Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package certinfo for openSUSE:Factory checked in at 2026-02-24 15:38:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/certinfo (Old) and /work/SRC/openSUSE:Factory/.certinfo.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "certinfo" Tue Feb 24 15:38:53 2026 rev:3 rq:1334578 version:1.0.40+git20260221.5574ad1 Changes: -------- --- /work/SRC/openSUSE:Factory/certinfo/certinfo.changes 2025-11-06 18:14:58.339900147 +0100 +++ /work/SRC/openSUSE:Factory/.certinfo.new.1977/certinfo.changes 2026-02-24 15:39:41.661140149 +0100 @@ -1,0 +2,9 @@ +Sat Feb 21 17:06:35 UTC 2026 - Scott Bradnick <[email protected]> + +- Update to version 1.0.40+git20260221.5574ad1: + * format imports and add unit tests for host arg + * Added functionality for protocal specification (#50) + * udpate go version + * add kubernetes example + +------------------------------------------------------------------- Old: ---- certinfo-1.0.39+git20251105.c09d0f8.tar.gz New: ---- certinfo-1.0.40+git20260221.5574ad1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ certinfo.spec ++++++ --- /var/tmp/diff_new_pack.pTPqCk/_old 2026-02-24 15:39:42.249164484 +0100 +++ /var/tmp/diff_new_pack.pTPqCk/_new 2026-02-24 15:39:42.253164649 +0100 @@ -1,7 +1,7 @@ # # spec file for package certinfo # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,7 @@ # Name: certinfo -Version: 1.0.39+git20251105.c09d0f8 +Version: 1.0.40+git20260221.5574ad1 Release: 0 Summary: Print x509 certificate info License: MIT @@ -24,9 +24,9 @@ Source0: %{name}-%{version}.tar.gz Source1: vendor.tar.gz Source100: README.md -### Temporary until go1.22 is default -BuildRequires: golang-packaging -#BuildRequires: go >= 1.24 +### Temporary until go1.26 is default +#BuildRequires: golang-packaging +BuildRequires: go >= 1.26 ##### BuildRequires: pkgconfig(x11) ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.pTPqCk/_old 2026-02-24 15:39:42.297166470 +0100 +++ /var/tmp/diff_new_pack.pTPqCk/_new 2026-02-24 15:39:42.301166636 +0100 @@ -1,5 +1,5 @@ -mtime: 1762356139 -commit: 8efc094b93168e0840028e3a9e3e5096da36e342e18e2a6de96af2303ae1f8f0 +mtime: 1771694414 +commit: b87bd4f6177220de0d649f59d1c207aa75c805985c8cc3fdcca693fff74a6f3c url: https://src.opensuse.org/sbradnick/certinfo revision: main ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.pTPqCk/_old 2026-02-24 15:39:42.337168126 +0100 +++ /var/tmp/diff_new_pack.pTPqCk/_new 2026-02-24 15:39:42.341168291 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/pete911/certinfo</param> - <param name="changesrevision">c09d0f8b9e347303785a6e9e72c62437c5898bae</param></service></servicedata> + <param name="changesrevision">5574ad11b2782421543936fda1a9f3c0d46882f7</param></service></servicedata> (No newline at EOF) ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-02-21 18:20:34.000000000 +0100 @@ -0,0 +1,4 @@ +_buildconfig-* +_buildinfo-* +*.obscpio +certinfo/ ++++++ certinfo-1.0.39+git20251105.c09d0f8.tar.gz -> certinfo-1.0.40+git20260221.5574ad1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/README.md new/certinfo-1.0.40+git20260221.5574ad1/README.md --- old/certinfo-1.0.39+git20251105.c09d0f8/README.md 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/README.md 2026-02-21 12:19:20.000000000 +0100 @@ -2,7 +2,7 @@ [](https://github.com/pete911/certinfo/actions/workflows/pipeline.yml) -> [!WARNING] +> [!WARNING] > If you installed previous versions (before `v1.0.34`) via brew, you need to > reinstall (brew remove certinfo && brew install certinfo) to get updates Similar to `openssl x509 -in <file> -text` command, but handles chains, multiple files and TCP addresses. TLS/SSL @@ -11,12 +11,16 @@ ## usage ```shell script -certinfo [flags] [<file>|<host:port> ...] +certinfo [flags] [<file>|<host:port>|<proto://host>|<proto://host:port> ...] ``` **file** argument can be: - **local file path** `certinfo <filename>` - **TCP network address** `certinfo <host:port>` e.g. `certinfo google.com:443` + * `certinfo <host:port>` e.g. `certinfo google.com:443` + * `certinfo <scheme://host>` e.g. `certinfo https://google.com` + * `certinfo <scheme://host:port>` e.g. `certinfo https://google.com:443` (even though scheme and port are allowed to + be supplied at the same time, port takes precedence and scheme is ignored if port is present) - **stdin** `echo "<cert-content>" | certinfo` ``` @@ -174,3 +178,8 @@ - linux `ls -d /etc/ssl/certs/* | grep '.pem' | xargs certinfo -expiry` - mac `cat /etc/ssl/cert.pem | certinfo -expiry` + +### kubernetes secret +If the certificate is inside kubernetes secret, it can be piped to certinfo: +- `kubectl get secret -n <namespace> <secret> -o jsonpath='{.data.<key>}' | base64 -d | certinfo` + - e.g. cloudwatch agent `ca.crt` - `kubectl get secret -n amazon-cloudwatch amazon-cloudwatch-observability-agent-server-cert -o jsonpath='{.data.ca\.crt}' | base64 -d | certinfo` diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/flag.go new/certinfo-1.0.40+git20260221.5574ad1/flag.go --- old/certinfo-1.0.39+git20251105.c09d0f8/flag.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/flag.go 2026-02-21 12:19:20.000000000 +0100 @@ -65,7 +65,7 @@ flagSet.BoolVar(&flags.More, "more", getBoolEnv("CERTINFO_MORE", false), "combination of '-pem -signature -chains'") flagSet.Usage = func() { - fmt.Fprint(flagSet.Output(), "Usage: certinfo [flags] [<file>|<host:port> ...]\n") + fmt.Fprint(flagSet.Output(), "Usage: certinfo [flags] [<file>|<host:port>|<proto://host>|<proto://host:port> ...]\n") flagSet.PrintDefaults() } flags.Usage = flagSet.Usage diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/go.mod new/certinfo-1.0.40+git20260221.5574ad1/go.mod --- old/certinfo-1.0.39+git20251105.c09d0f8/go.mod 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/go.mod 2026-02-21 12:19:20.000000000 +0100 @@ -1,6 +1,6 @@ module github.com/pete911/certinfo -go 1.25 +go 1.26 require github.com/stretchr/testify v1.11.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/main.go new/certinfo-1.0.40+git20260221.5574ad1/main.go --- old/certinfo-1.0.39+git20251105.c09d0f8/main.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/main.go 2026-02-21 12:19:20.000000000 +0100 @@ -2,16 +2,24 @@ import ( "fmt" - "github.com/pete911/certinfo/pkg/cert" - "github.com/pete911/certinfo/pkg/print" "log/slog" "os" "strconv" "strings" "sync" + + "github.com/pete911/certinfo/pkg/cert" + "github.com/pete911/certinfo/pkg/print" ) -var Version = "dev" +var ( + Version = "dev" + protoMap = map[string]string{ + "https": "443", + "http": "80", + "ssh": "22", + } +) func main() { @@ -93,6 +101,7 @@ go func() { defer wg.Done() if isTCPNetworkAddress(arg) { + arg = toTCPNetworkAddress(arg) out <- cert.LoadCertificatesFromNetwork(arg, serverName, insecure) return } @@ -112,13 +121,41 @@ // sort certificates by input arguments var certsSortedByArgs cert.CertificateLocations for _, arg := range args { + arg = toTCPNetworkAddress(arg) certsSortedByArgs = append(certsSortedByArgs, certsByArgs[arg]) } return certsSortedByArgs } +func toTCPNetworkAddress(arg string) string { + + if !isTCPNetworkAddress(arg) { + return arg + } + + for scheme, port := range protoMap { + prefix := scheme + "://" + if strings.HasPrefix(arg, prefix) { + arg = strings.Replace(arg, prefix, "", 1) + if !strings.Contains(arg, ":") { + arg += ":" + port + } + } + } + return arg +} + func isTCPNetworkAddress(arg string) bool { + // check if arg has allowed scheme prefix + for scheme := range protoMap { + prefix := scheme + "://" + if strings.HasPrefix(arg, prefix) { + return true + } + } + + // we expect only 2 parts (host and port) when split on ':', scheme would be captured already above parts := strings.Split(arg, ":") if len(parts) != 2 { return false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/main_test.go new/certinfo-1.0.40+git20260221.5574ad1/main_test.go --- old/certinfo-1.0.39+git20251105.c09d0f8/main_test.go 1970-01-01 01:00:00.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/main_test.go 2026-02-21 12:19:20.000000000 +0100 @@ -0,0 +1,71 @@ +package main + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_isTCPNetworkAddress(t *testing.T) { + t.Run("given valid/allowed host arg then true is returned", func(t *testing.T) { + tcs := []string{ + "https://test.com:443";, + "http://test.com:80";, + "ssh://test.com:22", + "test.com:443", + "test.com:80", + "test.com:22", + "https://test.com";, + "http://test.com";, + "ssh://test.com", + } + for _, tc := range tcs { + assert.True(t, isTCPNetworkAddress(tc), tc) + } + }) + + t.Run("given not valid host arg then false is returned", func(t *testing.T) { + tcs := []string{ + "ftp://test.com";, + "test.com", + "/tmp/certs.pem", + } + for _, tc := range tcs { + assert.False(t, isTCPNetworkAddress(tc), tc) + } + }) +} + +func Test_toTCPNetworkAddress(t *testing.T) { + t.Run("given valid/allowed host arg then scheme is stripped and port added", func(t *testing.T) { + tcs := map[string]string{ + "https://test.com:443": "test.com:443", + "http://test.com:80": "test.com:80", + "ssh://test.com:22": "test.com:22", + // override port map + "https://test.com:5443": "test.com:5443", + "http://test.com:8080": "test.com:8080", + "ssh://test.com:2222": "test.com:2222", + "test.com:443": "test.com:443", + "test.com:80": "test.com:80", + "test.com:22": "test.com:22", + "https://test.com": "test.com:443", + "http://test.com": "test.com:80", + "ssh://test.com": "test.com:22", + } + for in, expected := range tcs { + assert.Equal(t, expected, toTCPNetworkAddress(in)) + } + }) + + t.Run("given not valid host arg then the input is returned", func(t *testing.T) { + tcs := []string{ + "ftp://test.com";, + "test.com", + "/tmp/certs.pem", + } + for _, tc := range tcs { + assert.Equal(t, tc, toTCPNetworkAddress(tc)) + } + }) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/cert/cert_test.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/cert/cert_test.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/cert/cert_test.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/cert/cert_test.go 2026-02-21 12:19:20.000000000 +0100 @@ -2,10 +2,11 @@ import ( "crypto/x509" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "testing" "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestFromBytes(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/cert/util_test.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/cert/util_test.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/cert/util_test.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/cert/util_test.go 2026-02-21 12:19:20.000000000 +0100 @@ -2,10 +2,11 @@ import ( "bytes" - "github.com/stretchr/testify/require" "os" "path/filepath" "testing" + + "github.com/stretchr/testify/require" ) func loadTestCertificates(t *testing.T, files ...string) Certificates { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/expiry.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/expiry.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/expiry.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/expiry.go 2026-02-21 12:19:20.000000000 +0100 @@ -2,9 +2,10 @@ import ( "fmt" - "github.com/pete911/certinfo/pkg/cert" "strings" "time" + + "github.com/pete911/certinfo/pkg/cert" ) func Expiry(certificateLocations []cert.CertificateLocation) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/expiry_test.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/expiry_test.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/expiry_test.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/expiry_test.go 2026-02-21 12:19:20.000000000 +0100 @@ -1,10 +1,11 @@ package print import ( - "github.com/stretchr/testify/assert" "strings" "testing" "time" + + "github.com/stretchr/testify/assert" ) func Test_expiryFormat(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/location.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/location.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/location.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/location.go 2026-02-21 12:19:20.000000000 +0100 @@ -2,10 +2,11 @@ import ( "fmt" - "github.com/pete911/certinfo/pkg/cert" "log/slog" "strings" "time" + + "github.com/pete911/certinfo/pkg/cert" ) func Locations(certificateLocations []cert.CertificateLocation, printChains, printPem, printExtensions, printSignature bool) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/location_test.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/location_test.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/location_test.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/location_test.go 2026-02-21 12:19:20.000000000 +0100 @@ -1,9 +1,10 @@ package print import ( + "testing" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "testing" ) func Test_splitString(t *testing.T) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/pem.go new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/pem.go --- old/certinfo-1.0.39+git20251105.c09d0f8/pkg/print/pem.go 2025-11-05 12:50:23.000000000 +0100 +++ new/certinfo-1.0.40+git20260221.5574ad1/pkg/print/pem.go 2026-02-21 12:19:20.000000000 +0100 @@ -2,8 +2,9 @@ import ( "fmt" - "github.com/pete911/certinfo/pkg/cert" "log/slog" + + "github.com/pete911/certinfo/pkg/cert" ) func Pem(certificateLocations []cert.CertificateLocation, printChains bool) { ++++++ certinfo.obsinfo ++++++ --- /var/tmp/diff_new_pack.pTPqCk/_old 2026-02-24 15:39:42.709183521 +0100 +++ /var/tmp/diff_new_pack.pTPqCk/_new 2026-02-24 15:39:42.721184018 +0100 @@ -1,5 +1,5 @@ name: certinfo -version: 1.0.39+git20251105.c09d0f8 -mtime: 1762343423 -commit: c09d0f8b9e347303785a6e9e72c62437c5898bae +version: 1.0.40+git20260221.5574ad1 +mtime: 1771672760 +commit: 5574ad11b2782421543936fda1a9f3c0d46882f7 ++++++ vendor.tar.gz ++++++
