Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cosign for openSUSE:Factory checked 
in at 2025-02-13 18:39:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cosign (Old)
 and      /work/SRC/openSUSE:Factory/.cosign.new.8181 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "cosign"

Thu Feb 13 18:39:53 2025 rev:25 rq:1245604 version:2.4.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/cosign/cosign.changes    2024-10-02 
21:36:31.422212536 +0200
+++ /work/SRC/openSUSE:Factory/.cosign.new.8181/cosign.changes  2025-02-13 
18:40:20.503385413 +0100
@@ -1,0 +2,21 @@
+Wed Feb 05 09:23:59 UTC 2025 - meiss...@suse.com
+
+- Update to version 2.4.2:
+  - Updated open-policy-agent to 1.1.0 library (#4036)
+     -  Note that only Rego v0 policies are supported at this time
+  - Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
+  - Add support for verifying root checksum in cosign initialize (#3953)
+  - Detect if user supplied a valid protobuf bundle (#3931)
+  - Add a log message if user doesn't provide --trusted-root (#3933)
+  - Support mTLS towards container registry (#3922)
+  - Add bundle create helper command (#3901)
+  - Add trusted-root create helper command (#3876)
+  Bug Fixes:
+  - fix: set tls config while retaining other fields from default http 
transport (#4007)
+  - policy fuzzer: ignore known panics (#3993)
+  - Fix for multiple WithRemote options (#3982)
+  - Add nightly conformance test workflow (#3979)
+  - Fix copy --only for signatures + update/align docs (#3904)
+- use "osc service mr" to update
+
+-------------------------------------------------------------------

Old:
----
  cosign-2.4.0.tar.gz

New:
----
  _servicedata
  cosign-2.4.2.obscpio
  cosign.obsinfo

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ cosign.spec ++++++
--- /var/tmp/diff_new_pack.nnU8C1/_old  2025-02-13 18:40:22.847482524 +0100
+++ /var/tmp/diff_new_pack.nnU8C1/_new  2025-02-13 18:40:22.863483186 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package cosign
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,9 +16,8 @@
 #
 
 
-%define revision b5e7dc123a272080f4af4554054797296271e902
 Name:           cosign
-Version:        2.4.0
+Version:        2.4.2
 Release:        0
 Summary:        Container Signing, Verification and Storage in an OCI registry
 License:        Apache-2.0
@@ -27,7 +26,7 @@
 Source1:        vendor.tar.zst
 BuildRequires:  golang-packaging
 BuildRequires:  zstd
-BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang(API) = 1.23
 
 %description
 Cosign aims to make signatures invisible infrastructure.
@@ -74,11 +73,13 @@
 %autosetup -p1 -a1
 
 %build
+COMMIT_HASH="$(sed -n 's/commit: \(.*\)/\1/p' %_sourcedir/%{name}.obsinfo)"
+
 DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
 BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || 
date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u 
"${DATE_FMT}")
 
 CLI_PKG=sigs.k8s.io/release-utils/version
-CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X 
${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X 
${CLI_PKG}.buildDate=${BUILD_DATE}"
+CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X 
${CLI_PKG}.gitCommit=$COMMIT_HASH -X ${CLI_PKG}.gitTreeState=release -X 
${CLI_PKG}.buildDate=${BUILD_DATE}"
 
 CGO_ENABLED=1 go build -mod=vendor -buildmode=pie -trimpath -ldflags 
"${CLI_LDFLAGS}" -o cosign ./cmd/cosign
 

++++++ _service ++++++
--- /var/tmp/diff_new_pack.nnU8C1/_old  2025-02-13 18:40:23.035490312 +0100
+++ /var/tmp/diff_new_pack.nnU8C1/_new  2025-02-13 18:40:23.051490975 +0100
@@ -1,6 +1,24 @@
 <services>
-   <service name="go_modules" mode="disabled">
-     <param name="compression">zst</param>
-   </service>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/sigstore/cosign</param>
+    <param name="scm">git</param>
+    <param name="exclude">.git</param>
+    <param name="revision">v2.4.2</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+  </service>
+  <service name="set_version" mode="manual">
+  </service>
+  <service name="go_modules" mode="manual">
+    <param name="compression">zst</param>
+  </service>
+  <!-- services below are running at buildtime -->
+  <service name="tar" mode="buildtime">
+  </service>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
 </services>
 

++++++ _servicedata ++++++
<servicedata>
<service name="tar_scm">
                <param name="url">https://github.com/sigstore/cosign</param>
              <param 
name="changesrevision">b6df9c777c365ce063a7e65075f2b08a3c76de2f</param></service></servicedata>
(No newline at EOF)

++++++ cosign.obsinfo ++++++
name: cosign
version: 2.4.2
mtime: 1738698097
commit: b6df9c777c365ce063a7e65075f2b08a3c76de2f

++++++ vendor.tar.zst ++++++
/work/SRC/openSUSE:Factory/cosign/vendor.tar.zst 
/work/SRC/openSUSE:Factory/.cosign.new.8181/vendor.tar.zst differ: char 7, line 
1

Reply via email to