Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2025-12-20 21:46:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Sat Dec 20 21:46:52 2025 rev:30 rq:1323778 version:3.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2025-09-18 21:13:36.750851485 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.1928/cosign.changes 2025-12-20 21:49:34.150837322 +0100 @@ -1,0 +2,99 @@ +Wed Dec 10 14:35:48 UTC 2025 - [email protected] + +- Update to version 3.0.3: + * 4554: Closes 4554 - Add warning when --output* is used (#4556) + * chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 (#4545) + * chore(deps): bump github.com/buildkite/agent/v3 from 3.111.0 to 3.113.0 (#4542) + * chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#4543) + * chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4546) + * chore(deps): bump the actions group with 4 updates (#4544) + * chore(deps): bump the gomod group across 1 directory with 5 updates (#4567) + * chore(deps): bump golang from 1.25.4 to 1.25.5 in the all group (#4568) + * update builder to use go1.25.5 (#4566) + * Protobuf bundle support for subcommand `clean` (#4539) + * Add staging flag to initialize with staging TUF metadata + * update slack invite link (#4560) + * Updating sign-blob to also support signing with a certificate (#4547) + * Bump sigstore library dependencies (#4532) + * Protobuf bundle support for subcommands `save` and `load` (#4538) + * Fix cert attachment for new bundle with signing config + * Fix OCI verification with local cert - old bundle + * chore(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.1 (#4519) + * chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#4535) + * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4536) + * update go builder and cosign (#4529) + * chore(deps): bump the gomod group across 1 directory with 7 updates (#4528) + * chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4478) + * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4520) + * chore(deps): bump golang from 1.25.3 to 1.25.4 in the all group (#4515) + * chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#4518) + * chore(deps): bump cuelang.org/go from 0.14.2 to 0.15.0 (#4524) + * chore(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 (#4521) + * chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4502) + * chore(deps): bump the actions group across 1 directory with 2 updates (#4516) + * chore(deps): bump github.com/buildkite/agent/v3 from 3.110.0 to 3.111.0 (#4523) + * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4522) + * Deprecate tlog-upload flag (#4458) + * fix: Use signal context for `sign` cli package. + * update offline verification directions (#4526) + * Fix signing/verifying annotations for new bundle + * Add support to download and attach for protobuf bundles (#4477) + * Add --signing-algorithm flag (#3497) + * Refactor signcommon bundle helpers + * Add --bundle and fix --upload for new bundle + * Pass insecure registry flags through to referrers + * chore(deps): bump github.com/buildkite/agent/v3 from 3.108.0 to 3.109.1 (#4483) + * Add protobuf bundle support for tree subcommand (#4491) + * Remove stale embed import (#4492) + * Support multiple container identities + * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4484) + * chore(deps): bump chainguard-dev/actions in the actions group (#4480) + * chore(deps): bump github.com/sigstore/rekor-tiles/v2 (#4485) + * chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#4486) + * chore(deps): bump cuelang.org/go in the gomod group (#4479) + * upgrade OSS-Fuzz build tooling (#4487) + * Fix segfault when no attestations are found (#4472) + * Use overridden repository for new bundle format (#4473) + * update go to 1.25.3 (#4471) + * Remove --out flag from `cosign initialize` (#4462) + * chore(deps): bump the actions group with 2 updates (#4460) + * Deprecate offline flag (#4457) + * Deduplicate code in sign/attest* and verify* commands (#4449) + * Cache signing config when calling initialize (#4456) + * Update changelog for v3.0.2 (#4455) + * chore(deps): bump google.golang.org/api from 0.250.0 to 0.251.0 + * chore(deps): bump gitlab.com/gitlab-org/api/client-go + * chore(deps): bump the actions group with 3 updates + * chore(deps): bump github.com/buildkite/agent/v3 from 3.107.2 to 3.108.0 + * choose different signature filename for KMS-signed release signatures (#4448) + * chore(deps): bump github.com/go-jose/go-jose/v4 (#4451) + * Update rekor-tiles version path + * update CL for v3.0.1 release (#4447) + * update goreleaser config for v3.0.0 release (#4446) + * Create changelog for v3.0.0 (#4440) + * Fetch service URLs from the TUF PGI signing config by default (#4428) + * Create changelog for v2.6.1 (#4439) + * chore(deps): bump google.golang.org/api from 0.249.0 to 0.250.0 (#4432) + * chore(deps): bump the gomod group with 2 updates (#4429) + * chore(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 (#4433) + * chore(deps): bump the actions group with 3 updates (#4434) + * chore(deps): bump github.com/go-openapi/swag from 0.24.1 to 0.25.1 (#4435) + * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4436) + * chore(deps): bump github.com/go-openapi/runtime from 0.28.0 to 0.29.0 (#4437) + * Bump module version to v3 for Cosign v3.0 (#4427) + * Move sigstore-conformance back to tagged release (#4425) + * Bump sigstore-go to v1.1.3 (#4423) + * Partially populate the output of cosign verify when working with new bundles (#4416) + * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4419) + * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4418) + * chore(deps): bump github.com/buildkite/agent/v3 from 3.105.0 to 3.107.0 (#4420) + * chore(deps): bump chainguard-dev/actions in the actions group (#4421) + * bump go builder to use 1.25.1 and cosign (#4417) + * Bump sigstore-go for more precise user agents (#4413) + * chore(deps): bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#4408) + * chore(deps): bump the actions group with 2 updates (#4407) + * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4410) + * chore(deps): bump github.com/buildkite/agent/v3 from 3.104.0 to 3.105.0 (#4411) + * Default to using the new protobuf format (#4318) + +------------------------------------------------------------------- Old: ---- cosign-2.6.0.obscpio New: ---- cosign-3.0.3.obscpio cosign-3.0.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.c7yx3j/_old 2025-12-20 21:49:34.974871437 +0100 +++ /var/tmp/diff_new_pack.c7yx3j/_new 2025-12-20 21:49:34.974871437 +0100 @@ -1,7 +1,7 @@ # # spec file for package cosign # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: cosign -Version: 2.6.0 +Version: 3.0.3 Release: 0 Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 @@ -26,7 +26,7 @@ Source1: vendor.tar.zst BuildRequires: golang-packaging BuildRequires: zstd -BuildRequires: golang(API) = 1.24 +BuildRequires: golang(API) = 1.25 %description Cosign aims to make signatures invisible infrastructure. ++++++ _service ++++++ --- /var/tmp/diff_new_pack.c7yx3j/_old 2025-12-20 21:49:35.018873258 +0100 +++ /var/tmp/diff_new_pack.c7yx3j/_new 2025-12-20 21:49:35.022873423 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/sigstore/cosign</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.6.0</param> + <param name="revision">v3.0.3</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.c7yx3j/_old 2025-12-20 21:49:35.046874418 +0100 +++ /var/tmp/diff_new_pack.c7yx3j/_new 2025-12-20 21:49:35.050874583 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/sigstore/cosign</param> - <param name="changesrevision">37fbfc7018fb4d60a9a2c9175bd64c75dda5869a</param></service></servicedata> + <param name="changesrevision">3f32cea203c59a93323a6bebfebff03417520143</param></service></servicedata> (No newline at EOF) ++++++ cosign-2.6.0.obscpio -> cosign-3.0.3.obscpio ++++++ ++++ 16939 lines of diff (skipped) ++++++ cosign.obsinfo ++++++ --- /var/tmp/diff_new_pack.c7yx3j/_old 2025-12-20 21:49:35.730902736 +0100 +++ /var/tmp/diff_new_pack.c7yx3j/_new 2025-12-20 21:49:35.738903067 +0100 @@ -1,5 +1,5 @@ name: cosign -version: 2.6.0 -mtime: 1757706542 -commit: 37fbfc7018fb4d60a9a2c9175bd64c75dda5869a +version: 3.0.3 +mtime: 1765324943 +commit: 3f32cea203c59a93323a6bebfebff03417520143 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.zst /work/SRC/openSUSE:Factory/.cosign.new.1928/vendor.tar.zst differ: char 7, line 1
