Pulp-container

Bugfixes

- Fixed an error that was raised when an OCI manifest did not contain `mediaType`.
[883](https://github.com/pulp/pulp_container/issues/883)
- Fixed an HTTP 404 response during sync from registry.redhat.io.
[974](https://github.com/pulp/pulp_container/issues/974)
- Introduced the `pulpcore-manager container-repair-media-type` command to fix incorrect media
types of manifests that could have been stored in the database as a result of a sync task.
[977](https://github.com/pulp/pulp_container/issues/977)

---

Bugfixes

- Fixed sync of signed content failing with the error [DeclarativeContent' object has no attribute 'd_content']{.title-ref}.
[654](https://github.com/pulp/pulp_container/issues/654)
- Fixed group related creation hooks that failed if no current user could be identified.
[673](https://github.com/pulp/pulp_container/issues/673)
- Fixed some tasks that were using /tmp/ instead of the worker working directory.
[696](https://github.com/pulp/pulp_container/issues/696)
- Fixed upload does not exist error during image push operation.
[861](https://github.com/pulp/pulp_container/issues/861)

---

Features

- Allow upload of non-distributable layers.
[462](https://github.com/pulp/pulp_container/issues/462)
- Added support for pushing manifest lists via the Registry API.
[469](https://github.com/pulp/pulp_container/issues/469)
- Added support for cross repository blob mount.
[494](https://github.com/pulp/pulp_container/issues/494)
- Added support for caching responses from the registry. The caching is not enabled by default.
Enable it by configuring the Redis connection and defining `CACHE_ENABLED = True` in the
settings file.
[496](https://github.com/pulp/pulp_container/issues/496)
- Added model, serializer, filter and viewset for image manifest signature.
Added ability to sync manifest signatures from a sigstore.
[498](https://github.com/pulp/pulp_container/issues/498)
- Added ability to sign container images from within The Pulp Registry.
manifest_signing_service is used to produce signed container content.
[500](https://github.com/pulp/pulp_container/issues/500)
- Added support for pushing image signatures to the Pulp Registry. The signatures can be pushed by
utilizing the extensions API.
[502](https://github.com/pulp/pulp_container/issues/502)
- Added an extensions API endpoint for downloading image signatures.
[504](https://github.com/pulp/pulp_container/issues/504)
- Enabled users to import/export image signatures.
[506](https://github.com/pulp/pulp_container/issues/506)
- Ported RBAC implementation to use pulpcore roles.
[508](https://github.com/pulp/pulp_container/issues/508)
- Added recursive removal of manifest signatures when a manifest is removed from a repository.
[511](https://github.com/pulp/pulp_container/issues/511)
- Added support for syncing signatures using docker API extension.
[528](https://github.com/pulp/pulp_container/issues/528)
- Added ability to remove signatures from a container(push) repo.
[548](https://github.com/pulp/pulp_container/issues/548)
- Don't reject manifest that has non-distributable layers during upload.
[598](https://github.com/pulp/pulp_container/issues/598)

Bugfixes

- Don't store blob's media_type on the model.
There is no way to say what mimetype it has when it comes into the registry.
[493](https://github.com/pulp/pulp_container/issues/493)
- Account for case when token's scope does not contain type/resource/action.
[509](https://github.com/pulp/pulp_container/issues/509)
- Fixed content retrieval from distribution when repo is removed.
[513](https://github.com/pulp/pulp_container/issues/513)
- Fixed file descriptor leak during image push.
[523](https://github.com/pulp/pulp_container/issues/523)
- Fixed "manifest_id" violates not-null constraint error during sync.
[537](https://github.com/pulp/pulp_container/issues/537)
- Fixed error during container image push.
[542](https://github.com/pulp/pulp_container/issues/542)
- Return a more concise message exception on 500 during image pull when content is missing on the FS.
[555](https://github.com/pulp/pulp_container/issues/555)
- Fixed a bug that disallowed users who were authenticated by a remote webserver to access the
Registry API endpoints when token authentication was disabled.
[558](https://github.com/pulp/pulp_container/issues/558)
- Successfully re-upload artifact in case it was previously removed.
[595](https://github.com/pulp/pulp_container/issues/595)
- Fixed check for the signature source location.
[617](https://github.com/pulp/pulp_container/issues/617)
- Accept token under access_token for compat reasons.
[619](https://github.com/pulp/pulp_container/issues/619)

Misc

- [561](https://github.com/pulp/pulp_container/issues/561)

---

Deprecations and Removals

- Removed the optional "kid" parameter stored inside the signatures' payload generated during
docker manifest v2 schema 1 conversion. This change also removes the `ecdsa` dependency,
which is vulnerable to Minevra timing attacks.
[1485](https://github.com/pulp/pulp_container/issues/1485)

---

Bugfixes

- Fixed a method for determining the media type of manifests when syncing content.
[1147](https://github.com/pulp/pulp_container/issues/1147)

---

Bugfixes

- Fixed container repo sync failure 'null value in column "image_manifest_id" violates not-null constraint'.
[1190](https://github.com/pulp/pulp_container/issues/1190)

---