Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cmctl for openSUSE:Factory checked in at 2023-01-11 14:35:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cmctl (Old) and /work/SRC/openSUSE:Factory/.cmctl.new.32243 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cmctl" Wed Jan 11 14:35:49 2023 rev:9 rq:1057720 version:1.10.2 Changes: -------- --- /work/SRC/openSUSE:Factory/cmctl/cmctl.changes 2022-11-22 16:10:08.518017513 +0100 +++ /work/SRC/openSUSE:Factory/.cmctl.new.32243/cmctl.changes 2023-01-11 14:37:16.637984824 +0100 @@ -1,0 +2,22 @@ +Wed Jan 11 05:51:08 UTC 2023 - [email protected] + +- Update to version 1.10.2: + * Bump containerd to fix reported vuln + * bump base images to latest + * Code review feedback- better comment + * Fix integration tests + * Ensures that only one secrets cache is created for cert-manager controller + * avoid logging confusing error messages for external issuers + * use template when generating tempdir in verify-crds + * bump base images to latest versions + * bump helm version to fix CVE-2022-23525 + * bump version of contour helm chart to 10.0.1 + * enable testing with k8s 1.26 by adding new kind image + * bump base images to latest versions + * bump dep versions to fix trivy-reported vulns + * remove verify-licenses from ci-presubmit + * bump go to 1.19.4 + * Use distinct manifest dirs for signed / unsigned manifests + * fix x/text vuln and ignore AWS vuln + +------------------------------------------------------------------- Old: ---- cert-manager-1.10.1.tar.gz New: ---- cert-manager-1.10.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cmctl.spec ++++++ --- /var/tmp/diff_new_pack.jncwuC/_old 2023-01-11 14:37:17.493989663 +0100 +++ /var/tmp/diff_new_pack.jncwuC/_new 2023-01-11 14:37:17.497989685 +0100 @@ -1,7 +1,7 @@ # # spec file for package cmctl # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define archive_name cert-manager Name: cmctl -Version: 1.10.1 +Version: 1.10.2 Release: 0 Summary: CLI tool that can help you to manage cert-manager resources inside your cluster License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.jncwuC/_old 2023-01-11 14:37:17.541989934 +0100 +++ /var/tmp/diff_new_pack.jncwuC/_new 2023-01-11 14:37:17.545989956 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/cert-manager/cert-manager</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.10.1</param> + <param name="revision">v1.10.2</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> @@ -16,7 +16,7 @@ <param name="compression">gz</param> </service> <service name="go_modules" mode="disabled"> - <param name="archive">cert-manager-1.10.1.tar.gz</param> + <param name="archive">cert-manager-1.10.2.tar.gz</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.jncwuC/_old 2023-01-11 14:37:17.573990115 +0100 +++ /var/tmp/diff_new_pack.jncwuC/_new 2023-01-11 14:37:17.577990138 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cert-manager/cert-manager</param> - <param name="changesrevision">a96bae172ddb1fcd4b57f1859ab9d1a9e94f7451</param></service></servicedata> + <param name="changesrevision">707dcff96a26445c1f0897e9e623625695200eab</param></service></servicedata> (No newline at EOF) ++++++ cert-manager-1.10.1.tar.gz -> cert-manager-1.10.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/.trivyignore new/cert-manager-1.10.2/.trivyignore --- old/cert-manager-1.10.1/.trivyignore 1970-01-01 01:00:00.000000000 +0100 +++ new/cert-manager-1.10.2/.trivyignore 2023-01-10 11:19:21.000000000 +0100 @@ -0,0 +1,7 @@ +# These vulns relate to issues with v1 of the AWS Golang SDK +# These issues relate to S3 encryption issues which cert-manager is unlikely to hit +# Fixing them requires upgrading to v2 of the AWS Golang SDK which is a potentially large task +CVE-2020-8911 +CVE-2020-8912 +GHSA-7f33-f4f5-xwgw +GHSA-f5pg-7wfw-84q9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/LICENSES new/cert-manager-1.10.2/LICENSES --- old/cert-manager-1.10.1/LICENSES 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/LICENSES 2023-01-10 11:19:21.000000000 +0100 @@ -36,7 +36,7 @@ github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.1.2/LICENSE.txt,MIT github.com/chai2010/gettext-go,https://github.com/chai2010/gettext-go/blob/v1.0.2/LICENSE,BSD-3-Clause github.com/cloudflare/cloudflare-go,https://github.com/cloudflare/cloudflare-go/blob/v0.50.0/LICENSE,BSD-3-Clause -github.com/containerd/containerd,https://github.com/containerd/containerd/blob/v1.6.6/LICENSE,Apache-2.0 +github.com/containerd/containerd,https://github.com/containerd/containerd/blob/v1.6.15/LICENSE,Apache-2.0 github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.0/LICENSE,Apache-2.0 github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.3.2/LICENSE,Apache-2.0 github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT @@ -126,7 +126,7 @@ github.com/mattn/go-colorable,https://github.com/mattn/go-colorable/blob/v0.1.12/LICENSE,MIT github.com/mattn/go-isatty,https://github.com/mattn/go-isatty/blob/v0.0.14/LICENSE,MIT github.com/mattn/go-runewidth,https://github.com/mattn/go-runewidth/blob/v0.0.13/LICENSE,MIT -github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/c182affec369/LICENSE,Apache-2.0 +github.com/matttproud/golang_protobuf_extensions/pbutil,https://github.com/matttproud/golang_protobuf_extensions/blob/v1.0.4/LICENSE,Apache-2.0 github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.50/LICENSE,BSD-3-Clause github.com/mitchellh/copystructure,https://github.com/mitchellh/copystructure/blob/v1.2.0/LICENSE,MIT github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT @@ -195,12 +195,12 @@ go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.6.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.21.0/LICENSE.txt,MIT golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/4ba4fb4d:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/db77216a:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.4.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/f2134210:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/7f9b1623:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/3c1f3524:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/03fcf44c:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.3.7:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.3.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.3.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.5.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/579cf78f:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.2.0/v2/LICENSE,Apache-2.0 google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.97.0/LICENSE,BSD-3-Clause @@ -215,7 +215,7 @@ gopkg.in/square/go-jose.v2/json,https://github.com/square/go-jose/blob/v2.5.1/json/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -helm.sh/helm/v3,https://github.com/helm/helm/blob/v3.10.0/LICENSE,Apache-2.0 +helm.sh/helm/v3,https://github.com/helm/helm/blob/v3.10.3/LICENSE,Apache-2.0 k8s.io/api,https://github.com/kubernetes/api/blob/v0.25.2/LICENSE,Apache-2.0 k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.25.2/LICENSE,Apache-2.0 k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.25.2/LICENSE,Apache-2.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/devel/cluster/kind_cluster_node_versions.sh new/cert-manager-1.10.2/devel/cluster/kind_cluster_node_versions.sh --- old/cert-manager-1.10.1/devel/cluster/kind_cluster_node_versions.sh 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/devel/cluster/kind_cluster_node_versions.sh 2023-01-10 11:19:21.000000000 +0100 @@ -21,6 +21,9 @@ KIND_IMAGE_K8S_124=docker.io/kindest/node@sha256:97e8d00bc37a7598a0b32d1fabd155a96355c49fa0d4d4790aab0f161bf31be1 KIND_IMAGE_K8S_125=docker.io/kindest/node@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 + # docker.io/kindest/node:v1.20.15 KIND_IMAGE_SHA_K8S_120=sha256:d67de8f84143adebe80a07672f370365ec7d23f93dc86866f0e29fa29ce026fe @@ -39,6 +42,9 @@ # docker.io/kindest/node:v1.25.2 KIND_IMAGE_SHA_K8S_125=sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_SHA_K8S_126=sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 + # note that these 'full' digests should be avoided since not all tools support them # prefer KIND_IMAGE_K8S_*** instead KIND_IMAGE_FULL_K8S_120=docker.io/kindest/node:v1.20.15@sha256:d67de8f84143adebe80a07672f370365ec7d23f93dc86866f0e29fa29ce026fe @@ -48,3 +54,5 @@ KIND_IMAGE_FULL_K8S_124=docker.io/kindest/node:v1.24.6@sha256:97e8d00bc37a7598a0b32d1fabd155a96355c49fa0d4d4790aab0f161bf31be1 KIND_IMAGE_FULL_K8S_125=docker.io/kindest/node:v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_FULL_K8S_126=docker.io/kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/go.mod new/cert-manager-1.10.2/go.mod --- old/cert-manager-1.10.1/go.mod 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/go.mod 2023-01-10 11:19:21.000000000 +0100 @@ -38,7 +38,7 @@ golang.org/x/sync v0.0.0-20220923202941-7f9b1623fab7 gomodules.xyz/jsonpatch/v2 v2.2.0 google.golang.org/api v0.97.0 - helm.sh/helm/v3 v3.10.0 + helm.sh/helm/v3 v3.10.3 k8s.io/api v0.25.2 k8s.io/apiextensions-apiserver v0.25.2 k8s.io/apimachinery v0.25.2 @@ -86,7 +86,7 @@ github.com/cenkalti/backoff/v3 v3.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.6.6 // indirect + github.com/containerd/containerd v1.6.15 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd/v22 v22.3.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect @@ -168,7 +168,7 @@ github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.0.0 // indirect github.com/mitchellh/go-wordwrap v1.0.0 // indirect @@ -228,10 +228,10 @@ go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.21.0 // indirect golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect - golang.org/x/net v0.0.0-20220921155015-db77216a4ee9 // indirect - golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect - golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/net v0.4.0 // indirect + golang.org/x/sys v0.3.0 // indirect + golang.org/x/term v0.3.0 // indirect + golang.org/x/text v0.5.0 // indirect golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect golang.org/x/tools v0.1.12 // indirect google.golang.org/appengine v1.6.7 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/go.sum new/cert-manager-1.10.2/go.sum --- old/cert-manager-1.10.1/go.sum 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/go.sum 2023-01-10 11:19:21.000000000 +0100 @@ -109,8 +109,8 @@ github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc= github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= -github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY= -github.com/Microsoft/hcsshim v0.9.3 h1:k371PzBuRrz2b+ebGuI2nVgVhgsVX60jMfSw80NECxo= +github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= +github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= @@ -195,9 +195,9 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4= -github.com/containerd/containerd v1.6.6 h1:xJNPhbrmz8xAMDNoVjHy9YHtWwEQNS+CDkcIRh7t8Y0= -github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0= +github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= +github.com/containerd/containerd v1.6.15 h1:4wWexxzLNHNE46aIETc6ge4TofO550v+BlLoANrbses= +github.com/containerd/containerd v1.6.15/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -713,8 +713,8 @@ github.com/mattn/go-sqlite3 v1.14.6 h1:dNPt6NO46WmLVt2DLNpwczCmdV5boIZ6g/tlDrlRUbg= github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.50 h1:DQUfb9uc6smULcREF09Uc+/Gd46YWqJd5DbpPE9xkcA= github.com/miekg/dns v1.1.50/go.mod h1:e3IlAVfNqAllflbibAZEWOXOQ+Ynzk/dDozDxY7XnME= @@ -1160,8 +1160,8 @@ golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.0.0-20220921155015-db77216a4ee9 h1:SdDGdqRuKrF2R4XGcnPzcvZ63c/55GvhoHUus0o+BNI= -golang.org/x/net v0.0.0-20220921155015-db77216a4ee9/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.4.0 h1:Q5QPcMlvfxFTAPV0+07Xz/MpK9NTXu2VDUuy0FeMfaU= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1289,11 +1289,13 @@ golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 h1:WIoqL4EROvwiPdUtaip4VcDdpZ4kha7wBWZrbVKCIZg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.3.0 h1:qoo4akIqOcDME5bhc/NgxUdovd6BSS2uMsVjB56q1xI= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1303,8 +1305,9 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.5.0 h1:OLmvp0KP+FVG99Ct/qFiL/Fhk4zp4QQnZ7b2U+5piUM= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1618,8 +1621,8 @@ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= -helm.sh/helm/v3 v3.10.0 h1:y/MYONZ/bsld9kHwqgBX2uPggnUr5hahpjwt9/jrHlI= -helm.sh/helm/v3 v3.10.0/go.mod h1:paPw0hO5KVfrCMbi1M8+P8xdfBri3IiJiVKATZsFR94= +helm.sh/helm/v3 v3.10.3 h1:wL7IUZ7Zyukm5Kz0OUmIFZgKHuAgByCrUcJBtY0kDyw= +helm.sh/helm/v3 v3.10.3/go.mod h1:CXOcs02AYvrlPMWARNYNRgf2rNP7gLJQsi/Ubd4EDrI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/hack/check-crds.sh new/cert-manager-1.10.2/hack/check-crds.sh --- old/cert-manager-1.10.1/hack/check-crds.sh 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/hack/check-crds.sh 2023-01-10 11:19:21.000000000 +0100 @@ -41,7 +41,7 @@ echo "+++ verifying that generated CRDs are up-to-date..." >&2 -tmpdir="$(mktemp -d)" +tmpdir="$(mktemp -d tmp-CHECKCRD-XXXXXXXXX --tmpdir)" trap 'rm -r $tmpdir' EXIT make PATCH_CRD_OUTPUT_DIR=$tmpdir patch-crds diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/hack/latest-kind-images.sh new/cert-manager-1.10.2/hack/latest-kind-images.sh --- old/cert-manager-1.10.1/hack/latest-kind-images.sh 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/hack/latest-kind-images.sh 2023-01-10 11:19:21.000000000 +0100 @@ -55,7 +55,6 @@ LATEST_124_TAG=$(latest_kind_tag "1\\.24") LATEST_125_TAG=$(latest_kind_tag "1\\.25") - LATEST_120_DIGEST=$(crane digest $KIND_IMAGE_REPO:$LATEST_120_TAG) LATEST_121_DIGEST=$(crane digest $KIND_IMAGE_REPO:$LATEST_121_TAG) LATEST_122_DIGEST=$(crane digest $KIND_IMAGE_REPO:$LATEST_122_TAG) @@ -63,6 +62,9 @@ LATEST_124_DIGEST=$(crane digest $KIND_IMAGE_REPO:$LATEST_124_TAG) LATEST_125_DIGEST=$(crane digest $KIND_IMAGE_REPO:$LATEST_125_TAG) +# 1.26 is manually added for now, pending a wider rethink of how we can automate bumping of kind images +# given that kind release notes say there are specific digests which should be used with specific kind releases + cat << EOF | tee ./devel/cluster/kind_cluster_node_versions.sh > ./make/kind_images.sh # Copyright 2022 The cert-manager Authors. # @@ -87,6 +89,9 @@ KIND_IMAGE_K8S_124=$KIND_IMAGE_REPO@$LATEST_124_DIGEST KIND_IMAGE_K8S_125=$KIND_IMAGE_REPO@$LATEST_125_DIGEST +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 + # $KIND_IMAGE_REPO:$LATEST_120_TAG KIND_IMAGE_SHA_K8S_120=$LATEST_120_DIGEST @@ -105,6 +110,9 @@ # $KIND_IMAGE_REPO:$LATEST_125_TAG KIND_IMAGE_SHA_K8S_125=$LATEST_125_DIGEST +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_SHA_K8S_126=sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 + # note that these 'full' digests should be avoided since not all tools support them # prefer KIND_IMAGE_K8S_*** instead KIND_IMAGE_FULL_K8S_120=$KIND_IMAGE_REPO:$LATEST_120_TAG@$LATEST_120_DIGEST @@ -114,6 +122,8 @@ KIND_IMAGE_FULL_K8S_124=$KIND_IMAGE_REPO:$LATEST_124_TAG@$LATEST_124_DIGEST KIND_IMAGE_FULL_K8S_125=$KIND_IMAGE_REPO:$LATEST_125_TAG@$LATEST_125_DIGEST +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_FULL_K8S_126=docker.io/kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 EOF cat << EOF diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/base_images.mk new/cert-manager-1.10.2/make/base_images.mk --- old/cert-manager-1.10.1/make/base_images.mk 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/base_images.mk 2023-01-10 11:19:21.000000000 +0100 @@ -1,11 +1,11 @@ # autogenerated by hack/latest-base-images.sh -STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static@sha256:99252947b483b5c14d0004c633964d1a235776a3d70f5ca355e9ef8d24cb8275 -STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static@sha256:9363a36eb72591c3e501d4072406aab2eff3899fe4dfbd131b038e53ed56ba80 -STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static@sha256:78e1f66d521df86c93a344ba44dfe99c60671848a33944c955cf178cf6b912cc -STATIC_BASE_IMAGE_arm := gcr.io/distroless/static@sha256:98e098bfea31fa6090f8ee7bb558a573fc1ee2d8b74fa4856c43b97b21f8a75e -STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static@sha256:1105995233315eb338996ab515b697c6dec9a08a1f1080911e2f9a25520e58cd -DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base@sha256:826bce53be26d70d4c7a99d1bdadef47f73134ed47b90b8480a2f4a96b300461 -DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base@sha256:520b5d929d01aa5867b28de37b80b3b8c6479c11072d8398fd1cf6cf66343c17 -DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base@sha256:e7fda00b189020c7683e862c087a00832f7293f056e2d70da96cb17dadb233ea -DYNAMIC_BASE_IMAGE_arm := gcr.io/distroless/base@sha256:4f6eff9ee15b0f9a66d989386c53fc2b8edfae4ba46de841505d8f0222d09311 -DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base@sha256:9f77713a049486c301e75078c4d7c4c726daac6f28fab3dcea9b0ff2828c0401 +STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static@sha256:ea2ed73931ecd5d70f0bf3fdaa481c84f556cc205d6ceec78dff335fc4a313b2 +STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static@sha256:59a12639776ac4711629733e0b84fcf8c790cced9e43a607cfae71ddc52b03a1 +STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static@sha256:5dd8516dee7953ce750ad8266f8270fdf83a23db6637b988fb6e5c561596758d +STATIC_BASE_IMAGE_arm := gcr.io/distroless/static@sha256:eb2ff3d43dfd61f1f58c175191017439e6eb1e337d1d4a1e1b50b47ea76485e7 +STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static@sha256:02b030910780d033776981411311bc73accc2d364c36e0cba7f115b365c6b750 +DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base@sha256:0216d8712854b61db71b95f836caa48f5ace55fa66584f5a0b346765398b2520 +DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base@sha256:31ef0cacc560882180cfdfa23f734652bd1a94d63c65129a1ac37f710accc2c7 +DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base@sha256:1a7bbe8de1939308fc8a07dc3e713db9b083044888238f9424c3edb0944872a4 +DYNAMIC_BASE_IMAGE_arm := gcr.io/distroless/base@sha256:251a910de5d80be4c9ce52e9448ba3f9b799187395a4c72f0fc1bdb7a614a5a1 +DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base@sha256:b41cc0e19028f1ac460e8049d4b0214514f36ac5375a692df2d9173338084799 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/ci.mk new/cert-manager-1.10.2/make/ci.mk --- old/cert-manager-1.10.1/make/ci.mk 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/ci.mk 2023-01-10 11:19:21.000000000 +0100 @@ -3,7 +3,7 @@ ## request or change is merged. ## ## @category CI -ci-presubmit: verify-imports verify-errexit verify-boilerplate verify-codegen verify-crds verify-licenses +ci-presubmit: verify-imports verify-errexit verify-boilerplate verify-codegen verify-crds .PHONY: verify-imports verify-imports: | $(NEEDS_GOIMPORTS) @@ -25,6 +25,9 @@ $(__PYTHON) hack/verify_boilerplate.py .PHONY: verify-licenses +## Check that the LICENSES file is up to date; must pass before a change to go.mod can be merged +## +## @category CI verify-licenses: $(BINDIR)/scratch/LATEST-LICENSES @diff $(BINDIR)/scratch/LATEST-LICENSES LICENSES >/dev/null || (echo -e "\033[0;33mLICENSES seem to be out of date; update with 'make update-licenses'\033[0m" && exit 1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/cluster.sh new/cert-manager-1.10.2/make/cluster.sh --- old/cert-manager-1.10.1/make/cluster.sh 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/cluster.sh 2023-01-10 11:19:21.000000000 +0100 @@ -110,6 +110,7 @@ 1.23*) image=$KIND_IMAGE_FULL_K8S_123 ;; 1.24*) image=$KIND_IMAGE_FULL_K8S_124 ;; 1.25*) image=$KIND_IMAGE_FULL_K8S_125 ;; +1.26*) image=$KIND_IMAGE_FULL_K8S_126 ;; v*) printf "${red}${redcross}Error${end}: Kubernetes version must be given without the leading 'v'\n" >&2 && exit 1 ;; *) printf "${red}${redcross}Error${end}: unsupported Kubernetes version ${yel}${k8s_version}${end}\n" >&2 && exit 1 ;; esac diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/e2e-setup.mk new/cert-manager-1.10.2/make/e2e-setup.mk --- old/cert-manager-1.10.1/make/e2e-setup.mk 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/e2e-setup.mk 2023-01-10 11:19:21.000000000 +0100 @@ -10,7 +10,7 @@ # TODO: this version is also defaulted in ./make/cluster.sh. Make it so that it # is set in one place only. -K8S_VERSION := 1.24 +K8S_VERSION := 1.25 IMAGE_ingressnginx_amd64 := k8s.gcr.io/ingress-nginx/controller:v1.1.0@sha256:7464dc90abfaa084204176bcc0728f182b0611849395787143f6854dc6c38c85 IMAGE_kyverno_amd64 := ghcr.io/kyverno/kyverno:v1.7.1@sha256:aec4b029660d47aea025336150fdc2822c991f592d5170d754b6acaf158b513e @@ -315,7 +315,7 @@ $(HELM) upgrade \ --install \ --wait \ - --version 7.8.1 \ + --version 10.0.1 \ --namespace projectcontour \ --create-namespace \ --set contour.ingressClass.create=false \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/kind_images.sh new/cert-manager-1.10.2/make/kind_images.sh --- old/cert-manager-1.10.1/make/kind_images.sh 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/kind_images.sh 2023-01-10 11:19:21.000000000 +0100 @@ -21,6 +21,9 @@ KIND_IMAGE_K8S_124=docker.io/kindest/node@sha256:97e8d00bc37a7598a0b32d1fabd155a96355c49fa0d4d4790aab0f161bf31be1 KIND_IMAGE_K8S_125=docker.io/kindest/node@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 + # docker.io/kindest/node:v1.20.15 KIND_IMAGE_SHA_K8S_120=sha256:d67de8f84143adebe80a07672f370365ec7d23f93dc86866f0e29fa29ce026fe @@ -39,6 +42,9 @@ # docker.io/kindest/node:v1.25.2 KIND_IMAGE_SHA_K8S_125=sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_SHA_K8S_126=sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 + # note that these 'full' digests should be avoided since not all tools support them # prefer KIND_IMAGE_K8S_*** instead KIND_IMAGE_FULL_K8S_120=docker.io/kindest/node:v1.20.15@sha256:d67de8f84143adebe80a07672f370365ec7d23f93dc86866f0e29fa29ce026fe @@ -48,3 +54,5 @@ KIND_IMAGE_FULL_K8S_124=docker.io/kindest/node:v1.24.6@sha256:97e8d00bc37a7598a0b32d1fabd155a96355c49fa0d4d4790aab0f161bf31be1 KIND_IMAGE_FULL_K8S_125=docker.io/kindest/node:v1.25.2@sha256:9be91e9e9cdf116809841fc77ebdb8845443c4c72fe5218f3ae9eb57fdb4bace +# Manually set - see hack/latest-kind-images.sh for details +KIND_IMAGE_FULL_K8S_126=docker.io/kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/manifests.mk new/cert-manager-1.10.2/make/manifests.mk --- old/cert-manager-1.10.1/make/manifests.mk 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/manifests.mk 2023-01-10 11:19:21.000000000 +0100 @@ -41,23 +41,23 @@ ## @category Release release-manifests-signed: $(BINDIR)/release/cert-manager-manifests.tar.gz $(BINDIR)/metadata/cert-manager-manifests.tar.gz.metadata.json -$(BINDIR)/release/cert-manager-manifests.tar.gz: $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz.prov | $(BINDIR)/scratch/manifests $(BINDIR)/release - mkdir -p $(BINDIR)/scratch/manifests/deploy/chart/ - mkdir -p $(BINDIR)/scratch/manifests/deploy/manifests/ - cp $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz.prov $(BINDIR)/scratch/manifests/deploy/chart/ - cp $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml $(BINDIR)/scratch/manifests/deploy/manifests/ +$(BINDIR)/release/cert-manager-manifests.tar.gz: $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz.prov | $(BINDIR)/scratch/manifests-signed $(BINDIR)/release + mkdir -p $(BINDIR)/scratch/manifests-signed/deploy/chart/ + mkdir -p $(BINDIR)/scratch/manifests-signed/deploy/manifests/ + cp $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz.prov $(BINDIR)/scratch/manifests-signed/deploy/chart/ + cp $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml $(BINDIR)/scratch/manifests-signed/deploy/manifests/ # removes leading ./ from archived paths - find $(BINDIR)/scratch/manifests -maxdepth 1 -mindepth 1 | sed 's|.*/||' | tar czf $@ -C $(BINDIR)/scratch/manifests -T - - rm -rf $(BINDIR)/scratch/manifests + find $(BINDIR)/scratch/manifests-signed -maxdepth 1 -mindepth 1 | sed 's|.*/||' | tar czf $@ -C $(BINDIR)/scratch/manifests-signed -T - + rm -rf $(BINDIR)/scratch/manifests-signed -$(BINDIR)/scratch/cert-manager-manifests-unsigned.tar.gz: $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml | $(BINDIR)/scratch/manifests - mkdir -p $(BINDIR)/scratch/manifests/deploy/chart/ - mkdir -p $(BINDIR)/scratch/manifests/deploy/manifests/ - cp $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/scratch/manifests/deploy/chart/ - cp $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml $(BINDIR)/scratch/manifests/deploy/manifests/ +$(BINDIR)/scratch/cert-manager-manifests-unsigned.tar.gz: $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml | $(BINDIR)/scratch/manifests-unsigned + mkdir -p $(BINDIR)/scratch/manifests-unsigned/deploy/chart/ + mkdir -p $(BINDIR)/scratch/manifests-unsigned/deploy/manifests/ + cp $(BINDIR)/cert-manager-$(RELEASE_VERSION).tgz $(BINDIR)/scratch/manifests-unsigned/deploy/chart/ + cp $(BINDIR)/yaml/cert-manager.crds.yaml $(BINDIR)/yaml/cert-manager.yaml $(BINDIR)/scratch/manifests-unsigned/deploy/manifests/ # removes leading ./ from archived paths - find $(BINDIR)/scratch/manifests -maxdepth 1 -mindepth 1 | sed 's|.*/||' | tar czf $@ -C $(BINDIR)/scratch/manifests -T - - rm -rf $(BINDIR)/scratch/manifests + find $(BINDIR)/scratch/manifests-unsigned -maxdepth 1 -mindepth 1 | sed 's|.*/||' | tar czf $@ -C $(BINDIR)/scratch/manifests-unsigned -T - + rm -rf $(BINDIR)/scratch/manifests-unsigned # This metadata blob is constructed slightly differently and doesn't use hack/artifact-metadata.template.json directly; # this is because the bazel staged releases didn't include an "os" or "architecture" field for this artifact @@ -164,7 +164,10 @@ $(BINDIR)/scratch/yaml: @mkdir -p $@ -$(BINDIR)/scratch/manifests: +$(BINDIR)/scratch/manifests-unsigned: + @mkdir -p $@ + +$(BINDIR)/scratch/manifests-signed: @mkdir -p $@ $(BINDIR)/yaml/templated-crds: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/make/tools.mk new/cert-manager-1.10.2/make/tools.mk --- old/cert-manager-1.10.1/make/tools.mk 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/make/tools.mk 2023-01-10 11:19:21.000000000 +0100 @@ -36,7 +36,7 @@ TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION) TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) -VENDORED_GO_VERSION := 1.19.3 +VENDORED_GO_VERSION := 1.19.4 # When switching branches which use different versions of the tools, we # need a way to re-trigger the symlinking from $(BINDIR)/downloaded to $(BINDIR)/tools. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/pkg/controller/certificaterequests/selfsigned/checks.go new/cert-manager-1.10.2/pkg/controller/certificaterequests/selfsigned/checks.go --- old/cert-manager-1.10.1/pkg/controller/certificaterequests/selfsigned/checks.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/pkg/controller/certificaterequests/selfsigned/checks.go 2023-01-10 11:19:21.000000000 +0100 @@ -26,6 +26,7 @@ "k8s.io/client-go/util/workqueue" apiutil "github.com/cert-manager/cert-manager/pkg/api/util" + cmdoc "github.com/cert-manager/cert-manager/pkg/apis/certmanager" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" clientv1 "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" controllerpkg "github.com/cert-manager/cert-manager/pkg/controller" @@ -85,6 +86,11 @@ dbg.Info("checking if self signed certificate requests reference secret") var affected []*cmapi.CertificateRequest for _, request := range requests { + if request.Spec.IssuerRef.Group != cmdoc.GroupName { + dbg.Info("skipping SelfSigned secret reference checks since issuer has external group", "group", request.Spec.IssuerRef.Group) + continue + } + issuerObj, err := helper.GetGenericIssuer(request.Spec.IssuerRef, request.Namespace) if k8sErrors.IsNotFound(err) { dbg.Info("issuer not found, skipping") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/pkg/controller/certificaterequests/selfsigned/checks_test.go new/cert-manager-1.10.2/pkg/controller/certificaterequests/selfsigned/checks_test.go --- old/cert-manager-1.10.1/pkg/controller/certificaterequests/selfsigned/checks_test.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/pkg/controller/certificaterequests/selfsigned/checks_test.go 2023-01-10 11:19:21.000000000 +0100 @@ -225,6 +225,20 @@ }, expectedAffected: []*cmapi.CertificateRequest{}, }, + "if issuer has different group, do nothing": { + existingCRs: []runtime.Object{ + gen.CertificateRequest("a", + gen.SetCertificateRequestNamespace("test-namespace"), + gen.SetCertificateRequestAnnotations(map[string]string{ + "cert-manager.io/private-key-secret-name": "test-secret", + }), gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{ + Name: "a", Kind: "Keith", Group: "not-cert-manager.io", + }), + ), + }, + existingIssuers: []runtime.Object{}, + expectedAffected: []*cmapi.CertificateRequest{}, + }, "should not return requests which are in a different namespace": { existingCRs: []runtime.Object{ gen.CertificateRequest("a", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/pkg/issuer/acme/dns/dns.go new/cert-manager-1.10.2/pkg/issuer/acme/dns/dns.go --- old/cert-manager-1.10.1/pkg/issuer/acme/dns/dns.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/pkg/issuer/acme/dns/dns.go 2023-01-10 11:19:21.000000000 +0100 @@ -488,9 +488,10 @@ // NewSolver creates a Solver which can instantiate the appropriate DNS // provider. func NewSolver(ctx *controller.Context) (*Solver, error) { + secretsLister := ctx.KubeSharedInformerFactory.Core().V1().Secrets().Lister() webhookSolvers := []webhook.Solver{ &webhookslv.Webhook{}, - rfc2136.New(rfc2136.WithNamespace(ctx.Namespace)), + rfc2136.New(rfc2136.WithNamespace(ctx.Namespace), rfc2136.WithSecretsLister(secretsLister)), } initialized := make(map[string]webhook.Solver) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/pkg/issuer/acme/dns/rfc2136/provider.go new/cert-manager-1.10.2/pkg/issuer/acme/dns/rfc2136/provider.go --- old/cert-manager-1.10.1/pkg/issuer/acme/dns/rfc2136/provider.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/pkg/issuer/acme/dns/rfc2136/provider.go 2023-01-10 11:19:21.000000000 +0100 @@ -33,6 +33,8 @@ logf "github.com/cert-manager/cert-manager/pkg/logs" ) +const SolverName = "rfc2136" + type Solver struct { secretLister corelisters.SecretLister @@ -50,6 +52,12 @@ } } +func WithSecretsLister(secretLister corelisters.SecretLister) Option { + return func(s *Solver) { + s.secretLister = secretLister + } +} + func New(opts ...Option) *Solver { s := &Solver{} for _, o := range opts { @@ -59,7 +67,7 @@ } func (s *Solver) Name() string { - return "rfc2136" + return SolverName } func (s *Solver) Present(ch *whapi.ChallengeRequest) error { @@ -91,18 +99,25 @@ } func (s *Solver) Initialize(kubeClientConfig *restclient.Config, stopCh <-chan struct{}) error { - cl, err := kubernetes.NewForConfig(kubeClientConfig) - if err != nil { - return err + // Only start a secrets informerfactory if it is needed (if the solver + // is not already initialized with a secrets lister) This is legacy + // functionality. If you have a secrets watcher already available in the + // caller, you probably want to use that to avoid double caching the + // Secrets + // TODO: refactor and remove this functionality + if s.secretLister == nil { + cl, err := kubernetes.NewForConfig(kubeClientConfig) + if err != nil { + return err + } + + // obtain a secret lister and start the informer factory to populate the + // secret cache + factory := informers.NewSharedInformerFactoryWithOptions(cl, time.Minute*5, informers.WithNamespace(s.namespace)) + s.secretLister = factory.Core().V1().Secrets().Lister() + factory.Start(stopCh) + factory.WaitForCacheSync(stopCh) } - - // obtain a secret lister and start the informer factory to populate the - // secret cache - factory := informers.NewSharedInformerFactoryWithOptions(cl, time.Minute*5, informers.WithNamespace(s.namespace)) - s.secretLister = factory.Core().V1().Secrets().Lister() - factory.Start(stopCh) - factory.WaitForCacheSync(stopCh) - return nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/test/acme/dns/fixture.go new/cert-manager-1.10.2/test/acme/dns/fixture.go --- old/cert-manager-1.10.1/test/acme/dns/fixture.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/test/acme/dns/fixture.go 2023-01-10 11:19:21.000000000 +0100 @@ -24,10 +24,12 @@ "time" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" "sigs.k8s.io/controller-runtime/pkg/envtest" "github.com/cert-manager/cert-manager/pkg/acme/webhook" + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/rfc2136" "github.com/cert-manager/cert-manager/test/internal/apiserver" ) @@ -42,7 +44,8 @@ type fixture struct { // testSolver is the actual DNS solver that is under test. // It is set when calling the NewFixture function. - testSolver webhook.Solver + testSolver webhook.Solver + testSolverType string resolvedFQDN string resolvedZone string @@ -96,7 +99,28 @@ f.clientset = cl stopCh := make(chan struct{}) - f.testSolver.Initialize(env.Config, stopCh) + + var testSolver webhook.Solver + switch f.testSolverType { + case rfc2136.SolverName: + cl, err := kubernetes.NewForConfig(env.Config) + if err != nil { + t.Errorf("error initializing solver: %#+v", err) + } + + // obtain a secret lister and start the informer factory to populate the + // secret cache + factory := informers.NewSharedInformerFactoryWithOptions(cl, time.Minute*5) + secretLister := factory.Core().V1().Secrets().Lister() + factory.Start(stopCh) + factory.WaitForCacheSync(stopCh) + testSolver = rfc2136.New(rfc2136.WithSecretsLister(secretLister)) + f.testSolver = testSolver + default: + t.Errorf("unknown solver type: %s", f.testSolverType) + } + + testSolver.Initialize(env.Config, stopCh) return func() { close(stopCh) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/test/acme/dns/options.go new/cert-manager-1.10.2/test/acme/dns/options.go --- old/cert-manager-1.10.1/test/acme/dns/options.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/test/acme/dns/options.go 2023-01-10 11:19:21.000000000 +0100 @@ -24,8 +24,6 @@ "time" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - - "github.com/cert-manager/cert-manager/pkg/acme/webhook" ) // Option applies a configuration option to the test fixture being built @@ -33,9 +31,9 @@ // NewFixture constructs a new *fixture, applying the given Options before // returning. -func NewFixture(solver webhook.Solver, opts ...Option) *fixture { +func NewFixture(solverType string, opts ...Option) *fixture { f := &fixture{ - testSolver: solver, + testSolverType: solverType, } for _, o := range opts { o(f) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/cert-manager-1.10.1/test/integration/rfc2136_dns01/provider_test.go new/cert-manager-1.10.2/test/integration/rfc2136_dns01/provider_test.go --- old/cert-manager-1.10.1/test/integration/rfc2136_dns01/provider_test.go 2022-11-15 15:05:44.000000000 +0100 +++ new/cert-manager-1.10.2/test/integration/rfc2136_dns01/provider_test.go 2023-01-10 11:19:21.000000000 +0100 @@ -59,7 +59,7 @@ TSIGKeyName: rfc2136TestTsigKeyName, } - fixture := dns.NewFixture(&rfc2136.Solver{}, + fixture := dns.NewFixture(rfc2136.SolverName, dns.SetResolvedZone(rfc2136TestZone), dns.SetResolvedFQDN(rfc2136TestFqdn), dns.SetAllowAmbientCredentials(false), @@ -91,7 +91,7 @@ Nameserver: server.ListenAddr(), } - fixture := dns.NewFixture(&rfc2136.Solver{}, + fixture := dns.NewFixture(rfc2136.SolverName, dns.SetResolvedZone(rfc2136TestZone), dns.SetResolvedFQDN(rfc2136TestFqdn), dns.SetAllowAmbientCredentials(false), ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/cmctl/vendor.tar.gz /work/SRC/openSUSE:Factory/.cmctl.new.32243/vendor.tar.gz differ: char 5, line 1
