From 30c0eb03f024705364864a345bca1a95bf54075c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 29 Jun 2021 08:31:55 +0000
Subject: [PATCH] Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2

Bumps [github.com/containers/ocicrypt](https://github.com/containers/ocicrypt) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/containers/ocicrypt/releases)
- [Commits](https://github.com/containers/ocicrypt/compare/v1.1.1...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/containers/ocicrypt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                        |  2 +-
 go.sum                                        |  3 ++-
 .../containers/ocicrypt/ADOPTERS.md           | 10 +++++++++
 .../github.com/containers/ocicrypt/README.md  |  6 ++++++
 .../ocicrypt/helpers/parse_helpers.go         | 21 +++++++++++--------
 vendor/modules.txt                            |  2 +-
 6 files changed, 32 insertions(+), 12 deletions(-)
 create mode 100644 vendor/github.com/containers/ocicrypt/ADOPTERS.md

diff --git a/go.mod b/go.mod
index 20f770665b..eacad31612 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.12
 require (
 	github.com/containers/common v0.40.1
 	github.com/containers/image/v5 v5.13.2
-	github.com/containers/ocicrypt v1.1.1
+	github.com/containers/ocicrypt v1.1.2
 	github.com/containers/storage v1.32.5
 	github.com/docker/docker v20.10.7+incompatible
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
diff --git a/go.sum b/go.sum
index c5a124f820..63005239f1 100644
--- a/go.sum
+++ b/go.sum
@@ -207,8 +207,9 @@ github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDpl
 github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY=
 github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc=
 github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4=
-github.com/containers/ocicrypt v1.1.1 h1:prL8l9w3ntVqXvNH1CiNn5ENjcCnr38JqpSyvKKB4GI=
 github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
+github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0=
+github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY=
 github.com/containers/storage v1.32.2/go.mod h1:YIBxxjfXZTi04Ah49sh1uSGfmT1V89+I5i3deRobzQo=
 github.com/containers/storage v1.32.5 h1:DXgmyA+oOs7YAzKkEqgC5O8l2UuDGJcwEFbdt49qiak=
 github.com/containers/storage v1.32.5/go.mod h1:8/DVVDqniaUlUV0D0q7cEnXK6Bs2uU3FPqNZVPumwEs=
diff --git a/vendor/github.com/containers/ocicrypt/ADOPTERS.md b/vendor/github.com/containers/ocicrypt/ADOPTERS.md
new file mode 100644
index 0000000000..fa4b03bb88
--- /dev/null
+++ b/vendor/github.com/containers/ocicrypt/ADOPTERS.md
@@ -0,0 +1,10 @@
+Below are list of adopters of the `ocicrypt` library or supports use of OCI encrypted images:
+- [skopeo](https://github.com/containers/skopeo)
+- [buildah](https://github.com/containers/buildah)
+- [containerd](https://github.com/containerd/imgcrypt)
+- [nerdctl](https://github.com/containerd/nerdctl)
+- [distribution](https://github.com/distribution/distribution)
+
+Below are the list of projects that are in the process of adopting support:
+- [quay](https://github.com/quay/quay)
+- [kata-containers](https://github.com/kata-containers/kata-containers)
diff --git a/vendor/github.com/containers/ocicrypt/README.md b/vendor/github.com/containers/ocicrypt/README.md
index 84cab7a408..b69d14e3b8 100644
--- a/vendor/github.com/containers/ocicrypt/README.md
+++ b/vendor/github.com/containers/ocicrypt/README.md
@@ -34,6 +34,12 @@ The implementation for both symmetric and asymmetric encryption used in this lib
 
 We note that adding interfaces here is risky outside the OCI spec is not recommended, unless for very specialized and confined usecases. Please open an issue or PR if there is a general usecase that could be added to the OCI spec.
 
+
+#### Keyprovider interface
+
+As part of the keywrap interface, there is a [keyprovider](https://github.com/containers/ocicrypt/blob/main/docs/keyprovider.md) implementation that allows one to call out to a binary or service.
+
+
 ## Security Issues
 
 We consider security issues related to this library critical. Please report and security related issues by emailing maintainers in the [MAINTAINERS](MAINTAINERS) file.
diff --git a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
index 198c554aac..717e7f2187 100644
--- a/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
+++ b/vendor/github.com/containers/ocicrypt/helpers/parse_helpers.go
@@ -89,7 +89,11 @@ func processRecipientKeys(recipients []string) ([][]byte, [][]byte, [][]byte, []
 func processx509Certs(keys []string) ([][]byte, error) {
 	var x509s [][]byte
 	for _, key := range keys {
-		tmp, err := ioutil.ReadFile(strings.Split(key, ":")[0])
+		fileName := strings.Split(key, ":")[0]
+		if _, err := os.Stat(fileName); os.IsNotExist(err) {
+			continue
+		}
+		tmp, err := ioutil.ReadFile(fileName)
 		if err != nil {
 			return nil, errors.Wrap(err, "Unable to read file")
 		}
@@ -157,7 +161,7 @@ func processPrivateKeyFiles(keyFilesAndPwds []string) ([][]byte, [][]byte, [][]b
 		var password []byte
 
 		// treat "provider" protocol separately
-		if strings.HasPrefix(keyfileAndPwd, "provider:"){
+		if strings.HasPrefix(keyfileAndPwd, "provider:") {
 			keyProviders = append(keyProviders, []byte(keyfileAndPwd[len("provider:"):]))
 			continue
 		}
@@ -207,14 +211,13 @@ func CreateDecryptCryptoConfig(keys []string, decRecipients []string) (encconfig
 		return encconfig.CryptoConfig{}, err
 	}
 
-	if len(x509s) > 0 {
-		// x509 certs can also be passed in via keys
-		x509FromKeys, err := processx509Certs(keys)
-		if err != nil {
-			return encconfig.CryptoConfig{}, err
-		}
-		x509s = append(x509s, x509FromKeys...)
+	// x509 certs can also be passed in via keys
+	x509FromKeys, err := processx509Certs(keys)
+	if err != nil {
+		return encconfig.CryptoConfig{}, err
 	}
+	x509s = append(x509s, x509FromKeys...)
+
 	gpgSecretKeyRingFiles, gpgSecretKeyPasswords, privKeys, privKeysPasswords, pkcs11Yamls, keyProviders, err := processPrivateKeyFiles(keys)
 	if err != nil {
 		return encconfig.CryptoConfig{}, err
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 45763737be..7d38b603f1 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -96,7 +96,7 @@ github.com/containers/image/v5/types
 github.com/containers/image/v5/version
 # github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b
 github.com/containers/libtrust
-# github.com/containers/ocicrypt v1.1.1
+# github.com/containers/ocicrypt v1.1.2
 github.com/containers/ocicrypt
 github.com/containers/ocicrypt/blockcipher
 github.com/containers/ocicrypt/config