... so that major-version-aware Go module import
(as opposed to vX.Y.Z+incompatible, which does not allow different
packages to use different versions) works right.
Also requires adding some more GO111MODULE=on options to Makefile.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Network IO paths should react to cancels now.
- File IO paths generally still won't.
- `SystemContext` objects have been renamed to `sys` to leave `ctx`
available for the stdlib context objects.
Signed-off-by: Mike Lundy <mike@fluffypenguin.org>
Currently we use a types.Image, which supports lots of parsing, for
verification processing in in signature.PolicyContext.
In the future, we will want that types.Image to do significantly more
processing at initialization time (e.g. determine manifest type and
fully parse it), which is undesirable for signature verification
— there we would _really_ prefer to first find a signature which
cryptographically verifies, before even _downloading_ the manifest,
let alone processing it in any way.
So, split the minimum functionality desired for processing unsigned
images (manifest and signature caching) into a separate UnparsedImage
type.
Right now, this does not affect any Image or UnparsedImage
implementation (apart from dropping a few panic()ing mock functions).
(Note that for some more advanced processing, signature/* may create a
types.Image out of the given types.UnparsedImage in the future — but
that would be an intentional action after the signature code determines
that there is enough presumed trust to even start parsing anything.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Miloslav Trmač