Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2025-02-13 18:39:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.8181 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Thu Feb 13 18:39:53 2025 rev:25 rq:1245604 version:2.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2024-10-02 21:36:31.422212536 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.8181/cosign.changes 2025-02-13 18:40:20.503385413 +0100 @@ -1,0 +2,21 @@ +Wed Feb 05 09:23:59 UTC 2025 - meiss...@suse.com + +- Update to version 2.4.2: + - Updated open-policy-agent to 1.1.0 library (#4036) + - Note that only Rego v0 policies are supported at this time + - Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006) + - Add support for verifying root checksum in cosign initialize (#3953) + - Detect if user supplied a valid protobuf bundle (#3931) + - Add a log message if user doesn't provide --trusted-root (#3933) + - Support mTLS towards container registry (#3922) + - Add bundle create helper command (#3901) + - Add trusted-root create helper command (#3876) + Bug Fixes: + - fix: set tls config while retaining other fields from default http transport (#4007) + - policy fuzzer: ignore known panics (#3993) + - Fix for multiple WithRemote options (#3982) + - Add nightly conformance test workflow (#3979) + - Fix copy --only for signatures + update/align docs (#3904) +- use "osc service mr" to update + +------------------------------------------------------------------- Old: ---- cosign-2.4.0.tar.gz New: ---- _servicedata cosign-2.4.2.obscpio cosign.obsinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.nnU8C1/_old 2025-02-13 18:40:22.847482524 +0100 +++ /var/tmp/diff_new_pack.nnU8C1/_new 2025-02-13 18:40:22.863483186 +0100 @@ -1,7 +1,7 @@ # # spec file for package cosign # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,9 +16,8 @@ # -%define revision b5e7dc123a272080f4af4554054797296271e902 Name: cosign -Version: 2.4.0 +Version: 2.4.2 Release: 0 Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 @@ -27,7 +26,7 @@ Source1: vendor.tar.zst BuildRequires: golang-packaging BuildRequires: zstd -BuildRequires: golang(API) = 1.22 +BuildRequires: golang(API) = 1.23 %description Cosign aims to make signatures invisible infrastructure. @@ -74,11 +73,13 @@ %autosetup -p1 -a1 %build +COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)" + DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ" BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}") CLI_PKG=sigs.k8s.io/release-utils/version -CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}" +CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=$COMMIT_HASH -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}" CGO_ENABLED=1 go build -mod=vendor -buildmode=pie -trimpath -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign ++++++ _service ++++++ --- /var/tmp/diff_new_pack.nnU8C1/_old 2025-02-13 18:40:23.035490312 +0100 +++ /var/tmp/diff_new_pack.nnU8C1/_new 2025-02-13 18:40:23.051490975 +0100 @@ -1,6 +1,24 @@ <services> - <service name="go_modules" mode="disabled"> - <param name="compression">zst</param> - </service> + <service name="obs_scm" mode="manual"> + <param name="url">https://github.com/sigstore/cosign</param> + <param name="scm">git</param> + <param name="exclude">.git</param> + <param name="revision">v2.4.2</param> + <param name="versionformat">@PARENT_TAG@</param> + <param name="changesgenerate">enable</param> + <param name="versionrewrite-pattern">v(.*)</param> + </service> + <service name="set_version" mode="manual"> + </service> + <service name="go_modules" mode="manual"> + <param name="compression">zst</param> + </service> + <!-- services below are running at buildtime --> + <service name="tar" mode="buildtime"> + </service> + <service name="recompress" mode="buildtime"> + <param name="file">*.tar</param> + <param name="compression">gz</param> + </service> </services> ++++++ _servicedata ++++++ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/sigstore/cosign</param> <param name="changesrevision">b6df9c777c365ce063a7e65075f2b08a3c76de2f</param></service></servicedata> (No newline at EOF) ++++++ cosign.obsinfo ++++++ name: cosign version: 2.4.2 mtime: 1738698097 commit: b6df9c777c365ce063a7e65075f2b08a3c76de2f ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.zst /work/SRC/openSUSE:Factory/.cosign.new.8181/vendor.tar.zst differ: char 7, line 1