Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package melange for openSUSE:Factory checked
in at 2024-12-09 21:11:36
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
and /work/SRC/openSUSE:Factory/.melange.new.29675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "melange"
Mon Dec 9 21:11:36 2024 rev:51 rq:1229107 version:0.17.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/melange/melange.changes 2024-12-02
17:00:13.687960918 +0100
+++ /work/SRC/openSUSE:Factory/.melange.new.29675/melange.changes
2024-12-09 21:12:47.664035512 +0100
@@ -1,0 +2,17 @@
+Sun Dec 08 09:04:12 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.17.3:
+ * fix(sca): Revert recent SCA changes for Ruby
+
+-------------------------------------------------------------------
+Sun Dec 08 08:48:12 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.17.2:
+ * fix(qemu): fix MacOS crosscompile path (#1678)
+ * fix(sca): Don't generate ruby dep when found in shebang
+ * fix(sca_test): Check for ruby-base
+ * fix(sca): Generate dependency for ruby-*-base instead of ruby-*
+ * Improve comment stripping errors
+ * Add package.srcdir substitution to README
+
+-------------------------------------------------------------------
Old:
----
melange-0.17.1.obscpio
New:
----
melange-0.17.3.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.23fWku/_old 2024-12-09 21:12:48.620075512 +0100
+++ /var/tmp/diff_new_pack.23fWku/_new 2024-12-09 21:12:48.624075679 +0100
@@ -17,7 +17,7 @@
Name: melange
-Version: 0.17.1
+Version: 0.17.3
Release: 0
Summary: Build APKs from source code
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.23fWku/_old 2024-12-09 21:12:48.656077018 +0100
+++ /var/tmp/diff_new_pack.23fWku/_new 2024-12-09 21:12:48.660077186 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/melange</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.17.1</param>
+ <param name="revision">v0.17.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.23fWku/_old 2024-12-09 21:12:48.680078022 +0100
+++ /var/tmp/diff_new_pack.23fWku/_new 2024-12-09 21:12:48.684078190 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/melange</param>
- <param
name="changesrevision">6d88b8b81475c4c7b2bd7802bf90b8cf2dc3d887</param></service></servicedata>
+ <param
name="changesrevision">e788406063b83b86bef24ce16665e82495fc77ff</param></service></servicedata>
(No newline at EOF)
++++++ melange-0.17.1.obscpio -> melange-0.17.3.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/README.md new/melange-0.17.3/README.md
--- old/melange-0.17.1/README.md 2024-12-01 21:15:53.000000000 +0100
+++ new/melange-0.17.3/README.md 2024-12-07 05:31:23.000000000 +0100
@@ -149,6 +149,7 @@
| `${{package.epoch}}` | Package epoch
|
| `${{package.full-version}}` | `${{package.version}}-r${{package.epoch}}`
|
| `${{package.description}}` | Package description
|
+| `${{package.srcdir}}` | Package source directory (`--source-dir`)
|
| `${{targets.outdir}}` | Directory where targets will be stored
|
| `${{targets.contextdir}}` | Directory where targets will be stored for
main packages and subpackages |
| `${{targets.destdir}}` | Directory where targets will be stored for
main |
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/docs/md/melange_build.md
new/melange-0.17.3/docs/md/melange_build.md
--- old/melange-0.17.1/docs/md/melange_build.md 2024-12-01 21:15:53.000000000
+0100
+++ new/melange-0.17.3/docs/md/melange_build.md 2024-12-07 05:31:23.000000000
+0100
@@ -36,7 +36,7 @@
--cache-source string directory or
bucket used for preloading the cache
--cleanup when enabled,
the temp dir used for the guest will be cleaned up after completion (default
true)
--cpu string default CPU
resources to use for builds
- --cpumodel string default memory
resources to use for builds (default "host")
+ --cpumodel string default memory
resources to use for builds
--create-build-log creates a
package.log file containing a list of packages that were built by the command
--debug enables debug
logging of build pipelines
--debug-runner when enabled,
the builder pod will persist after the build succeeds or fails
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/docs/md/melange_compile.md
new/melange-0.17.3/docs/md/melange_compile.md
--- old/melange-0.17.1/docs/md/melange_compile.md 2024-12-01
21:15:53.000000000 +0100
+++ new/melange-0.17.3/docs/md/melange_compile.md 2024-12-07
05:31:23.000000000 +0100
@@ -43,10 +43,13 @@
--env-file string file to use for preloaded environment
variables
--fail-on-lint-warning turns linter warnings into failures
--generate-index whether to generate APKINDEX.tar.gz
(default true)
+ --git-commit string commit hash of the git repository
containing the build config file (defaults to detecting HEAD)
+ --git-repo-url string URL of the git repository containing the
build config file (defaults to detecting from configured git remotes)
--guest-dir string directory used for the build environment
guest
-h, --help help for compile
-i, --interactive when enabled, attaches stdin with a tty to
the pod on failure
-k, --keyring-append strings path to extra keys to include in the build
environment keyring
+ --license string license to use for the build config file
itself (default "NOASSERTION")
--log-policy strings logging policy to use (default
[builtin:stderr])
--memory string default memory resources to use for builds
--namespace string namespace to use in package URLs in SBOM
(eg wolfi, alpine) (default "unknown")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/build/build.go
new/melange-0.17.3/pkg/build/build.go
--- old/melange-0.17.1/pkg/build/build.go 2024-12-01 21:15:53.000000000
+0100
+++ new/melange-0.17.3/pkg/build/build.go 2024-12-07 05:31:23.000000000
+0100
@@ -207,9 +207,6 @@
if b.ConfigFileRepositoryCommit == "" {
return nil, fmt.Errorf("config file repository commit was not
set")
}
- if b.Runner == nil {
- return nil, fmt.Errorf("no runner was specified")
- }
parsedCfg, err := config.ParseConfiguration(ctx,
b.ConfigFile,
@@ -717,6 +714,10 @@
ctx, span := otel.Tracer("melange").Start(ctx, "BuildPackage")
defer span.End()
+ if b.Runner == nil {
+ return fmt.Errorf("no runner was specified")
+ }
+
b.summarize(ctx)
namespace := b.Namespace
@@ -779,7 +780,7 @@
log.Infof("evaluating pipelines for package requirements")
if err := b.Compile(ctx); err != nil {
- return fmt.Errorf("compiling build: %w", err)
+ return fmt.Errorf("compiling %s: %w", b.ConfigFile, err)
}
// Filter out any subpackages with false If conditions.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/build/compile.go
new/melange-0.17.3/pkg/build/compile.go
--- old/melange-0.17.1/pkg/build/compile.go 2024-12-01 21:15:53.000000000
+0100
+++ new/melange-0.17.3/pkg/build/compile.go 2024-12-07 05:31:23.000000000
+0100
@@ -50,7 +50,7 @@
// We want to evaluate this but not accumulate its deps.
if err := ignore.CompilePipelines(ctx, sm, cfg.Pipeline); err != nil {
- return fmt.Errorf("compiling main pipelines: %w", err)
+ return fmt.Errorf("compiling package %q pipelines: %w",
t.Package, err)
}
for i, sp := range cfg.Subpackages {
@@ -103,7 +103,7 @@
}
if err := test.CompilePipelines(ctx, sm, cfg.Test.Pipeline);
err != nil {
- return fmt.Errorf("compiling main test pipelines: %w",
err)
+ return fmt.Errorf("compiling %q test pipelines: %w",
t.Package, err)
}
// Append anything the main package test needs.
@@ -126,7 +126,7 @@
}
if err := c.CompilePipelines(ctx, sm, cfg.Pipeline); err != nil {
- return fmt.Errorf("compiling main pipelines: %w", err)
+ return fmt.Errorf("compiling %q pipelines: %w",
cfg.Package.Name, err)
}
for i, sp := range cfg.Subpackages {
@@ -135,7 +135,7 @@
if sp.If != "" {
sp.If, err =
util.MutateAndQuoteStringFromMap(sm.Substitutions, sp.If)
if err != nil {
- return fmt.Errorf("mutating subpackage if: %w",
err)
+ return fmt.Errorf("mutating subpackage %q, if:
%w", sp.Name, err)
}
}
@@ -172,7 +172,7 @@
}
if err := tc.CompilePipelines(ctx, sm, cfg.Test.Pipeline); err
!= nil {
- return fmt.Errorf("compiling main test pipelines: %w",
err)
+ return fmt.Errorf("compiling %q test pipelines: %w",
cfg.Package.Name, err)
}
te := &b.Configuration.Test.Environment.Contents
@@ -370,6 +370,27 @@
return nil
}
+func maybeIncludeSyntaxError(runs string, err error) error {
+ var perr syntax.ParseError
+ if !errors.As(err, &perr) {
+ return err
+ }
+
+ line := perr.Pos.Line()
+ lines := strings.Split(runs, "\n")
+ if line <= 0 || line > uint(len(lines)) {
+ return err
+ }
+
+ padding := len("> ") + int(perr.Pos.Col())
+
+ // For example...
+ // 14:13: not a valid test operator: -m
+ // > if [[ uname -m == 'x86_64']]; then
+ // ^
+ return fmt.Errorf("%w:\n> %s\n%*s", err, lines[line-1], padding, "^")
+}
+
func stripComments(runs string) (string, error) {
parser := syntax.NewParser(syntax.KeepComments(false))
printer := syntax.NewPrinter()
@@ -391,7 +412,7 @@
builder.WriteRune('\n')
return perr == nil
}); err != nil || perr != nil {
- return "", errors.Join(err, perr)
+ return "", maybeIncludeSyntaxError(runs, errors.Join(err, perr))
}
return builder.String(), nil
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/build/compile_test.go
new/melange-0.17.3/pkg/build/compile_test.go
--- old/melange-0.17.1/pkg/build/compile_test.go 2024-12-01
21:15:53.000000000 +0100
+++ new/melange-0.17.3/pkg/build/compile_test.go 2024-12-07
05:31:23.000000000 +0100
@@ -147,4 +147,15 @@
}
})
}
+
+ wantErr := `1:13: not a valid test operator: -m:
+> if [[ uname -m == 'x86_64']]; then
+ ^`
+
+ got, err := stripComments("if [[ uname -m == 'x86_64']]; then")
+ if err == nil {
+ t.Errorf("expected error, got %q", got)
+ } else if err.Error() != wantErr {
+ t.Errorf("want:\n%s\ngot:\n%s", wantErr, err)
+ }
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/build/test.go
new/melange-0.17.3/pkg/build/test.go
--- old/melange-0.17.1/pkg/build/test.go 2024-12-01 21:15:53.000000000
+0100
+++ new/melange-0.17.3/pkg/build/test.go 2024-12-07 05:31:23.000000000
+0100
@@ -343,7 +343,7 @@
log.Infof("evaluating pipelines for package requirements")
if err := t.Compile(ctx); err != nil {
- return fmt.Errorf("compiling test pipelines: %w", err)
+ return fmt.Errorf("compiling %s tests: %w", t.ConfigFile, err)
}
if t.Runner.Name() == container.QemuName {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/cli/build.go
new/melange-0.17.3/pkg/cli/build.go
--- old/melange-0.17.1/pkg/cli/build.go 2024-12-01 21:15:53.000000000 +0100
+++ new/melange-0.17.3/pkg/cli/build.go 2024-12-07 05:31:23.000000000 +0100
@@ -251,7 +251,7 @@
cmd.Flags().BoolVarP(&interactive, "interactive", "i", false, "when
enabled, attaches stdin with a tty to the pod on failure")
cmd.Flags().BoolVar(&remove, "rm", true, "clean up intermediate
artifacts (e.g. container images, temp dirs)")
cmd.Flags().StringVar(&cpu, "cpu", "", "default CPU resources to use
for builds")
- cmd.Flags().StringVar(&cpumodel, "cpumodel", "host", "default memory
resources to use for builds")
+ cmd.Flags().StringVar(&cpumodel, "cpumodel", "", "default memory
resources to use for builds")
cmd.Flags().StringVar(&disk, "disk", "", "disk size to use for builds")
cmd.Flags().StringVar(&memory, "memory", "", "default memory resources
to use for builds")
cmd.Flags().DurationVar(&timeout, "timeout", 0, "default timeout for
builds")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/cli/compile.go
new/melange-0.17.3/pkg/cli/compile.go
--- old/melange-0.17.1/pkg/cli/compile.go 2024-12-01 21:15:53.000000000
+0100
+++ new/melange-0.17.3/pkg/cli/compile.go 2024-12-07 05:31:23.000000000
+0100
@@ -25,6 +25,7 @@
apko_types "chainguard.dev/apko/pkg/build/types"
"chainguard.dev/melange/pkg/build"
+ "github.com/chainguard-dev/clog"
"github.com/spf13/cobra"
"go.opentelemetry.io/otel"
)
@@ -63,6 +64,9 @@
var cpu, memory string
var timeout time.Duration
var extraPackages []string
+ var configFileGitCommit string
+ var configFileGitRepoURL string
+ var configFileLicense string
cmd := &cobra.Command{
Use: "compile",
@@ -72,6 +76,31 @@
Args: cobra.MinimumNArgs(0),
RunE: func(cmd *cobra.Command, args []string) error {
ctx := cmd.Context()
+ log := clog.FromContext(ctx)
+
+ var buildConfigFilePath string
+ if len(args) > 0 {
+ buildConfigFilePath = args[0] // e.g.
"crane.yaml"
+ }
+
+ // Favor explicit, user-provided information for the
git provenance of the
+ // melange build definition. As a fallback, detect this
from local git state.
+ // Git auto-detection should be "best effort" and not
fail the build if it
+ // fails.
+ if configFileGitCommit == "" {
+ log.Infof("git commit for build config not
provided, attempting to detect automatically")
+ commit, err := detectGitHead(ctx,
buildConfigFilePath)
+ if err != nil {
+ log.Warnf("unable to detect commit for
build config file: %v", err)
+ configFileGitCommit = "unknown"
+ } else {
+ configFileGitCommit = commit
+ }
+ }
+ if configFileGitRepoURL == "" {
+ log.Warnf("git repository URL for build config
not provided")
+ configFileGitRepoURL =
"https://unknown/unknown/unknown";
+ }
arch := apko_types.ParseArchitecture(archstr)
options := []build.Option{
@@ -108,6 +137,9 @@
build.WithCPU(cpu),
build.WithMemory(memory),
build.WithTimeout(timeout),
+
build.WithConfigFileRepositoryCommit(configFileGitCommit),
+
build.WithConfigFileRepositoryURL(configFileGitRepoURL),
+ build.WithConfigFileLicense(configFileLicense),
}
if len(args) > 0 {
@@ -176,6 +208,10 @@
cmd.Flags().StringVar(&memory, "memory", "", "default memory resources
to use for builds")
cmd.Flags().DurationVar(&timeout, "timeout", 0, "default timeout for
builds")
+ cmd.Flags().StringVar(&configFileGitCommit, "git-commit", "", "commit
hash of the git repository containing the build config file (defaults to
detecting HEAD)")
+ cmd.Flags().StringVar(&configFileGitRepoURL, "git-repo-url", "", "URL
of the git repository containing the build config file (defaults to detecting
from configured git remotes)")
+ cmd.Flags().StringVar(&configFileLicense, "license", "NOASSERTION",
"license to use for the build config file itself")
+
return cmd
}
@@ -191,7 +227,7 @@
defer bc.Close(ctx)
if err := bc.Compile(ctx); err != nil {
- return fmt.Errorf("failed to compile package: %w", err)
+ return fmt.Errorf("failed to compile %s: %w", bc.ConfigFile,
err)
}
return json.NewEncoder(os.Stdout).Encode(bc.Configuration)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.17.1/pkg/container/qemu_runner.go
new/melange-0.17.3/pkg/container/qemu_runner.go
--- old/melange-0.17.1/pkg/container/qemu_runner.go 2024-12-01
21:15:53.000000000 +0100
+++ new/melange-0.17.3/pkg/container/qemu_runner.go 2024-12-07
05:31:23.000000000 +0100
@@ -358,14 +358,14 @@
}
// use kvm on linux, and Hypervisor.framework on macOS
- if runtime.GOOS == "linux" {
- if cfg.Arch.ToAPK() !=
apko_types.ParseArchitecture(runtime.GOARCH).ToAPK() {
- baseargs = append(baseargs, "-accel",
"tcg,thread=multi")
- } else if _, err := os.Stat("/dev/kvm"); err == nil {
+ if cfg.Arch.ToAPK() !=
apko_types.ParseArchitecture(runtime.GOARCH).ToAPK() {
+ baseargs = append(baseargs, "-accel", "tcg,thread=multi")
+ } else {
+ if runtime.GOOS == "linux" {
baseargs = append(baseargs, "-accel", "kvm")
+ } else if runtime.GOOS == "darwin" {
+ baseargs = append(baseargs, "-accel", "hvf")
}
- } else if runtime.GOOS == "darwin" {
- baseargs = append(baseargs, "-accel", "hvf")
}
if cfg.CPUModel != "" {
++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.23fWku/_old 2024-12-09 21:12:49.012091913 +0100
+++ /var/tmp/diff_new_pack.23fWku/_new 2024-12-09 21:12:49.012091913 +0100
@@ -1,5 +1,5 @@
name: melange
-version: 0.17.1
-mtime: 1733084153
-commit: 6d88b8b81475c4c7b2bd7802bf90b8cf2dc3d887
+version: 0.17.3
+mtime: 1733545883
+commit: e788406063b83b86bef24ce16665e82495fc77ff
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz
/work/SRC/openSUSE:Factory/.melange.new.29675/vendor.tar.gz differ: char 5,
line 1
