Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cosign for openSUSE:Factory checked
in at 2025-02-13 18:39:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cosign (Old)
and /work/SRC/openSUSE:Factory/.cosign.new.8181 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign"
Thu Feb 13 18:39:53 2025 rev:25 rq:1245604 version:2.4.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2024-10-02
21:36:31.422212536 +0200
+++ /work/SRC/openSUSE:Factory/.cosign.new.8181/cosign.changes 2025-02-13
18:40:20.503385413 +0100
@@ -1,0 +2,21 @@
+Wed Feb 05 09:23:59 UTC 2025 - meiss...@suse.com
+
+- Update to version 2.4.2:
+ - Updated open-policy-agent to 1.1.0 library (#4036)
+ - Note that only Rego v0 policies are supported at this time
+ - Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
+ - Add support for verifying root checksum in cosign initialize (#3953)
+ - Detect if user supplied a valid protobuf bundle (#3931)
+ - Add a log message if user doesn't provide --trusted-root (#3933)
+ - Support mTLS towards container registry (#3922)
+ - Add bundle create helper command (#3901)
+ - Add trusted-root create helper command (#3876)
+ Bug Fixes:
+ - fix: set tls config while retaining other fields from default http
transport (#4007)
+ - policy fuzzer: ignore known panics (#3993)
+ - Fix for multiple WithRemote options (#3982)
+ - Add nightly conformance test workflow (#3979)
+ - Fix copy --only for signatures + update/align docs (#3904)
+- use "osc service mr" to update
+
+-------------------------------------------------------------------
Old:
----
cosign-2.4.0.tar.gz
New:
----
_servicedata
cosign-2.4.2.obscpio
cosign.obsinfo
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cosign.spec ++++++
--- /var/tmp/diff_new_pack.nnU8C1/_old 2025-02-13 18:40:22.847482524 +0100
+++ /var/tmp/diff_new_pack.nnU8C1/_new 2025-02-13 18:40:22.863483186 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cosign
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,9 +16,8 @@
#
-%define revision b5e7dc123a272080f4af4554054797296271e902
Name: cosign
-Version: 2.4.0
+Version: 2.4.2
Release: 0
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
@@ -27,7 +26,7 @@
Source1: vendor.tar.zst
BuildRequires: golang-packaging
BuildRequires: zstd
-BuildRequires: golang(API) = 1.22
+BuildRequires: golang(API) = 1.23
%description
Cosign aims to make signatures invisible infrastructure.
@@ -74,11 +73,13 @@
%autosetup -p1 -a1
%build
+COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)"
+
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null ||
date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u
"${DATE_FMT}")
CLI_PKG=sigs.k8s.io/release-utils/version
-CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X
${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X
${CLI_PKG}.buildDate=${BUILD_DATE}"
+CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X
${CLI_PKG}.gitCommit=$COMMIT_HASH -X ${CLI_PKG}.gitTreeState=release -X
${CLI_PKG}.buildDate=${BUILD_DATE}"
CGO_ENABLED=1 go build -mod=vendor -buildmode=pie -trimpath -ldflags
"${CLI_LDFLAGS}" -o cosign ./cmd/cosign
++++++ _service ++++++
--- /var/tmp/diff_new_pack.nnU8C1/_old 2025-02-13 18:40:23.035490312 +0100
+++ /var/tmp/diff_new_pack.nnU8C1/_new 2025-02-13 18:40:23.051490975 +0100
@@ -1,6 +1,24 @@
<services>
- <service name="go_modules" mode="disabled">
- <param name="compression">zst</param>
- </service>
+ <service name="obs_scm" mode="manual">
+ <param name="url">https://github.com/sigstore/cosign</param>
+ <param name="scm">git</param>
+ <param name="exclude">.git</param>
+ <param name="revision">v2.4.2</param>
+ <param name="versionformat">@PARENT_TAG@</param>
+ <param name="changesgenerate">enable</param>
+ <param name="versionrewrite-pattern">v(.*)</param>
+ </service>
+ <service name="set_version" mode="manual">
+ </service>
+ <service name="go_modules" mode="manual">
+ <param name="compression">zst</param>
+ </service>
+ <!-- services below are running at buildtime -->
+ <service name="tar" mode="buildtime">
+ </service>
+ <service name="recompress" mode="buildtime">
+ <param name="file">*.tar</param>
+ <param name="compression">gz</param>
+ </service>
</services>
++++++ _servicedata ++++++
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/sigstore/cosign</param>
<param
name="changesrevision">b6df9c777c365ce063a7e65075f2b08a3c76de2f</param></service></servicedata>
(No newline at EOF)
++++++ cosign.obsinfo ++++++
name: cosign
version: 2.4.2
mtime: 1738698097
commit: b6df9c777c365ce063a7e65075f2b08a3c76de2f
++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/cosign/vendor.tar.zst
/work/SRC/openSUSE:Factory/.cosign.new.8181/vendor.tar.zst differ: char 7, line
1
