++ sl := newFSLoaderFactory(schemaNamespaces, fs).New(specs[v]) + ml := gojsonschema.NewStringLoader(string(buf)) + + result, err := gojsonschema.Validate(sl, ml) diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-750.patch golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-750.patch --- golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-750.patch 1970-01-01 00:00:00.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/patches/pr-750.patch 2020-03-22 16:16:35.000000000 +0000 @@ -0,0 +1,148 @@ +From 8ee24f6e4c04cb1c18b648276315ff8fd630605d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= +Date: Mon, 17 Sep 2018 15:54:34 +0200 +Subject: [PATCH 1/2] Fix duplicate "id" values in JSON schema +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The "id" values in JSON schema files must be unique, per RFC draft 8.3.1: +> A schema MAY (and likely will) have multiple URIs, but there is no +> way for a URI to identify more than one schema. +and recent gojsonschema fails when handling such inputs (fairly +nontransparently, it silently fails to resolve $ref references to +absolute URIs and reports something like +> Reference defs.json#/definitions/mapStringString must be canonical +.) + +In particular, the https://opencontainers.org/schema/image/descriptor/annotations +id value had three definitions. To resolve this: +- Leave the definition in image-index-schema.json; although using the /descriptor + subnamespace for the "manifests" array is a bit surprising, the /image/ part + clearly belongs to image-index-schema.json +- Rename the id definition in content-descriptor.json, to use the generic + "blob descriptor" namespace. +- Remove the definition in defs-descriptor.json; that seems to be an "utility" + schema file describing common structures, but it's better for users to + reference schema fragments by purpose than by common structure (so that + we can let the structure diverge in the future if necessary). + +Finally, changing the content-descriptor.json "id" value changes the +resolved absolute value of the reference to defs-descriptor.json, +so add another namespace to be handled by fsLoaderFactory. + +Signed-off-by: Miloslav Trmač +--- + schema/content-descriptor.json | 2 +- + schema/defs-descriptor.json | 1 - + schema/schema.go | 1 + + 3 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/schema/content-descriptor.json b/schema/content-descriptor.json +index 69fcea92..9157e04a 100644 +--- a/schema/content-descriptor.json ++++ b/schema/content-descriptor.json +@@ -21,7 +21,7 @@ + "$ref": "defs-descriptor.json#/definitions/urls" + }, + "annotations": { +- "id": "https://opencontainers.org/schema/image/descriptor/annotations", ++ "id": "https://opencontainers.org/schema/descriptor/annotations", + "$ref": "defs-descriptor.json#/definitions/annotations" + } + }, +diff --git a/schema/defs-descriptor.json b/schema/defs-descriptor.json +index feaea001..dad2b0a3 100644 +--- a/schema/defs-descriptor.json ++++ b/schema/defs-descriptor.json +@@ -20,7 +20,6 @@ + } + }, + "annotations": { +- "id": "https://opencontainers.org/schema/image/descriptor/annotations", + "$ref": "defs.json#/definitions/mapStringString" + } + } +diff --git a/schema/schema.go b/schema/schema.go +index 2a560552..239eefa2 100644 +--- a/schema/schema.go ++++ b/schema/schema.go +@@ -53,6 +53,7 @@ var ( + "https://opencontainers.org/schema/image/index/", + "https://opencontainers.org/schema/image/manifest/", + "https://opencontainers.org/schema/image/", ++ "https://opencontainers.org/schema/descriptor/", + "https://opencontainers.org/schema/", + } + + +From cf56476c82f8dae8b4cd6a28f07f1a627b13d342 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= +Date: Mon, 17 Sep 2018 16:01:18 +0200 +Subject: [PATCH 2/2] Run (make schema/fs.go) to make the previous commit + effective +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Miloslav Trmač +--- + schema/fs.go | 38 +++++++++++++++++++------------------- + 1 file changed, 19 insertions(+), 19 deletions(-) + +diff --git a/schema/fs.go b/schema/fs.go +index b18f7656..5baeeaec 100644 +--- a/schema/fs.go ++++ b/schema/fs.go +@@ -224,32 +224,32 @@ MzuH6GcAAAD//0pj2wvTCgAA + + "/content-descriptor.json": { + local: "content-descriptor.json", +- size: 1085, +- modtime: 1515512099, ++ size: 1079, ++ modtime: 1537191585, + compressed: ` +-H4sIAAAAAAAC/5yTwW7UMBCG73mKUVqpl27NoeIQVb3AnQPcEAevPY6nbGwznlW1oL47mniXJoAo3Vsy +-+r+Zz8n4RwfQe6yOqQjl1A/QfyiY3uUklhIy6BMmgffHUGb4WNBRIGdn4lpbXFYXcbKKR5EyGPNQc9q0 +-6k3m0Xi2QTZvbk2rXTSO/AmpgzG5YHKnyXXGWtr4X9MbJ4eCSubtAzpptcK5IAth7QfQgwH0E3qyn1q4 +-lf48r0SEOadNIQfQAmNAxuTQw2LGjF8yBuU8hrp5FrvRE18Yj4ESae9qnqfP7FNr0Vf6/pKPRoASbA+C +-9ZVOfxGhJG9v1xKeRqzygobjQ5E8si2RHLiI7mvdT9DYk1ZzuVZdfS1WBDnB1Z3djZlJ4nQ/3OmP9ejv +-r875jkfXlf+ed/Uf9hZ21BQ1CIHzBI+RXASJVI/OMNkDbBF8fky7bD36c+xmk5WbTSnLfDtWiv+77DTZ +-ERcrb5b9zhBc4s2zO7r2jN/2xKhin3+/McttXS9NB/Cle+p+BgAA///HjexwPQQAAA== ++H4sIAAAAAAAC/5yTsW7cMAyGdz8F4QTIkos6BB2MIEu7d2i3ooNOok5Mz5JK8RBci7x7QcvX2G2RILfZ ++xP+Rn2zqVwfQe6yOqQjl1A/QfyqYPuQklhIy6BMmgY9zKDN8LugokLMTca0tLquLOFrFo0gZjHmoOW1a ++9Sbzzni2QTbvbk2rXTSO/AmpgzG5YHKnyXXCWtr4P9MbJ8eCSubtAzpptcK5IAth7QfQgwH0I3qyX1q4 ++lf49r0SEKadNIQfQAmNAxuTQw2LGhF8yBuU8hrp5FrvRE18Yj4ESae9qnqdP7FNr0Vf6+ZqPRoASbI+C ++9Y1O/xGhJO9v1xKedljlFQ3HxyJ5x7ZEcuAiuu/1MEJjT1rN5Vp19bVYEeQEV3d2v8tMEsf74U5/rEd/ ++f3XOd5xdV/4H3tcX7C3sqSlqEALnER4juQgSqc7OMNojbBF8fkz7bD36c+wmk5WbTSnLdDtWim9fdrPs ++dIbaEm+G3WzZM/44EKMqff37riz3dL0uHcC37qn7HQAA//9DKIMKNwQAAA== + `, + }, + + "/defs-descriptor.json": { + local: "defs-descriptor.json", +- size: 922, +- modtime: 1515512099, ++ size: 844, ++ modtime: 1537191664, + compressed: ` +-H4sIAAAAAAAC/6STX2/TMBTF3/spLl7FgDZN4QFp0Ria2DsP42lTV93ZN/Ed8R/ZrqYy9bsjJ1naFYFA +-PCSyj67Pub8b52kCIBRFGdgndlZUIK6oZst5F8FjSCw3LQZIDr56sl+cTciWAlwNx1yAa0+Sa5bYecx7 +-09FFVJBzAIQhxfht62mUAASrnKpT8rEqS+fJyueMuHChKaPUZLBkgw2Vakwt927zZ6/Ue4uYAttmr3tM +-iUKHd3d7Wdxg8WNZnK32y1cn09fF3XoxWz0t5+8/fNyVf1c2FV3Erk8SihuK6ZDuaLhJE8iw9ck1Ab1m +-CVKT/B43Bvqz4GrIRe7+gWSaA9tuOwDA6Tm2jQuctLmozvOoFKmL03+cwMA1e/O5up0t1sVqVN6+q/L6 +-srhZFmef1sVqdkS4CW38Ax9Cyz1ELoQ6OAOPmqWGpDkOVGBwC/cEyj3a1qEi9Wv/GAJu9zInMoe5vycF +-ELULBvNXEJvAYtB3LzDQWpfw5fX8n7t46Dc2PQ1UZz9FdVw8RGdPyoPfojTor7ve+/cw50l+dpOfAQAA +-//8aH/C2mgMAAA== ++H4sIAAAAAAAC/5SST2/TTBDG7/kU826jt0DiOHBAqlWKKnrnUE6t0mi6O7aneP9od6IqVPnuaG03SYtA ++cLC1+2jmefwbz9MEQBlKOnIQ9k5VoK6oZsf5liBgFNabDiOIh6+B3BfvBNlRhKuxzUe4DqS5Zo29x3ww ++3buoCnIOgLJkGL9tA+0lAMUmp7YiIVVl6QM5/ZyRFj42ZdItWSzZYkOl2aeWB7f5s5cM3ipJZNcc9IAi ++FHu8u9vL4gaLH8vibHU4/ncy/b+4Wy9mq6fl/P2Hj7vy78qmqo/YDUnKcENJjuleDVdaAh23QXwTMbSs ++Qbekv6eNhaEXfA25yN8/kJY5sOuvIwCcnmPX+MjS2ovqPI/KkLk4/ccJjFyzN5+r29liXaz2ytt3VT5f ++FjfL4uzTuljNXhFuYpf+wIfQ8QCRC6GO3sJjy7oFaTmNVGBxC/cExj+6zqMh8+v3Y4y4PcgsZI9zf08K ++oGofLea/oDaR1ajvXmCgc17w5XoCqGmkOvcZqtPiIXl3Uh4tcmkxXPdpw3uczCQ/u8nPAAAA///5nDLG ++TAMAAA== + `, + }, + diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/patches/series golang-github-opencontainers-image-spec-1.0.1/debian/patches/series --- golang-github-opencontainers-image-spec-1.0.1/debian/patches/series 2019-11-03 12:53:40.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/patches/series 2020-03-22 16:16:35.000000000 +0000 @@ -1 +1,3 @@ zstd.patch +pr-739.patch +pr-750.patch diff -Nru golang-github-opencontainers-image-spec-1.0.1/debian/rules golang-github-opencontainers-image-spec-1.0.1/debian/rules --- golang-github-opencontainers-image-spec-1.0.1/debian/rules 2019-11-03 14:26:11.000000000 +0000 +++ golang-github-opencontainers-image-spec-1.0.1/debian/rules 2020-03-22 16:16:35.000000000 +0000 @@ -1,13 +1,6 @@ #!/usr/bin/make -f -#export DH_GOLANG_GO_GENERATE := 1 -#export DH_GOLANG_INSTALL_ALL := 1 export DH_GOLANG_INSTALL_EXTRA = $(shell find -type f -name '*.json') -# config.md \ -# descriptor.md \ -# image-index.md \ -# image-layout.md \ -# manifest.md \ %: dh $@ --buildsystem=golang --with=golang