go-digest 1.0.0

Welcome to the v1.0.0 release of go-digest!

This is the first official release of the go-digest package. This package
provides a simple toolkit for working with the digests used in the open
containers ecosystem.

This includes support for sha256, sha384, and sha512 algorithms, with
sha256 being the most common and preferred for greatest compatibility across
the ecosystem. Encoding ambiguity has been removed by only supporting lower
case hex-encoded characters in the format for this release.

The digestset package is provided to securely and unambiguously use
shortened forms of the digest in environments where there is a full set
of known digests.

Please try out the release binaries and report any issues at
https://github.com/opencontainers/go-digest/issues.

Contributors

• Stephen J Day
• Derek McGowan
• Vincent Batts
• W. Trevor King
• Chris Aniszczyk
• Aaron Lehmann
• Jonathan Boulle
• xiekeyang
• Akihiro Suda
• Josh Hawn
• Sebastiaan van Stijn
• Tonis Tiigi
• Akihiro Suda
• Andy Goldstein
• Brandon Philips
• David Lawrence
• Haibing Zhou
• Harald Nordgren
• Ian Campbell
• Olivier Gambier
• Vanessa Sochat
• bin liu

Changes

• ea51bea5 Merge pull request #56 from dmcgowan/release-1.0
• 43cccb7f Add release notes for v1.0.0
• 28d3ccc3 Merge pull request #55 from dmcgowan/add-digestset
• 641993bf Merge pull request #54 from vbatts/maintainers
• 17eb78b6 Add copyright to digestset files
• 132fb476 Enable static checks
• ecd7b3c7 digestset: refine some words on unit test
• 5dd3cbe3 digest: migrate to opencontainers/go-digest
• e0bfa0f7 digest: remove stuttering ParseDigest function
• 1cbb645d Typo fixes in comments
• 6ac142d3 Validate digest length on parsing
• 45599b9e Add remove and list functions to digest set
• 96bf78c3 Refactor specification of supported digests
• 77570c98 Add digest set implementation
• 45398c0a MAINTAINERS: add 2, remove 5
• 4b560741 Merge pull request #51 from dmcgowan/update-pull-approve
• c9095d47 Merge pull request #52 from vbatts/copyright
• dd78d752 Merge pull request #53 from philips/remove-philips
• f65ba7f7 MAINTAINERS: remove Brandon Philips @philips
• 264d27f5 *: add OCI copyright
• 9d15c982 README: spit paragraphs to new lines
• 998894bd Merge pull request #32 from jonboulle/master
• 76a4f527 Merge pull request #49 from thaJeztah/update_go_versions
• 51d31fa8 Update pull approve configuration
• f67466ba Merge pull request #50 from thaJeztah/update_aaron_email
• ac2cd61e Update Aaron's e-mail address
• 232efbd8 travis: update list of go versions
• e9a29da4 Merge pull request #48 from AkihiroSuda/gomod
• 2ccb1a5f Merge pull request #44 from opencontainers/jonboulle-patch-1
• ed218d06 add go.mod
• f35593ad MAINTAINERS: fix jonboulle's email
• ac19fd6e Merge pull request #42 from vsoch/fix/CoC-link
• be46cde9 updating CoC link and security link
• 4eb64ca7 Merge pull request #40 from HaraldNordgren/go_versions
• 21d40dcb Bump Go versions and use '.x' to always get latest patch versions
• c9281466 Merge pull request #38 from ijc/rename-license-code
• b22736af Rename LICENSE.code → LICENSE
• 279bed98 Merge pull request #34 from AkihiroSuda/regexp
• 4ca13015 disallow upper characters (/A-F/) in hex-encoded portion
• eaa60544 Merge pull request #33 from stevvooe/future-proof-algorithm-field
• 678a95ef digest: allow validation of urlsafe base64 encoding
• 55f67581 digest: update package methods to reflect changes
• 5ab10f57 digest: allow separators in algorithm field
• d1caf203 doc: tweak wording around algorithms
• b74b8405 *: clarify we only deal with hex-encoded digests
• aa2ec055 Merge pull request #27 from stevvooe/update-security-email
• ef842085 Merge pull request #28 from stevvooe/license-headers
• b6234c32 *: add LICENSE headers to Go files
• 0c911558 README: update security email
• 21dfd564 Merge pull request #22 from stevvooe/update-badges
• 7ecb13df Merge pull req...

v1.0.0-rc1

Welcome to another release of the go-digest package. This package
provides a simple toolkit for working with the digests of container
images.

In this release, we've mostly narrowed the acceptable format for
sha256 digests, which are the most common in use. Specifically, upper
case hex-encoded characters are no longer allowed in that format,
removing the ambiguity in encoding.

Other concessions have been made to allow separators in the algorithm,
as well as allowing the character set of the urlsafe base64 encodings.
Most of this is more about allowing support for future formats, and are
not officially supported at this time.

Changes

279bed9 Merge pull request #34 from AkihiroSuda/regexp
4ca1301 disallow upper characters (/A-F/) in hex-encoded portion
eaa6054 Merge pull request #33 from stevvooe/future-proof-algorithm-field
678a95e digest: allow validation of urlsafe base64 encoding
55f6758 digest: update package methods to reflect changes
5ab10f5 digest: allow separators in algorithm field

v1.0.0-rc0

Open Containers Go Digest 1.0.0-rc0

This the first official release candidate of the go-digest package, the common digest package used across the container ecosystem.

What is a digest?

A digest is just a hash.

The most common use case for a digest is to create a content identifier for use in Content Addressable Storage systems:

id := digest.FromBytes([]byte("my content"))

In the example above, the id can be used to uniquely identify the byte slice "my content". This allows two disparate applications to agree on a verifiable identifier without having to trust one another.

An identifying digest can be verified, as follows:

if id != digest.FromBytes([]byte("my content")) {
  return errors.New("the content has changed!")
}

A Verifier type can be used to handle cases where an io.Reader makes more sense:

rd := getContent()
verifier := id.Verifier()
io.Copy(verifier, rd)

if !verifier.Verified() {
  return errors.New("the content has changed!")
}

Using Merkle DAGs, this can power a rich, safe, content distribution system.

Please see the README for more information.