Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nfpm for openSUSE:Factory checked in
at 2024-08-17 12:41:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nfpm (Old)
and /work/SRC/openSUSE:Factory/.nfpm.new.2698 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nfpm"
Sat Aug 17 12:41:52 2024 rev:3 rq:1194370 version:2.39.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/nfpm/nfpm.changes 2024-07-10
16:57:50.701946653 +0200
+++ /work/SRC/openSUSE:Factory/.nfpm.new.2698/nfpm.changes 2024-08-17
12:42:09.965811361 +0200
@@ -1,0 +2,20 @@
+Fri Aug 16 18:11:13 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 2.39.0:
+ * build: fix packagers shell on darwin
+ * feat: env var substitution in description (#848)
+ * build: update flake.nix
+ * chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1
+ (#846)
+ * chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0
+ (#845)
+ * chore(deps): bump benc-uk/workflow-dispatch from 1.2.3 to 1.2.4
+ (#844)
+ * chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0
+ (#843)
+ * chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1
+ (#842)
+ * fix(deb): dpkg-sig format (#841)
+ * docs: update cmd docs
+
+-------------------------------------------------------------------
Old:
----
nfpm-2.38.0.obscpio
New:
----
nfpm-2.39.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nfpm.spec ++++++
--- /var/tmp/diff_new_pack.dW9Y8V/_old 2024-08-17 12:42:10.533834981 +0200
+++ /var/tmp/diff_new_pack.dW9Y8V/_new 2024-08-17 12:42:10.533834981 +0200
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: nfpm
-Version: 2.38.0
+Version: 2.39.0
Release: 0
Summary: Simple deb, rpm, apk and arch linux packager written in Go
License: MIT
++++++ _service ++++++
--- /var/tmp/diff_new_pack.dW9Y8V/_old 2024-08-17 12:42:10.577836810 +0200
+++ /var/tmp/diff_new_pack.dW9Y8V/_new 2024-08-17 12:42:10.585837143 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/goreleaser/nfpm</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v2.38.0</param>
+ <param name="revision">v2.39.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.dW9Y8V/_old 2024-08-17 12:42:10.609838141 +0200
+++ /var/tmp/diff_new_pack.dW9Y8V/_new 2024-08-17 12:42:10.613838307 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/goreleaser/nfpm</param>
- <param
name="changesrevision">d33a9233bb7acf04621b78114114476196d79779</param></service></servicedata>
+ <param
name="changesrevision">abdde689ee5b84b2b0ac5ae58495b723a719d06a</param></service></servicedata>
(No newline at EOF)
++++++ nfpm-2.38.0.obscpio -> nfpm-2.39.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/.github/workflows/release.yml
new/nfpm-2.39.0/.github/workflows/release.yml
--- old/nfpm-2.38.0/.github/workflows/release.yml 2024-07-05
20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/.github/workflows/release.yml 2024-08-15
03:45:12.000000000 +0200
@@ -15,7 +15,7 @@
runs-on: ubuntu-latest
needs: goreleaser
steps:
- - uses: benc-uk/workflow-dispatch@v1.2.3
+ - uses: benc-uk/workflow-dispatch@v1.2.4
with:
ref: main
token: ${{ secrets.GH_PAT }}
@@ -34,8 +34,8 @@
- uses: arduino/setup-task@v2
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- - uses: sigstore/cosign-installer@v3.5.0
- - uses: anchore/sbom-action/download-syft@v0.16.0
+ - uses: sigstore/cosign-installer@v3.6.0
+ - uses: anchore/sbom-action/download-syft@v0.17.1
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: cachix/install-nix-action@V27
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/deb/deb.go new/nfpm-2.39.0/deb/deb.go
--- old/nfpm-2.38.0/deb/deb.go 2024-07-05 20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/deb/deb.go 2024-08-15 03:45:12.000000000 +0200
@@ -8,6 +8,7 @@
"compress/gzip"
"crypto/md5" // nolint:gas
"crypto/sha1"
+ "encoding/hex"
"errors"
"fmt"
"io"
@@ -230,7 +231,9 @@
Date: {{ .Date }}
Role: {{ .Role }}
Files:
-{{range .Files}}{{ .Md5Sum }} {{ .Sha1Sum }} {{ .Size }} {{ .Name }}{{end}}
+{{range .Files -}}
+{{"\t"}}{{ hex .Md5Sum }} {{ hex .Sha1Sum }} {{ .Size }} {{ .Name }}
+{{end -}}
`
type dpkgSigData struct {
@@ -241,17 +244,18 @@
Info *nfpm.Info
}
type dpkgSigFileLine struct {
- Md5Sum [16]byte
- Sha1Sum [20]byte
+ Md5Sum []byte
+ Sha1Sum []byte
Size int
Name string
}
func newDpkgSigFileLine(name string, fileContent []byte) dpkgSigFileLine {
+ md5Sum, sha1Sum := md5.Sum(fileContent), sha1.Sum(fileContent)
return dpkgSigFileLine{
Name: name,
- Md5Sum: md5.Sum(fileContent),
- Sha1Sum: sha1.Sum(fileContent),
+ Md5Sum: md5Sum[:],
+ Sha1Sum: sha1Sum[:],
Size: len(fileContent),
}
}
@@ -267,7 +271,9 @@
newDpkgSigFileLine("data.tar.gz", dataTarball),
},
}
- temp, _ := template.New("dpkg-sig").Parse(dpkgSigTemplate)
+ temp, _ := template.New("dpkg-sig").Funcs(template.FuncMap{
+ "hex": hex.EncodeToString,
+ }).Parse(dpkgSigTemplate)
buf := &bytes.Buffer{}
err := temp.Execute(buf, data)
if err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/deb/deb_test.go
new/nfpm-2.39.0/deb/deb_test.go
--- old/nfpm-2.38.0/deb/deb_test.go 2024-07-05 20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/deb/deb_test.go 2024-08-15 03:45:12.000000000 +0200
@@ -5,6 +5,7 @@
"bytes"
"compress/gzip"
"crypto/md5" // nolint: gosec
+ "crypto/sha1"
"encoding/hex"
"errors"
"flag"
@@ -13,6 +14,7 @@
"os"
"path"
"path/filepath"
+ "slices"
"strconv"
"strings"
"testing"
@@ -1001,8 +1003,10 @@
signature := extractFileFromAr(t, deb.Bytes(), "_gpgbuilder")
- err = sign.PGPReadMessage(signature,
"../internal/sign/testdata/pubkey.asc")
+ msg, err := sign.PGPReadMessage(signature,
"../internal/sign/testdata/pubkey.asc")
require.NoError(t, err)
+
+ require.NoError(t, verifyDpkgSigFileHashes(extractAllFilesFromAr(t,
deb.Bytes()), string(msg)))
}
func TestDpkgSigSignatureError(t *testing.T) {
@@ -1032,8 +1036,10 @@
signature := extractFileFromAr(t, deb.Bytes(), "_gpgbuilder")
- err = sign.PGPReadMessage(signature,
"../internal/sign/testdata/pubkey.asc")
+ msg, err := sign.PGPReadMessage(signature,
"../internal/sign/testdata/pubkey.asc")
require.NoError(t, err)
+
+ require.NoError(t, verifyDpkgSigFileHashes(extractAllFilesFromAr(t,
deb.Bytes()), string(msg)))
}
func TestDisableGlobbing(t *testing.T) {
@@ -1400,6 +1406,26 @@
return nil
}
+func extractAllFilesFromAr(tb testing.TB, arFile []byte) map[string][]byte {
+ tb.Helper()
+
+ tr := ar.NewReader(bytes.NewReader(arFile))
+ files := make(map[string][]byte)
+ for {
+ hdr, err := tr.Next()
+ if errors.Is(err, io.EOF) {
+ break // End of archive
+ }
+ require.NoError(tb, err)
+
+ fileContents, err := io.ReadAll(tr)
+ require.NoError(tb, err)
+
+ files[hdr.Name] = fileContents
+ }
+ return files
+}
+
func TestEmptyButRequiredDebFields(t *testing.T) {
item := nfpm.WithDefaults(&nfpm.Info{
Name: "foo",
@@ -1506,3 +1532,45 @@
return nil
}
+
+func verifyDpkgSigFileHashes(arFiles map[string][]byte, msg string) error {
+ _, hashes, ok := strings.Cut(msg, "Files:")
+ if !ok {
+ return errors.New("expected Files section in dpkg-sig message")
+ }
+ lines := strings.Split(hashes, "\n")
+ for i := range lines {
+ lines[i] = strings.TrimSpace(lines[i])
+ if lines[i] == "" {
+ continue
+ }
+ var md5Hex, sha1Hex, size, name string
+ if n, err := fmt.Sscanln(lines[i], &md5Hex, &sha1Hex, &size,
&name); err != nil {
+ return err
+ } else if n != 4 {
+ return fmt.Errorf("expected 4 elements in line %q, but
got %d", lines[i], n)
+ }
+
+ md5Sum, err := hex.DecodeString(md5Hex)
+ if err != nil {
+ return err
+ }
+ sha1Sum, err := hex.DecodeString(sha1Hex)
+ if err != nil {
+ return err
+ }
+
+ content, ok := arFiles[name]
+ if !ok {
+ return fmt.Errorf("dpkg-sig message contains hash of
file %q, but the package does not contain the file", name)
+ }
+ actualMD5Sum, actualSHA1Sum := md5.Sum(content),
sha1.Sum(content)
+ if !slices.Equal(actualMD5Sum[:], md5Sum) {
+ return fmt.Errorf("file %q has invalid MD5 sum", name)
+ }
+ if !slices.Equal(actualSHA1Sum[:], sha1Sum) {
+ return fmt.Errorf("file %q has invalid SHA1 sum", name)
+ }
+ }
+ return nil
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/flake.lock new/nfpm-2.39.0/flake.lock
--- old/nfpm-2.38.0/flake.lock 2024-07-05 20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/flake.lock 2024-08-15 03:45:12.000000000 +0200
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1711703276,
- "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
+ "lastModified": 1723362943,
+ "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
+ "rev": "a58bc8ad779655e790115244571758e8de055e3d",
"type": "github"
},
"original": {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/flake.nix new/nfpm-2.39.0/flake.nix
--- old/nfpm-2.38.0/flake.nix 2024-07-05 20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/flake.nix 2024-08-15 03:45:12.000000000 +0200
@@ -15,26 +15,30 @@
src = ./.;
ldflags = [ "-s" "-w" "-X main.version=dev" "-X main.builtBy=flake"
];
doCheck = false;
- vendorHash = "sha256-g57tLk2+WWcdG0COqkQD7eLYG0TdC0RnlhLF6Qt4woY=";
+ vendorHash = "";
};
devShells.default = pkgs.mkShell {
+ shellHook = "go mod tidy";
+ };
+
+ # nix develop .#dev
+ devShells.dev = pkgs.mkShell {
packages = with pkgs; [
- go
go-task
gofumpt
- nix-prefetch
];
- shellHook = "go mod tidy";
};
# nix develop .#packagers
devShells.packagers = pkgs.mkShell {
packages = with pkgs; [
- apk-tools
dpkg
+ ] ++ (lib.optionals pkgs.stdenv.isLinux [
+ apk-tools
rpm
- ];
+ ]);
+
};
# nix develop .#docs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/internal/sign/pgp.go
new/nfpm-2.39.0/internal/sign/pgp.go
--- old/nfpm-2.38.0/internal/sign/pgp.go 2024-07-05 20:26:41.000000000
+0200
+++ new/nfpm-2.39.0/internal/sign/pgp.go 2024-08-15 03:45:12.000000000
+0200
@@ -143,10 +143,10 @@
return err
}
-func PGPReadMessage(message []byte, armoredPubKeyFile string) error {
+func PGPReadMessage(message []byte, armoredPubKeyFile string) (plaintext
[]byte, err error) {
keyFileContent, err := os.ReadFile(armoredPubKeyFile)
if err != nil {
- return fmt.Errorf("reading armored public key file: %w", err)
+ return nil, fmt.Errorf("reading armored public key file: %w",
err)
}
var keyring openpgp.EntityList
@@ -154,19 +154,19 @@
if isASCII(keyFileContent) {
keyring, err =
openpgp.ReadArmoredKeyRing(bytes.NewReader(keyFileContent))
if err != nil {
- return fmt.Errorf("decoding armored public key file:
%w", err)
+ return nil, fmt.Errorf("decoding armored public key
file: %w", err)
}
} else {
keyring, err =
openpgp.ReadKeyRing(bytes.NewReader(keyFileContent))
if err != nil {
- return fmt.Errorf("decoding public key file: %w", err)
+ return nil, fmt.Errorf("decoding public key file: %w",
err)
}
}
block, _ := clearsign.Decode(message)
_, err = block.VerifySignature(keyring, nil)
- return err
+ return block.Plaintext, err
}
func parseKeyID(hexKeyID *string) (uint64, error) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/nfpm.go new/nfpm-2.39.0/nfpm.go
--- old/nfpm-2.38.0/nfpm.go 2024-07-05 20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/nfpm.go 2024-08-15 03:45:12.000000000 +0200
@@ -231,6 +231,7 @@
c.Info.Homepage = os.Expand(c.Info.Homepage, c.envMappingFunc)
c.Info.Maintainer = os.Expand(c.Info.Maintainer, c.envMappingFunc)
c.Info.Vendor = os.Expand(c.Info.Vendor, c.envMappingFunc)
+ c.Info.Description = os.Expand(c.Info.Description, c.envMappingFunc)
// Package signing related fields
c.Info.Deb.Signature.KeyFile = os.Expand(c.Deb.Signature.KeyFile,
c.envMappingFunc)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/nfpm_test.go new/nfpm-2.39.0/nfpm_test.go
--- old/nfpm-2.38.0/nfpm_test.go 2024-07-05 20:26:41.000000000 +0200
+++ new/nfpm-2.39.0/nfpm_test.go 2024-08-15 03:45:12.000000000 +0200
@@ -313,11 +313,13 @@
t.Setenv("RPM_KEY_FILE", "my/rpm/key/file")
t.Setenv("TEST_RELEASE_ENV_VAR", "1234")
t.Setenv("TEST_PRERELEASE_ENV_VAR", "beta1")
+ t.Setenv("TEST_DESCRIPTION_ENV_VAR", "description")
config, err := parseAndValidate("./testdata/env-fields.yaml")
require.NoError(t, err)
require.Equal(t, fmt.Sprintf("v%s", os.Getenv("GOROOT")),
config.Version)
require.Equal(t, "1234", config.Release)
require.Equal(t, "beta1", config.Prerelease)
+ require.Equal(t, "My description", config.Description)
require.Equal(t, "my/rpm/key/file", config.RPM.Signature.KeyFile)
require.Equal(t, "hard/coded/file", config.Deb.Signature.KeyFile)
require.Equal(t, "", config.APK.Signature.KeyFile)
@@ -381,6 +383,7 @@
maintainerEmail = "n...@example.com"
homepage = "https://nfpm.goreleaser.com";
vcsBrowser = "https://github.com/goreleaser/nfpm";
+ description = "barfoo"
)
t.Run("platform", func(t *testing.T) {
@@ -440,6 +443,13 @@
require.Equal(t, homepage, info.Homepage)
})
+ t.Run("description", func(t *testing.T) {
+ t.Setenv("DESCRIPTION", description)
+ info, err := nfpm.Parse(strings.NewReader("name:
foo\ndescription: $DESCRIPTION"))
+ require.NoError(t, err)
+ require.Equal(t, description, info.Description)
+ })
+
t.Run("global passphrase", func(t *testing.T) {
t.Setenv("NFPM_PASSPHRASE", globalPass)
info, err := nfpm.Parse(strings.NewReader("name: foo"))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/testdata/env-fields.yaml
new/nfpm-2.39.0/testdata/env-fields.yaml
--- old/nfpm-2.38.0/testdata/env-fields.yaml 2024-07-05 20:26:41.000000000
+0200
+++ new/nfpm-2.39.0/testdata/env-fields.yaml 2024-08-15 03:45:12.000000000
+0200
@@ -4,6 +4,7 @@
version: "v$GOROOT"
release: ${TEST_RELEASE_ENV_VAR}
prerelease: ${TEST_PRERELEASE_ENV_VAR}
+description: My ${TEST_DESCRIPTION_ENV_VAR}
contents:
- src: ./testdata/whatever.conf
dst: /etc/foo/regular.conf
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/www/docs/configuration.md
new/nfpm-2.39.0/www/docs/configuration.md
--- old/nfpm-2.38.0/www/docs/configuration.md 2024-07-05 20:26:41.000000000
+0200
+++ new/nfpm-2.39.0/www/docs/configuration.md 2024-08-15 03:45:12.000000000
+0200
@@ -83,6 +83,7 @@
maintainer: Carlos Alexandro Becker <r...@carlosbecker.com>
# Description.
+# This will expand any env var you set in the field, e.g. description:
${DESCRIPTION}
# Defaults to `no description given`.
# Most packagers call for a one-line synopsis of the package. Some (like deb)
# also call for a multi-line description starting on the second line.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nfpm-2.38.0/www/docs/static/latest
new/nfpm-2.39.0/www/docs/static/latest
--- old/nfpm-2.38.0/www/docs/static/latest 2024-07-05 20:26:41.000000000
+0200
+++ new/nfpm-2.39.0/www/docs/static/latest 2024-08-15 03:45:12.000000000
+0200
@@ -1 +1 @@
-v2.37.1
+v2.38.0
++++++ nfpm.obsinfo ++++++
--- /var/tmp/diff_new_pack.dW9Y8V/_old 2024-08-17 12:42:10.937851781 +0200
+++ /var/tmp/diff_new_pack.dW9Y8V/_new 2024-08-17 12:42:10.941851947 +0200
@@ -1,5 +1,5 @@
name: nfpm
-version: 2.38.0
-mtime: 1720204001
-commit: d33a9233bb7acf04621b78114114476196d79779
+version: 2.39.0
+mtime: 1723686312
+commit: abdde689ee5b84b2b0ac5ae58495b723a719d06a
++++++ vendor.tar.gz ++++++
