Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2022-07-28 20:59:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Thu Jul 28 20:59:10 2022 rev:8 rq:991560 version:1.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-06-19 21:11:13.502158345 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.1533/cosign.changes 2022-07-28 20:59:38.631747437 +0200 @@ -1,0 +2,42 @@ +Wed Jul 27 13:41:54 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- updated to 1.10.0 + - replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961 + - Separate RegExp matching of issuer/subject from strict by @vaikas in #1956 + - tuf: improve TUF client concurrency and caching by @asraa in #1953 + - Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966 + - feat(fulcioroots): singleton error pattern by @developer-guy in #1965 + - Drop tuf client dependency on GCS client library by @imjasonh in #1967 + - Add spdxjson predicate type for attestations by @jdolitsky in #1974 + - Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976 + - cleanup: unexport kubernetes.Client method by @imjasonh in #1973 + - cleanup ci job and remove policy-controller references by @cpanato in #1981 + - fix/update post build job by @cpanato in #1983 + - docs: updated Azure kms commands. by @JBrejnholt in #1972 + - Add cyclonedx predicate type for attestations by @jdolitsky in #1977 + - Route deprecated -version to version subcommand by @puerco in #1854 + - docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986 + - Add --platform flag to cosign sbom download by @puerco in #1975 + - Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866 + - Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998 + - encrypt values to create the github action secret by @cpanato in #1990 + - sign-blob: bundle should work independently and respect --output-certificate and --output-signature by @Dentrax in #2016 + - Attempt to clean up pkg/cosign by @imjasonh in #2018 + - public-key: fix command description by @Dentrax in #2024 + - [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030 + - feat: cert-extensions verify by @developer-guy in #1626 + - Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014 + - Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039 + - chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040 + - Fix OIDC test by @cpanato in #2050 + - Add env subcommand. by @wlynch in #2051 + - remove tests with 1.21 k8s cluster because it is deprecated and add v1.23/24 by @cpanato in #2055 + - update ct/otel and etcd by @cpanato in #2054 + - chore(deps): CycloneDX PredicateType changed to use in-toto-golang by @masahiro331 in #2067 + - Remove replace directives in go.mod. by @wlynch in #2070 + - update design doc link by @bobcallaway in #2077 + - Remove hack/tools.go by @imjasonh in #2080 + - fix missing quote by @cpanato in #2090 +- removed cosigned and webhook + +------------------------------------------------------------------- Old: ---- cosign-1.9.0.tar.gz New: ---- cosign-1.10.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.s5pnIU/_old 2022-07-28 20:59:40.867759030 +0200 +++ /var/tmp/diff_new_pack.s5pnIU/_new 2022-07-28 20:59:40.871759050 +0200 @@ -17,9 +17,9 @@ Name: cosign -Version: 1.9.0 +Version: 1.10.0 Release: 0 -%define revision a4cb262dc3d45a283a6a7513bb767a38a2d3f448 +%define revision 3a6088d03d7c053f9b3bd61ed07fba92133579cf Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 URL: https://github.com/sigstore/cosign @@ -52,7 +52,6 @@ CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}" go build -mod=vendor -buildmode=pie -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign -go build -mod=vendor -buildmode=pie -ldflags "${CLI_LDFLAGS}" -o cosigned ./cmd/cosign/webhook go build -mod=vendor -buildmode=pie -ldflags "${CLI_LDFLAGS}" -o sget ./cmd/sget ./cosign version ./sget version @@ -61,13 +60,11 @@ %install install -D -m 0755 cosign %{buildroot}%{_bindir}/cosign install -D -m 0755 sget %{buildroot}%{_bindir}/sget -install -D -m 0755 cosigned %{buildroot}%{_bindir}/cosigned %files %license LICENSE %doc *.md %{_bindir}/cosign -%{_bindir}/cosigned %{_bindir}/sget %changelog ++++++ cosign-1.9.0.tar.gz -> cosign-1.10.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/cosign/cosign-1.9.0.tar.gz /work/SRC/openSUSE:Factory/.cosign.new.1533/cosign-1.10.0.tar.gz differ: char 13, line 1 ++++++ vendor.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.bz2 /work/SRC/openSUSE:Factory/.cosign.new.1533/vendor.tar.bz2 differ: char 1, line 1