July 12, 2022 15:42 · July 12, 2022 14:43 · July 12, 2022 14:41 · July 12, 2022 14:39 · June 24, 2022 20:58 · June 22, 2022 15:42
 apiVersion: policy.packaging.carvel.dev/v1alpha1
 kind: PackagePolicy
 metadata:
  name: carvel-policy
 spec:
  pattern: "*.carvel.dev"
  threshold: 1
  authorities:
    - key:
        data: |
 strict digraph {
  node [shape=box,style="rounded,filled"]
  start=0
  splines=ortho
  "bazil.org/fuse" [fontcolor="0.000 0.000 0.000",fillcolor="0.875 0.225 1.000"]
  "cloud.google.com/go/bigquery" [fontcolor="0.000 0.000 0.000",fillcolor="0.400 0.320 1.000"]
  "cloud.google.com/go/firestore" [fontcolor="0.000 0.000 0.000",fillcolor="0.459 0.308 1.000"]
  "cloud.google.com/go/pubsub" [fontcolor="0.000 0.000 0.000",fillcolor="0.745 0.251 1.000"]
  "cloud.google.com/go/storage" [fontcolor="0.000 0.000 0.000",fillcolor="0.165 0.367 1.000"]
  "cloud.google.com/go" [fontcolor="0.000 0.000 1.000",fillcolor="0.761 0.772 1.000"]
 // Copyright 2021 VMware, Inc.
 // SPDX-License-Identifier: Apache-2.0

 package kappcontroller

 import (
 	"fmt"
 	"strings"
 	"testing"
 === RUN   Test_PackageInstallAndRepo_CanAuthenticateToPrivateRepository_UsingPlaceholderSecret
 Running 'kubectl delete apps/placeholder-private-auth-pkgi -n foo'...
 Running 'kapp delete -a placeholder-private-auth-pkgi -n foo --yes'...
 Running 'kapp delete -a placeholder-private-auth-pkgr -n foo --yes'...
 Running 'kapp delete -a test-registry-ca-cert-config -n foo --yes'...
 Running 'kapp delete -a secret-export -n foo --yes'...
 Running 'kapp delete -a test-registry -n registry -n foo --yes'...
 ==> deploy controller config to skip registry TLS verify
 Running 'kapp deploy -f - -a test-registry-ca-cert-config -n foo --yes'...
 ==> deploy registry with self signed certs
 diff --git a/cmd/imgpkg/imgpkg.go b/cmd/imgpkg/imgpkg.go
 index 4d1ae1f..a025c5a 100644
 --- a/cmd/imgpkg/imgpkg.go
 +++ b/cmd/imgpkg/imgpkg.go
 @@ -8,6 +8,8 @@ import (
 	"log"
 	"math/rand"
 	"os"
 +	"runtime"
 +	"runtime/pprof"
 FROM scratch
 ADD bin/carvel-secretgen-controller /carvel-secretgen-controller
 ENTRYPOINT ["/carvel-secretgen-controller"]
 goroutine 43 [running]:
 golang.org/x/crypto/ssh.parsePubKey({0xc000244680?, 0xc000573b89?, 0xc?}, {0xc0006beb10?, 0x1eea468?})
        /home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/keys.go:65 +0x27
 golang.org/x/crypto/ssh.ParsePublicKey({0xc000573b85?, 0x7f96325b9b68?, 0xc000316900?})
        /home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/keys.go:278 +0xdf
 golang.org/x/crypto/ssh.(*handshakeTransport).client(0xc000142f20, {0x1ee79a0, 0xc00088a020}, 0x12?)
        /home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/handshake.go:689 +0xa5
 golang.org/x/crypto/ssh.(*handshakeTransport).enterKeyExchange(0xc000142f20, {0xc0009341e0, 0x1d1, 0x1d1})
        /home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/handshake.go:611 +0x3f4
 golang.org/x/crypto/ssh.(*handshakeTransport).kexLoop(0xc000142f20)
 diff --git a/ssh/keys.go b/ssh/keys.go
 index 1c7de1a..f9a4ae3 100644
 --- a/ssh/keys.go
 +++ b/ssh/keys.go
 @@ -63,7 +63,7 @@ const (
 // Use ParsePublicKey for keys with prepended algorithm.
 func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err error) {
 	switch algo {
 -	case KeyAlgoRSA:
 +	case KeyAlgoRSA, KeyAlgoRSASHA256, KeyAlgoRSASHA512:
	apiVersion: policy.packaging.carvel.dev/v1alpha1
	kind: PackagePolicy
	metadata:
	name: carvel-policy
	spec:
	pattern: "*.carvel.dev"
	threshold: 1
	authorities:
	- key:
	data: \|
	strict digraph {
	node [shape=box,style="rounded,filled"]
	start=0
	splines=ortho
	"bazil.org/fuse" [fontcolor="0.000 0.000 0.000",fillcolor="0.875 0.225 1.000"]
	"cloud.google.com/go/bigquery" [fontcolor="0.000 0.000 0.000",fillcolor="0.400 0.320 1.000"]
	"cloud.google.com/go/firestore" [fontcolor="0.000 0.000 0.000",fillcolor="0.459 0.308 1.000"]
	"cloud.google.com/go/pubsub" [fontcolor="0.000 0.000 0.000",fillcolor="0.745 0.251 1.000"]
	"cloud.google.com/go/storage" [fontcolor="0.000 0.000 0.000",fillcolor="0.165 0.367 1.000"]
	"cloud.google.com/go" [fontcolor="0.000 0.000 1.000",fillcolor="0.761 0.772 1.000"]
	// Copyright 2021 VMware, Inc.
	// SPDX-License-Identifier: Apache-2.0

	package kappcontroller

	import (
	"fmt"
	"strings"
	"testing"
	=== RUN Test_PackageInstallAndRepo_CanAuthenticateToPrivateRepository_UsingPlaceholderSecret
	Running 'kubectl delete apps/placeholder-private-auth-pkgi -n foo'...
	Running 'kapp delete -a placeholder-private-auth-pkgi -n foo --yes'...
	Running 'kapp delete -a placeholder-private-auth-pkgr -n foo --yes'...
	Running 'kapp delete -a test-registry-ca-cert-config -n foo --yes'...
	Running 'kapp delete -a secret-export -n foo --yes'...
	Running 'kapp delete -a test-registry -n registry -n foo --yes'...
	==> deploy controller config to skip registry TLS verify
	Running 'kapp deploy -f - -a test-registry-ca-cert-config -n foo --yes'...
	==> deploy registry with self signed certs
	diff --git a/cmd/imgpkg/imgpkg.go b/cmd/imgpkg/imgpkg.go
	index 4d1ae1f..a025c5a 100644
	--- a/cmd/imgpkg/imgpkg.go
	+++ b/cmd/imgpkg/imgpkg.go
	@@ -8,6 +8,8 @@ import (
	"log"
	"math/rand"
	"os"
	+ "runtime"
	+ "runtime/pprof"
	FROM scratch
	ADD bin/carvel-secretgen-controller /carvel-secretgen-controller
	ENTRYPOINT ["/carvel-secretgen-controller"]
	goroutine 43 [running]:
	golang.org/x/crypto/ssh.parsePubKey({0xc000244680?, 0xc000573b89?, 0xc?}, {0xc0006beb10?, 0x1eea468?})
	/home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/keys.go:65 +0x27
	golang.org/x/crypto/ssh.ParsePublicKey({0xc000573b85?, 0x7f96325b9b68?, 0xc000316900?})
	/home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/keys.go:278 +0xdf
	golang.org/x/crypto/ssh.(*handshakeTransport).client(0xc000142f20, {0x1ee79a0, 0xc00088a020}, 0x12?)
	/home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/handshake.go:689 +0xa5
	golang.org/x/crypto/ssh.(*handshakeTransport).enterKeyExchange(0xc000142f20, {0xc0009341e0, 0x1d1, 0x1d1})
	/home/cesium/workspace/cli/vendor/golang.org/x/crypto/ssh/handshake.go:611 +0x3f4
	golang.org/x/crypto/ssh.(*handshakeTransport).kexLoop(0xc000142f20)
	diff --git a/ssh/keys.go b/ssh/keys.go
	index 1c7de1a..f9a4ae3 100644
	--- a/ssh/keys.go
	+++ b/ssh/keys.go
	@@ -63,7 +63,7 @@ const (
	// Use ParsePublicKey for keys with prepended algorithm.
	func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err error) {
	switch algo {
	- case KeyAlgoRSA:
	+ case KeyAlgoRSA, KeyAlgoRSASHA256, KeyAlgoRSASHA512: