Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apko for openSUSE:Factory checked in at 2026-02-04 21:06:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apko (Old) and /work/SRC/openSUSE:Factory/.apko.new.1670 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apko" Wed Feb 4 21:06:49 2026 rev:93 rq:1330854 version:1.1.4 Changes: -------- --- /work/SRC/openSUSE:Factory/apko/apko.changes 2026-02-03 21:33:57.230803207 +0100 +++ /work/SRC/openSUSE:Factory/.apko.new.1670/apko.changes 2026-02-04 21:06:57.594767458 +0100 @@ -1,0 +2,7 @@ +Wed Feb 04 06:03:07 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 1.1.4: + * fix(spdx): Only warn when the same LicenseIDs have different + text (#2053) + +------------------------------------------------------------------- Old: ---- apko-1.1.3.obscpio New: ---- apko-1.1.4.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apko.spec ++++++ --- /var/tmp/diff_new_pack.gKCctN/_old 2026-02-04 21:07:00.946907843 +0100 +++ /var/tmp/diff_new_pack.gKCctN/_new 2026-02-04 21:07:00.946907843 +0100 @@ -17,7 +17,7 @@ Name: apko -Version: 1.1.3 +Version: 1.1.4 Release: 0 Summary: Build OCI images from APK packages directly without Dockerfile License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.gKCctN/_old 2026-02-04 21:07:00.986909519 +0100 +++ /var/tmp/diff_new_pack.gKCctN/_new 2026-02-04 21:07:00.990909686 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/chainguard-dev/apko</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.1.3</param> + <param name="revision">v1.1.4</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.gKCctN/_old 2026-02-04 21:07:01.022911026 +0100 +++ /var/tmp/diff_new_pack.gKCctN/_new 2026-02-04 21:07:01.026911194 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/chainguard-dev/apko</param> - <param name="changesrevision">300620ee8c7cf2d51e152ac68c3e8bd60d3c323e</param></service></servicedata> + <param name="changesrevision">0387ed17e521d80481cedef413ca85333399475a</param></service></servicedata> (No newline at EOF) ++++++ apko-1.1.3.obscpio -> apko-1.1.4.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/apko-1.1.3/pkg/sbom/generator/spdx/spdx.go new/apko-1.1.4/pkg/sbom/generator/spdx/spdx.go --- old/apko-1.1.3/pkg/sbom/generator/spdx/spdx.go 2026-02-02 19:15:33.000000000 +0100 +++ new/apko-1.1.4/pkg/sbom/generator/spdx/spdx.go 2026-02-03 23:12:40.000000000 +0100 @@ -151,7 +151,7 @@ for _, pkg := range opts.Packages { // Check to see if the apk contains an sbom describing itself - if err := sx.ProcessInternalApkSBOM(opts, doc, pkg); err != nil { + if err := sx.ProcessInternalApkSBOM(ctx, opts, doc, pkg); err != nil { return fmt.Errorf("parsing internal apk SBOM: %w", err) } } @@ -201,7 +201,7 @@ return "", nil } -func (sx *SPDX) ProcessInternalApkSBOM(opts *options.Options, doc *Document, ipkg *apk.InstalledPackage) error { +func (sx *SPDX) ProcessInternalApkSBOM(ctx context.Context, opts *options.Options, doc *Document, ipkg *apk.InstalledPackage) error { // Check if apk installed an SBOM path, err := locateApkSBOM(opts.FS, ipkg) if err != nil { @@ -260,9 +260,7 @@ return fmt.Errorf("copying element: %w", err) } - if err := mergeLicensingInfos(apkSBOMDoc, doc); err != nil { - return fmt.Errorf("merging LicensingInfos: %w", err) - } + mergeLicensingInfos(ctx, apkSBOMDoc, doc) // Add CONTAINS relationships from the document root package to all top-level elements from the internal SBOM. // This ensures they are reachable from the document root for tools that traverse the SBOM graph. @@ -328,14 +326,14 @@ return nil } -func mergeLicensingInfos(sourceDoc, targetDoc *Document) error { +func mergeLicensingInfos(ctx context.Context, sourceDoc, targetDoc *Document) { var found bool for _, sourceinfo := range sourceDoc.LicensingInfos { found = false for _, targetinfo := range targetDoc.LicensingInfos { if targetinfo.LicenseID == sourceinfo.LicenseID { if targetinfo.ExtractedText != sourceinfo.ExtractedText { - return fmt.Errorf("source & target LicenseID %s differ in Text; perhaps multiple versions of the package have different contents of files provided in license-path", targetinfo.LicenseID) + clog.FromContext(ctx).Warnf("source & target LicenseID %s differ in Text; please either update the package's license-path or use the correct LicenseID", targetinfo.LicenseID) } found = true break @@ -345,7 +343,6 @@ targetDoc.LicensingInfos = append(targetDoc.LicensingInfos, sourceinfo) } } - return nil } // ParseInternalSBOM opens an SBOM inside apks and ++++++ apko.obsinfo ++++++ --- /var/tmp/diff_new_pack.gKCctN/_old 2026-02-04 21:07:01.738941014 +0100 +++ /var/tmp/diff_new_pack.gKCctN/_new 2026-02-04 21:07:01.746941348 +0100 @@ -1,5 +1,5 @@ name: apko -version: 1.1.3 -mtime: 1770056133 -commit: 300620ee8c7cf2d51e152ac68c3e8bd60d3c323e +version: 1.1.4 +mtime: 1770156760 +commit: 0387ed17e521d80481cedef413ca85333399475a ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/apko/vendor.tar.gz /work/SRC/openSUSE:Factory/.apko.new.1670/vendor.tar.gz differ: char 87, line 1
