bump: bump up oras-go and image-spec (#381)

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>

go.mod

@@ -6,11 +6,11 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/notaryproject/notation-core-go v1.0.2
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.0-rc5
+	github.com/opencontainers/image-spec v1.1.0-rc6
 	github.com/veraison/go-cose v1.1.0
 	golang.org/x/crypto v0.18.0
 	golang.org/x/mod v0.14.0
-	oras.land/oras-go/v2 v2.3.1
+	oras.land/oras-go/v2 v2.4.0
 )
 
 require (
@@ -20,5 +20,5 @@ require (
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/google/uuid v1.3.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
 )

go.sum

@@ -19,8 +19,8 @@ github.com/notaryproject/notation-core-go v1.0.2 h1:VEt+mbsgdANd9b4jqgmx2C7U0Dmw
 github.com/notaryproject/notation-core-go v1.0.2/go.mod h1:2HkQzUwg08B3x9oVIztHsEh7Vil2Rj+tYgxH+JObLX4=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI=
-github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU=
+github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -50,8 +50,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -80,5 +80,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-oras.land/oras-go/v2 v2.3.1 h1:lUC6q8RkeRReANEERLfH86iwGn55lbSWP20egdFHVec=
-oras.land/oras-go/v2 v2.3.1/go.mod h1:5AQXVEu1X/FKp1F9DMOb5ZItZBOa0y5dha0yCm4NR9c=
+oras.land/oras-go/v2 v2.4.0 h1:i+Wt5oCaMHu99guBD0yuBjdLvX7Lz8ukPbwXdR7uBMs=
+oras.land/oras-go/v2 v2.4.0/go.mod h1:osvtg0/ClRq1KkydMAEu/IxFieyjItcsQ4ut4PPF+f8=

notation_test.go

@@ -150,7 +150,7 @@ func TestVerifyTagReferenceFailed(t *testing.T) {
 	repo := mock.NewRepository()
 	verifier := dummyVerifier{&policyDocument, mock.PluginManager{}, false, *trustpolicy.LevelStrict}
 
-	errorMessage := "invalid reference: invalid repository"
+	errorMessage := "invalid reference: invalid repository \"UPPERCASE/test\""
 	expectedErr := ErrorSignatureRetrievalFailed{Msg: errorMessage}
 
 	// mock the repository

registry/repository_test.go

@@ -62,7 +62,7 @@ const (
 	{
 		"Manifests": [
 			{	
-				"MediaType": "application/vnd.oci.artifact.manifest.v1+json",
+				"MediaType": "application/vnd.oci.image.manifest.v1+json",
 				"Digest": "sha256:cf2a0974295fc17b8351ef52abae2f40212e20e0359ea980ec5597bb0315347b",
 				"Size": 620,
 				"ArtifactType": "application/vnd.cncf.notary.signature"
@@ -165,16 +165,34 @@ func (c mockRemoteClient) Do(req *http.Request) (*http.Response, error) {
 	case "/v2/test/referrers/":
 		return &http.Response{
 			StatusCode: http.StatusOK,
-			Body:       io.NopCloser(bytes.NewReader([]byte(validPage))),
+			Header: http.Header{
+				"Content-Type": []string{ocispec.MediaTypeImageIndex},
+			},
+			Body: io.NopCloser(bytes.NewReader([]byte(validPage))),
 			Request: &http.Request{
 				Method: "GET",
 				URL:    &url.URL{Path: "/v2/test/referrers/"},
 			},
 		}, nil
+	case "/v2/test/referrers/" + validDigestWithAlgo:
+		return &http.Response{
+			StatusCode: http.StatusOK,
+			Header: http.Header{
+				"Content-Type": []string{ocispec.MediaTypeImageIndex},
+			},
+			Body: io.NopCloser(bytes.NewReader([]byte(validPage))),
+			Request: &http.Request{
+				Method: "GET",
+				URL:    &url.URL{Path: "/v2/test/referrers/" + validDigestWithAlgo},
+			},
+		}, nil
 	case "/v2/test/referrers/" + zeroDigest:
 		return &http.Response{
 			StatusCode: http.StatusOK,
-			Body:       io.NopCloser(bytes.NewReader([]byte(validPageImage))),
+			Header: http.Header{
+				"Content-Type": []string{ocispec.MediaTypeImageIndex},
+			},
+			Body: io.NopCloser(bytes.NewReader([]byte(validPageImage))),
 			Request: &http.Request{
 				Method: "GET",
 				URL:    &url.URL{Path: "/v2/test/referrers/" + zeroDigest},
@@ -188,13 +206,15 @@ func (c mockRemoteClient) Do(req *http.Request) (*http.Response, error) {
 	default:
 		_, digest, found := strings.Cut(req.URL.Path, "/v2/test/manifests/")
 		if found && !slices.Contains(validDigestWithAlgoSlice, digest) {
-			return &http.Response{
+			resp := &http.Response{
 				StatusCode: http.StatusCreated,
 				Body:       io.NopCloser(bytes.NewReader([]byte(msg))),
-				Header: map[string][]string{
-					"Content-Type": {joseTag},
+				Header: http.Header{
+					"Content-Type": []string{joseTag},
+					"Oci-Subject":  []string{validDigestWithAlgo},
 				},
-			}, nil
+			}
+			return resp, nil
 		}
 		return &http.Response{}, fmt.Errorf(errMsg)
 	}
@@ -307,16 +327,24 @@ func TestListSignatures(t *testing.T) {
 				reference:    validReference,
 				remoteClient: mockRemoteClient{},
 				plainHttp:    false,
+				artifactManifestDesc: ocispec.Descriptor{
+					MediaType: "application/vnd.oci.image.manifest.v1+json",
+					Digest:    validDigestWithAlgo,
+					Size:      481,
+				},
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			args := tt.args
-			ref, _ := registry.ParseReference(args.reference)
+			ref, err := registry.ParseReference(args.reference)
+			if err != nil {
+				t.Fatal(err)
+			}
 			client := newRepositoryClient(args.remoteClient, ref, args.plainHttp)
 
-			err := client.ListSignatures(args.ctx, args.artifactManifestDesc, func(signatureManifests []ocispec.Descriptor) error {
+			err = client.ListSignatures(args.ctx, args.artifactManifestDesc, func(signatureManifests []ocispec.Descriptor) error {
 				if len(signatureManifests) != 1 {
 					return fmt.Errorf("length of signatureManifests expected 1, got %d", len(signatureManifests))
 				}
@@ -367,6 +395,11 @@ func TestPushSignature(t *testing.T) {
 				signature:          signature,
 				ctx:                context.Background(),
 				remoteClient:       mockRemoteClient{},
+				subjectManifest: ocispec.Descriptor{
+					MediaType: "application/vnd.oci.image.manifest.v1+json",
+					Digest:    validDigestWithAlgo,
+					Size:      481,
+				},
 				annotations: map[string]string{
 					envelope.AnnotationX509ChainThumbprint: "[\"9f5f5aecee24b5cfdc7a91f6d5ac5c3a5348feb17c934d403f59ac251549ea0d\"]",
 				},