Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2022-04-03 21:31:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1900 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Sun Apr 3 21:31:04 2022 rev:4 rq:966617 version:1.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-02-21 17:49:04.983638370 +0100 +++ /work/SRC/openSUSE:Factory/.cosign.new.1900/cosign.changes 2022-04-03 21:31:27.611510229 +0200 @@ -1,0 +2,71 @@ +Fri Apr 1 14:46:30 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- updated to 1.6.0 + - Fix double time import in e2e tests by @saschagrunert in #1388 + - Add --timeout support to sign command by @saschagrunert in #1379 + - Fix comparison in replace option for attestation by @bburky in #1366 + - Add Cosign logo to README by @nsmith5 in #1395 + - Minor refactor to verify SCT and Rekor entry with multiple keys by @haydentherapper in #1396 + - Fix a link of SECURITY.md by @knqyf263 in #1399 + - update cosign and cross-build image for the release job by @cpanato in #1400 + - feat: login command by @developer-guy in #1398 + - TUF: Add root status output by @asraa in #1404 + - Add a newline after password input by @knqyf263 in #1407 + - make imageRef lowercase before parsing by @bobcallaway in #1409 + - Improve error message when image is not found in registry by @imjasonh in #1410 + - Add ability to override the Spiffe socket via environmental variable: by @vaikas in #1421 + - Fix incorrect error check when verifying SCT by @haydentherapper in #1422 + - Skip the ReadWrite test that flakes on Windows. by @dlorenc in #1415 + - Allow PassFunc to be nil by @saschagrunert in #1426 + - Update the cosign keyless documentation to point to the GA release. by @dlorenc in #1427 + - Remove TUF timestamp from OCI signature bundle by @haydentherapper in #1428 + - Add docs on API stability and deprecation table by @priyawadhwa in #1429 + - update cross-build image which adds goimports by @cpanato in #1435 + - feat: enhance clean cmd capability by @developer-guy in #1430 + - use the upstream kubernetes version lib and ldflags by @n3wscott in #1413 + - Improve log lines to match with implementation by @marcofranssen in #1432 + - feat: fig autocomplete feature by @developer-guy in #1360 + - update cross-build to use go 1.17.7 by @cpanato in #1446 + - Fetch verification targets by TUF custom metadata by @haydentherapper in #1423 + - feat: add -buildid= to ldflags by @developer-guy in #1451 + - Streamline SignBlobCmd API with SignCmd by @saschagrunert in #1454 + - convert release cosigned to also generate yaml artifact. by @k4leung4 in #1453 + - Fix tkn link in readme by @Yongxuanzhang in #1459 + - Print message when verifying with old TUF targets by @haydentherapper in #1468 + - fix(sign): refactor unsupported provider log by @Dentrax in #1464 + - tests: /bin/bash -> /usr/bin/env bash by @znewman01 in #1470 + - Double goreleaser timeout by @znewman01 in #1472 + - increase timeout for goreleaser snapshot by @cpanato in #1473 + - fix(sign): kms unspported message by @Dentrax in #1475 + - refactor release cloudbuild job by @cpanato in #1476 + - Fix wording on attach attestation help by @luhring in #1480 + - update go-tuf and simplify TUF client code by @asraa in #1455 + - add initial changelog for 1.5.2 by @cpanato in #1483 + - Fix linter error on main by @priyawadhwa in #1484 + - Update Changelog for Security Advisory by @cpanato in #1485 + - chore(makefile): use kocache, convert publish to build by @developer-guy in #1488 + - Pick up a change to quiet ECR-login logging. by @mattmoor in #1491 + - feat: support other types in copy cmd by @developer-guy in #1493 + - Pick up some of the shared workflows by @mattmoor in #1490 + - feat: nominate Dentrax as codeowner by @developer-guy in #1492 + - add correct layer media type to cosign attach attestation by @spiffcs in #1503 + - This sets up the scaffolding for the cosigned CRD types. by @mattmoor in #1504 + - use v6 api calls in GH action for updating release milestones by @bobcallaway in #1511 + - Add skeleton reconciler for cosigned API CRD. by @mattmoor in #1513 + - bug fix: import ed25519 keys and fix error handling by @asraa in #1518 + - optimize codeql speed by using caching and tracing by @bobcallaway in #1519 + - Add a dummy.go file to allow vendoring config by @jdolitsky in #1520 + - Add CertExtensions func to extract all extensions by @ckotzbauer in #1515 + - chore(ci): add artifact hub support by @Dentrax in #1522 + - Change Fulcio URL default to be fulcio.sigstore.dev by @haydentherapper in #1529 + - Add codecov as github action, set permissions to read content only by @k4leung4 in #1530 + - images: remove --bare flags that conflict with --base-import-paths by @cpanato in #1533 + - Quay OCI Support in README by @sabre1041 in #1539 + - add rpm,deb and apks for cosign packages by @strongjz in #1537 + - Consistent parenthesis use in Makefile by @k4leung4 in #1541 + - add changelog for 1.6.0 by @cpanato in #1535 + - update golang cross image by @cpanato in #1543 + - Add fields in policy CRD by @kkavitha in #1540 + - Disable for now due some issues when downloading the knative module by @cpanato in #1546 + +------------------------------------------------------------------- Old: ---- cosign-1.5.2.tar.gz New: ---- cosign-1.6.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.09WHCf/_old 2022-04-03 21:31:28.547500040 +0200 +++ /var/tmp/diff_new_pack.09WHCf/_new 2022-04-03 21:31:28.555499953 +0200 @@ -17,9 +17,9 @@ Name: cosign -Version: 1.5.2 +Version: 1.6.0 Release: 0 -%define revision 8ffcd1228c463e1ad26ccce68ae16deeca2960b4 +%define revision 4b2c3c0c8ee97f31b9dac3859b40e0a48b8648ee Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 URL: https://github.com/sigstore/cosign ++++++ cosign-1.5.2.tar.gz -> cosign-1.6.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/cosign/cosign-1.5.2.tar.gz /work/SRC/openSUSE:Factory/.cosign.new.1900/cosign-1.6.0.tar.gz differ: char 12, line 1 ++++++ vendor.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.bz2 /work/SRC/openSUSE:Factory/.cosign.new.1900/vendor.tar.bz2 differ: char 11, line 1