Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apko for openSUSE:Factory checked in
at 2024-12-16 19:10:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apko (Old)
and /work/SRC/openSUSE:Factory/.apko.new.29675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apko"
Mon Dec 16 19:10:41 2024 rev:28 rq:1231041 version:0.22.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/apko/apko.changes 2024-12-12
21:19:26.231831626 +0100
+++ /work/SRC/openSUSE:Factory/.apko.new.29675/apko.changes 2024-12-16
19:11:09.127566056 +0100
@@ -1,0 +2,30 @@
+Sat Dec 14 21:34:51 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.22.2:
+ * Lock image configs before building (#1441)
+
+-------------------------------------------------------------------
+Sat Dec 14 21:32:36 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.22.1:
+ * pkg/apk: switch to SHA2-256 based signatures by default (#1440)
+
+-------------------------------------------------------------------
+Sat Dec 14 21:15:16 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.22.0:
+ * pkg/apk: switch to SHA2-256 based signatures by default
+ * Include /opt by default (#1435)
+ * build(deps): bump go.opentelemetry.io/otel from 1.32.0 to
+ 1.33.0 (#1437)
+ * build(deps): bump github/codeql-action from 3.27.7 to 3.27.9
+ (#1438)
+ * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.32.0
+ (#1434)
+ * build(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 in
+ the go_modules group (#1433)
+ * build(deps): bump actions/setup-go from 5.0.2 to 5.2.0 (#1431)
+ * build(deps): bump google.golang.org/api from 0.209.0 to 0.211.0
+ (#1429)
+
+-------------------------------------------------------------------
Old:
----
apko-0.21.0.obscpio
New:
----
apko-0.22.2.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apko.spec ++++++
--- /var/tmp/diff_new_pack.7SmJxR/_old 2024-12-16 19:11:11.187651554 +0100
+++ /var/tmp/diff_new_pack.7SmJxR/_new 2024-12-16 19:11:11.187651554 +0100
@@ -17,7 +17,7 @@
Name: apko
-Version: 0.21.0
+Version: 0.22.2
Release: 0
Summary: Build OCI images from APK packages directly without Dockerfile
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.7SmJxR/_old 2024-12-16 19:11:11.223653049 +0100
+++ /var/tmp/diff_new_pack.7SmJxR/_new 2024-12-16 19:11:11.223653049 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/apko</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.21.0</param>
+ <param name="revision">v0.22.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.7SmJxR/_old 2024-12-16 19:11:11.247654045 +0100
+++ /var/tmp/diff_new_pack.7SmJxR/_new 2024-12-16 19:11:11.251654211 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/apko</param>
- <param
name="changesrevision">d45b6da444f211f49e25d25d26cc0241023d22c8</param></service></servicedata>
+ <param
name="changesrevision">559534fa1a0f3e719335aa06a9aa1dbd6609fa25</param></service></servicedata>
(No newline at EOF)
++++++ apko-0.21.0.obscpio -> apko-0.22.2.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/.github/workflows/build-samples.yml
new/apko-0.22.2/.github/workflows/build-samples.yml
--- old/apko-0.21.0/.github/workflows/build-samples.yml 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/.github/workflows/build-samples.yml 2024-12-14
19:47:58.000000000 +0100
@@ -26,7 +26,7 @@
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.1.5
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.1.5
with:
go-version-file: 'go.mod'
check-latest: true
@@ -67,7 +67,7 @@
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.1.5
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.1.5
with:
go-version-file: 'go.mod'
check-latest: true
@@ -97,7 +97,7 @@
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.1.5
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.1.5
with:
go-version-file: 'go.mod'
check-latest: true
@@ -136,7 +136,7 @@
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.1.5
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.1.5
with:
go-version-file: 'go.mod'
check-latest: true
@@ -175,7 +175,7 @@
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.1.5
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.1.5
with:
go-version-file: 'go.mod'
check-latest: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/.github/workflows/build.yaml
new/apko-0.22.2/.github/workflows/build.yaml
--- old/apko-0.21.0/.github/workflows/build.yaml 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/.github/workflows/build.yaml 2024-12-14
19:47:58.000000000 +0100
@@ -21,7 +21,7 @@
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.1.5
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.1.5
with:
go-version-file: 'go.mod'
check-latest: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/.github/workflows/codeql.yaml
new/apko-0.22.2/.github/workflows/codeql.yaml
--- old/apko-0.21.0/.github/workflows/codeql.yaml 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/.github/workflows/codeql.yaml 2024-12-14
19:47:58.000000000 +0100
@@ -24,13 +24,13 @@
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v3.0.0
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v3.0.0
with:
go-version-file: 'go.mod'
check-latest: true
- name: Initialize CodeQL
- uses: github/codeql-action/init@babb554ede22fd5605947329c4d04d8e7a0b8155
+ uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae
with:
languages: go
@@ -38,4 +38,4 @@
run: make apko
- name: Perform CodeQL Analysis
- uses:
github/codeql-action/analyze@babb554ede22fd5605947329c4d04d8e7a0b8155
+ uses:
github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/.github/workflows/go-tests.yaml
new/apko-0.22.2/.github/workflows/go-tests.yaml
--- old/apko-0.21.0/.github/workflows/go-tests.yaml 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/.github/workflows/go-tests.yaml 2024-12-14
19:47:58.000000000 +0100
@@ -22,7 +22,7 @@
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- name: Install Go
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v3.0.0
+ uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v3.0.0
with:
go-version-file: 'go.mod'
check-latest: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/.github/workflows/release.yaml
new/apko-0.22.2/.github/workflows/release.yaml
--- old/apko-0.21.0/.github/workflows/release.yaml 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/.github/workflows/release.yaml 2024-12-14
19:47:58.000000000 +0100
@@ -24,7 +24,7 @@
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v2.2.0
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v2.2.0
with:
go-version-file: 'go.mod'
check-latest: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/.github/workflows/verify.yaml
new/apko-0.22.2/.github/workflows/verify.yaml
--- old/apko-0.21.0/.github/workflows/verify.yaml 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/.github/workflows/verify.yaml 2024-12-14
19:47:58.000000000 +0100
@@ -16,7 +16,7 @@
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #
v4.2.2
- - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 #
v2.2.0
+ - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a #
v2.2.0
with:
go-version-file: 'go.mod'
check-latest: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/go.mod new/apko-0.22.2/go.mod
--- old/apko-0.21.0/go.mod 2024-12-11 23:02:06.000000000 +0100
+++ new/apko-0.22.2/go.mod 2024-12-14 19:47:58.000000000 +0100
@@ -24,24 +24,24 @@
github.com/tmc/dot v0.0.0-20210901225022-f9bc17da75c0
github.com/u-root/u-root v0.14.0
go.lsp.dev/uri v0.3.0
- go.opentelemetry.io/otel v1.32.0
- go.opentelemetry.io/otel/trace v1.32.0
+ go.opentelemetry.io/otel v1.33.0
+ go.opentelemetry.io/otel/trace v1.33.0
go.step.sm/crypto v0.55.0
golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
golang.org/x/sync v0.10.0
golang.org/x/sys v0.28.0
golang.org/x/time v0.8.0
- google.golang.org/api v0.209.0
+ google.golang.org/api v0.211.0
gopkg.in/ini.v1 v1.67.0
gopkg.in/yaml.v3 v3.0.1
- k8s.io/apimachinery v0.31.3
+ k8s.io/apimachinery v0.32.0
sigs.k8s.io/release-utils v0.8.5
)
require (
chainguard.dev/go-grpc-kit v0.17.6 // indirect
- cloud.google.com/go/auth v0.10.2 // indirect
- cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
+ cloud.google.com/go/auth v0.12.1 // indirect
+ cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
cloud.google.com/go/compute/metadata v0.5.2 // indirect
dario.cat/mergo v1.0.1 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
@@ -145,21 +145,21 @@
github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
- go.opencensus.io v0.24.0 // indirect
+ go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.56.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0
// indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0
// indirect
- go.opentelemetry.io/otel/metric v1.32.0 // indirect
+ go.opentelemetry.io/otel/metric v1.33.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
- golang.org/x/crypto v0.29.0 // indirect
+ golang.org/x/crypto v0.31.0 // indirect
golang.org/x/mod v0.21.0 // indirect
- golang.org/x/net v0.31.0 // indirect
+ golang.org/x/net v0.32.0 // indirect
golang.org/x/oauth2 v0.24.0 // indirect
- golang.org/x/term v0.26.0 // indirect
- golang.org/x/text v0.20.0 // indirect
- google.golang.org/genproto/googleapis/api
v0.0.0-20241104194629-dd2ea8efbc28 // indirect
- google.golang.org/genproto/googleapis/rpc
v0.0.0-20241113202542-65e8d215514f // indirect
+ golang.org/x/term v0.27.0 // indirect
+ golang.org/x/text v0.21.0 // indirect
+ google.golang.org/genproto/googleapis/api
v0.0.0-20241118233622-e639e219e697 // indirect
+ google.golang.org/genproto/googleapis/rpc
v0.0.0-20241206012308-a4fef0638583 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.2 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/go.sum new/apko-0.22.2/go.sum
--- old/apko-0.21.0/go.sum 2024-12-11 23:02:06.000000000 +0100
+++ new/apko-0.22.2/go.sum 2024-12-14 19:47:58.000000000 +0100
@@ -3,10 +3,10 @@
chainguard.dev/sdk v0.1.28 h1:xLQv0JxiGhqVKOL059DmTReTjrKFhUsP5U1W6cgr+jQ=
chainguard.dev/sdk v0.1.28/go.mod
h1:9EvGI9GY5UPDbZ5AhGbMO8865ixNu36afQYCZ5M95NM=
cloud.google.com/go v0.26.0/go.mod
h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.10.2
h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo=
-cloud.google.com/go/auth v0.10.2/go.mod
h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
-cloud.google.com/go/auth/oauth2adapt v0.2.5
h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk=
-cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod
h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
+cloud.google.com/go/auth v0.12.1
h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4=
+cloud.google.com/go/auth v0.12.1/go.mod
h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4=
+cloud.google.com/go/auth/oauth2adapt v0.2.6
h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
+cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod
h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
cloud.google.com/go/compute/metadata v0.5.2
h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
cloud.google.com/go/compute/metadata v0.5.2/go.mod
h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
@@ -152,28 +152,16 @@
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod
h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod
h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod
h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod
h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod
h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v1.2.0/go.mod
h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2/go.mod
h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.3/go.mod
h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod
h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod
h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod
h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod
h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod
h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod
h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.3/go.mod
h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.5.4
h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod
h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/go-cmp v0.2.0/go.mod
h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod
h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod
h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.4/go.mod
h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9/go.mod
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
@@ -186,7 +174,6 @@
github.com/google/s2a-go v0.1.8/go.mod
h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod
h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
-github.com/google/uuid v1.1.2/go.mod
h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod
h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.3.4
h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
@@ -269,8 +256,8 @@
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod
h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
github.com/oklog/ulid v1.3.1/go.mod
h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
-github.com/onsi/gomega v1.27.10/go.mod
h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod
h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
github.com/opencontainers/go-digest v1.0.0
h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod
h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0
h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -308,8 +295,8 @@
github.com/rivo/uniseg v0.2.0/go.mod
h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod
h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.12.0
h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod
h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1
h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod
h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/russross/blackfriday/v2 v2.1.0/go.mod
h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/sassoftware/relic v7.2.1+incompatible
h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=
github.com/sassoftware/relic v7.2.1+incompatible/go.mod
h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk=
@@ -341,15 +328,10 @@
github.com/spf13/pflag v1.0.5/go.mod
h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod
h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0/go.mod
h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod
h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod
h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod
h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.7.0/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.0/go.mod
h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod
h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.10.0
h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod
h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/theupdateframework/go-tuf v0.7.0
h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI=
@@ -375,24 +357,24 @@
go.lsp.dev/uri v0.3.0/go.mod h1:P5sbO1IQR+qySTWOCnhnK7phBx+W3zbLqSMDJNTw88I=
go.mongodb.org/mongo-driver v1.14.0
h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
go.mongodb.org/mongo-driver v1.14.0/go.mod
h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/auto/sdk v1.1.0
h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod
h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0=
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0
h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod
h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI=
-go.opentelemetry.io/otel v1.32.0
h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
-go.opentelemetry.io/otel v1.32.0/go.mod
h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel v1.33.0
h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
+go.opentelemetry.io/otel v1.33.0/go.mod
h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0
h1:dIIDULZJpgdiHz5tXrTgKIMLkus6jEFa7x5SOKcyR7E=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0/go.mod
h1:jlRVBe7+Z1wyxFSUs48L6OBQZ5JwH2Hg/Vbl+t9rAgI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0
h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod
h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk=
-go.opentelemetry.io/otel/metric v1.32.0
h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
-go.opentelemetry.io/otel/metric v1.32.0/go.mod
h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
+go.opentelemetry.io/otel/metric v1.33.0
h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
+go.opentelemetry.io/otel/metric v1.33.0/go.mod
h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
go.opentelemetry.io/otel/sdk v1.29.0
h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo=
go.opentelemetry.io/otel/sdk v1.29.0/go.mod
h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok=
-go.opentelemetry.io/otel/trace v1.32.0
h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
-go.opentelemetry.io/otel/trace v1.32.0/go.mod
h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
+go.opentelemetry.io/otel/trace v1.33.0
h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
+go.opentelemetry.io/otel/trace v1.33.0/go.mod
h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
go.opentelemetry.io/proto/otlp v1.3.1
h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
go.opentelemetry.io/proto/otlp v1.3.1/go.mod
h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.step.sm/crypto v0.55.0 h1:575Q7NahuM/ZRxUVN1GkO2e1aDYQJqIIg+nbfOajQJk=
@@ -415,8 +397,8 @@
golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod
h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
golang.org/x/crypto v0.7.0/go.mod
h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.19.0/go.mod
h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
-golang.org/x/crypto v0.29.0/go.mod
h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod
h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod
h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod
h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
@@ -439,7 +421,6 @@
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod
h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod
h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod
h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod
h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod
h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
@@ -447,8 +428,8 @@
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
-golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod
h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
golang.org/x/oauth2 v0.24.0/go.mod
h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -490,8 +471,8 @@
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
golang.org/x/term v0.17.0/go.mod
h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
-golang.org/x/term v0.26.0/go.mod
h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
+golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
+golang.org/x/term v0.27.0/go.mod
h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -501,8 +482,8 @@
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.14.0/go.mod
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
-golang.org/x/text v0.20.0/go.mod
h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod
h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -517,42 +498,31 @@
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod
h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.12/go.mod
h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod
h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE=
-golang.org/x/tools v0.25.0/go.mod
h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod
h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod
h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w=
-google.golang.org/api v0.209.0/go.mod
h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM=
+google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg=
+google.golang.org/api v0.211.0/go.mod
h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0=
google.golang.org/appengine v1.1.0/go.mod
h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod
h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod
h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod
h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod
h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod
h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28
h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
-google.golang.org/genproto/googleapis/api
v0.0.0-20241104194629-dd2ea8efbc28/go.mod
h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f
h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo=
-google.golang.org/genproto/googleapis/rpc
v0.0.0-20241113202542-65e8d215514f/go.mod
h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697
h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ=
+google.golang.org/genproto/googleapis/api
v0.0.0-20241118233622-e639e219e697/go.mod
h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583
h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10=
+google.golang.org/genproto/googleapis/rpc
v0.0.0-20241206012308-a4fef0638583/go.mod
h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
google.golang.org/grpc v1.18.0/go.mod
h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod
h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod
h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod
h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod
h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.29.1/go.mod
h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.33.2/go.mod
h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
google.golang.org/grpc v1.67.1/go.mod
h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod
h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod
h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod
h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod
h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod
h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod
h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod
h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod
h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod
h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
google.golang.org/protobuf v1.35.2
h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
google.golang.org/protobuf v1.35.2/go.mod
h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -576,7 +546,7 @@
honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod
h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4=
-k8s.io/apimachinery v0.31.3/go.mod
h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod
h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
sigs.k8s.io/release-utils v0.8.5
h1:FUtFqEAN621gSXv0L7kHyWruBeS7TUU9aWf76olX7uQ=
sigs.k8s.io/release-utils v0.8.5/go.mod
h1:qsm5bdxdgoHkD8HsXpgme2/c3mdsNaiV53Sz2HmKeJA=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/internal/cli/build.go
new/apko-0.22.2/internal/cli/build.go
--- old/apko-0.21.0/internal/cli/build.go 2024-12-11 23:02:06.000000000
+0100
+++ new/apko-0.22.2/internal/cli/build.go 2024-12-14 19:47:58.000000000
+0100
@@ -22,6 +22,7 @@
"log/slog"
"os"
"path/filepath"
+ "slices"
"sync"
"github.com/google/go-containerregistry/pkg/v1/layout"
@@ -38,6 +39,7 @@
"chainguard.dev/apko/pkg/build/oci"
"chainguard.dev/apko/pkg/build/types"
"chainguard.dev/apko/pkg/sbom"
+ "chainguard.dev/apko/pkg/tarfs"
)
func buildCmd() *cobra.Command {
@@ -236,6 +238,7 @@
// computation.
multiArchBDE := o.SourceDateEpoch
+ configs, _, err := build.LockImageConfiguration(ctx, *ic, opts...)
mc, err := build.NewMultiArch(ctx, archs, opts...)
if err != nil {
return nil, nil, err
@@ -247,26 +250,27 @@
}
}
- // This is a little different, but we use a multiarch builder to call
BuildLayers because we want
- // each architecture to be aware of the other architectures during the
solve stage. We don't want
- // to select any packages unless they are available on every
architecture because we want solutions
- // to match across architectures.
- //
- // Eventually, we probably want to do something similar for all this
logic around stitching images together.
- layers, err := mc.BuildLayers(ctx)
- if err != nil {
- return nil, nil, fmt.Errorf("building layers: %w", err)
- }
-
- for _, arch := range archs {
- arch := arch
-
+ for arch, ic := range configs {
errg.Go(func() error {
+ if arch == "index" {
+ return nil
+ }
+
+ arch := types.ParseArchitecture(arch)
log := clog.New(slog.Default().Handler()).With("arch",
arch.ToAPK())
ctx := clog.WithLogger(ctx, log)
- bc := mc.Contexts[arch]
- layer := layers[arch]
+ opts := slices.Clone(opts)
+ opts = append(opts, build.WithArch(arch),
build.WithImageConfiguration(*ic))
+
+ bc, err := build.New(ctx, tarfs.New(), opts...)
+ if err != nil {
+ return fmt.Errorf("new build for arch %s: %w",
arch, err)
+ }
+ _, layer, err := bc.BuildLayer(ctx)
+ if err != nil {
+ return fmt.Errorf("building %q layer: %w",
arch, err)
+ }
// Compute the "build date epoch" from the packages
that were
// installed. The "build date epoch" is the MAX of the
builddate
@@ -285,6 +289,14 @@
return fmt.Errorf("failed to build OCI image
for %q: %w", arch, err)
}
+ var outputs []types.SBOM
+ if len(o.SBOMFormats) != 0 {
+ outputs, err = bc.GenerateImageSBOM(ctx, arch,
img)
+ if err != nil {
+ return fmt.Errorf("generating sbom for
%s: %w", arch, err)
+ }
+ }
+
mtx.Lock()
defer mtx.Unlock()
@@ -294,6 +306,10 @@
multiArchBDE = bde
}
+ if len(o.SBOMFormats) != 0 {
+ sboms = append(sboms, outputs...)
+ }
+
return nil
})
}
@@ -323,34 +339,6 @@
// the sboms are saved to the same working directory as the image
components
if len(o.SBOMFormats) != 0 {
- var (
- g errgroup.Group
- mtx sync.Mutex
- )
- for arch, img := range imgs {
- arch, img := arch, img
- bc := mc.Contexts[arch]
-
- g.Go(func() error {
- log :=
clog.New(slog.Default().Handler()).With("arch", arch.ToAPK())
- ctx := clog.WithLogger(ctx, log)
-
- outputs, err := bc.GenerateImageSBOM(ctx, arch,
img)
- if err != nil {
- return fmt.Errorf("generating sbom for
%s: %w", arch, err)
- }
- mtx.Lock()
- defer mtx.Unlock()
-
- sboms = append(sboms, outputs...)
- return nil
- })
- }
-
- if err := g.Wait(); err != nil {
- return nil, nil, err
- }
-
files, err := build.GenerateIndexSBOM(ctx, *o, *ic,
finalDigest, imgs)
if err != nil {
return nil, nil, fmt.Errorf("generating index SBOM:
%w", err)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/internal/cli/publish_test.go
new/apko-0.22.2/internal/cli/publish_test.go
--- old/apko-0.21.0/internal/cli/publish_test.go 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/internal/cli/publish_test.go 2024-12-14
19:47:58.000000000 +0100
@@ -91,7 +91,7 @@
// This test will fail if we ever make a change in apko that changes
the image.
// Sometimes, this is intentional, and we need to change this and bump
the version.
- want :=
"sha256:f341d69eddfffdd181935fe3cffe185fdf20778835b797089a818e0b1b540f93"
+ want :=
"sha256:df086c6b126032e9ed1b4aa6fecdb6988b45d86d9c1e8d2eb81dea647f4c7a7f"
require.Equal(t, want, digest.String())
sdst := fmt.Sprintf("%s:%s.sbom", dst, strings.ReplaceAll(want, ":",
"-"))
@@ -109,7 +109,7 @@
// This test will fail if we ever make a change in apko that changes
the SBOM.
// Sometimes, this is intentional, and we need to change this and bump
the version.
- swant :=
"sha256:9d55cc224dadc94faf9f2fb974a55e10d523625df652954030f5f7f3210b427a"
+ swant :=
"sha256:d1faff2316aa480d1400e6c86af431402cee84f980b97a06f096bdab9a52075f"
require.Equal(t, swant, got)
im, err := idx.IndexManifest()
@@ -118,8 +118,8 @@
// We also want to check the children SBOMs because the index SBOM does
not have
// references to the children SBOMs, just the children!
wantBoms := []string{
-
"sha256:c2edd8bec2034de667ac19701eed3032512190cf0d46300acef5afccee01dbd1",
-
"sha256:94213634580d1d5feb97cdcc030f804d28ed6f8e77cde225b0aae53d5b927a33",
+
"sha256:c483478580314a253c2170b32de7686d1664ec936be3a4df51ef2bba92c46261",
+
"sha256:18d9c631ac5656d52d2595bc80195ad1c68c517db8bded1ec229f775ee682d98",
}
for i, m := range im.Manifests {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea
1970-01-01 01:00:00.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea
2024-12-14 19:47:58.000000000 +0100
@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":593,"digest":"sha256:5e0be8f8dbc1497d60148df3be08869342df17c951370416999e19cda0d36624"},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","size":3272,"digest":"sha256:89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7"}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1
2024-12-11 23:02:06.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1
1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":593,"digest":"sha256:c4fba92e353f8a3be76c9feaa4763c3f9177697364fe54943eda3f51ec641d55"},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","size":3249,"digest":"sha256:e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0"}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
\ No newline at end of file
Binary files
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328
and
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328
differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7
1970-01-01 01:00:00.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7
2024-12-14 19:47:58.000000000 +0100
@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":593,"digest":"sha256:cff7a34bf75690ef289b741fd026cb52cac94ff0f057996c829ac546f6819c75"},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","size":3273,"digest":"sha256:fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb"}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/41b285b4a6870e47e59ef34f87d3637a202783f535d70d0152c53d80f57c90a2
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/41b285b4a6870e47e59ef34f87d3637a202783f535d70d0152c53d80f57c90a2
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/41b285b4a6870e47e59ef34f87d3637a202783f535d70d0152c53d80f57c90a2
2024-12-11 23:02:06.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/41b285b4a6870e47e59ef34f87d3637a202783f535d70d0152c53d80f57c90a2
1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-{"architecture":"amd64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This
is an apko single-layer
image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:63d864eaf7996ff3b8364aec6f9885d4325baf1671204f24337d10295c069e5c"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57
2024-12-11 23:02:06.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57
1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":593,"digest":"sha256:41b285b4a6870e47e59ef34f87d3637a202783f535d70d0152c53d80f57c90a2"},"layers":[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","size":3239,"digest":"sha256:26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328"}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/5e0be8f8dbc1497d60148df3be08869342df17c951370416999e19cda0d36624
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/5e0be8f8dbc1497d60148df3be08869342df17c951370416999e19cda0d36624
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/5e0be8f8dbc1497d60148df3be08869342df17c951370416999e19cda0d36624
1970-01-01 01:00:00.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/5e0be8f8dbc1497d60148df3be08869342df17c951370416999e19cda0d36624
2024-12-14 19:47:58.000000000 +0100
@@ -0,0 +1 @@
+{"architecture":"amd64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This
is an apko single-layer
image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:8f9c734d8ec1cd189067042886090e052d1e32c6622124061dd7baf8be1c1e56"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
\ No newline at end of file
Binary files
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7
and
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7
differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/c4fba92e353f8a3be76c9feaa4763c3f9177697364fe54943eda3f51ec641d55
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/c4fba92e353f8a3be76c9feaa4763c3f9177697364fe54943eda3f51ec641d55
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/c4fba92e353f8a3be76c9feaa4763c3f9177697364fe54943eda3f51ec641d55
2024-12-11 23:02:06.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/c4fba92e353f8a3be76c9feaa4763c3f9177697364fe54943eda3f51ec641d55
1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-{"architecture":"arm64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This
is an apko single-layer
image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:70043edb168572d0c65b9545471f090ecbf2eefccc466e2ba3fd01df5cbe00d3"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/cff7a34bf75690ef289b741fd026cb52cac94ff0f057996c829ac546f6819c75
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/cff7a34bf75690ef289b741fd026cb52cac94ff0f057996c829ac546f6819c75
---
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/cff7a34bf75690ef289b741fd026cb52cac94ff0f057996c829ac546f6819c75
1970-01-01 01:00:00.000000000 +0100
+++
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/cff7a34bf75690ef289b741fd026cb52cac94ff0f057996c829ac546f6819c75
2024-12-14 19:47:58.000000000 +0100
@@ -0,0 +1 @@
+{"architecture":"arm64","author":"github.com/chainguard-dev/apko","created":"1970-01-01T00:00:00Z","history":[{"author":"apko","created":"1970-01-01T00:00:00Z","created_by":"apko","comment":"This
is an apko single-layer
image"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:ae5eac0428855226d637f784d90664e537cb40a42871dc7e58daabf93cfe86ca"]},"config":{"Entrypoint":["/bin/sh","-l"],"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Labels":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}}
\ No newline at end of file
Binary files
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0
and
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0
differ
Binary files
old/apko-0.21.0/internal/cli/testdata/golden/blobs/sha256/fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb
and
new/apko-0.22.2/internal/cli/testdata/golden/blobs/sha256/fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb
differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/internal/cli/testdata/golden/index.json
new/apko-0.22.2/internal/cli/testdata/golden/index.json
--- old/apko-0.21.0/internal/cli/testdata/golden/index.json 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/internal/cli/testdata/golden/index.json 2024-12-14
19:47:58.000000000 +0100
@@ -1 +1 @@
-{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57","platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1","platform":{"architecture":"arm64","os":"linux"}}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
\ No newline at end of file
+{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea","platform":{"architecture":"amd64","os":"linux"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":476,"digest":"sha256:2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7","platform":{"architecture":"arm64","os":"linux"}}],"annotations":{"org.opencontainers.image.created":"1970-01-01T00:00:00Z"}}
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
new/apko-0.22.2/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
--- old/apko-0.21.0/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
2024-12-11 23:02:06.000000000 +0100
+++ new/apko-0.22.2/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
2024-12-14 19:47:58.000000000 +0100
@@ -1,6 +1,6 @@
{
"SPDXID": "SPDXRef-DOCUMENT",
- "name":
"sbom-sha256:e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0",
+ "name":
"sbom-sha256:fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb",
"spdxVersion": "SPDX-2.3",
"creationInfo": {
"created": "1970-01-01T00:00:00Z",
@@ -13,13 +13,13 @@
"dataLicense": "CC0-1.0",
"documentNamespace": "https://spdx.org/spdxdocs/apko/";,
"documentDescribes": [
-
"SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
+
"SPDXRef-Package-sha256-2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7"
],
"packages": [
{
- "SPDXID":
"SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
- "name":
"sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
- "versionInfo":
"sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+ "SPDXID":
"SPDXRef-Package-sha256-2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
+ "name":
"sha256:2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
+ "versionInfo":
"sha256:2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
"filesAnalyzed": false,
"description": "apko container image",
"downloadLocation": "NOASSERTION",
@@ -28,20 +28,20 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue":
"18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
+ "checksumValue":
"2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7"
}
],
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3A18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+ "referenceLocator":
"pkg:oci/golden@sha256%3A2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
"referenceType": "purl"
}
]
},
{
- "SPDXID":
"SPDXRef-Package-sha256-e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0",
- "name":
"sha256:e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0",
+ "SPDXID":
"SPDXRef-Package-sha256-fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb",
+ "name":
"sha256:fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb",
"versionInfo": "1.0.0",
"filesAnalyzed": false,
"description": "apko operating system layer",
@@ -50,7 +50,7 @@
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3Ae29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip\u0026os=linux",
+ "referenceLocator":
"pkg:oci/golden@sha256%3Afab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip\u0026os=linux",
"referenceType": "purl"
}
]
@@ -96,9 +96,9 @@
],
"relationships": [
{
- "spdxElementId":
"SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+ "spdxElementId":
"SPDXRef-Package-sha256-2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
"relationshipType": "CONTAINS",
- "relatedSpdxElement":
"SPDXRef-Package-sha256-e29f907eae193b71f82232ac873a7f2bbe3d5e3b841c729b6a58706750f01ce0"
+ "relatedSpdxElement":
"SPDXRef-Package-sha256-fab53f6bbeb155d8f33acb6e7a1d961317ffb6352fc775b133b1af8656a6d0bb"
}
]
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/sboms/sbom-index.spdx.json
new/apko-0.22.2/internal/cli/testdata/golden/sboms/sbom-index.spdx.json
--- old/apko-0.21.0/internal/cli/testdata/golden/sboms/sbom-index.spdx.json
2024-12-11 23:02:06.000000000 +0100
+++ new/apko-0.22.2/internal/cli/testdata/golden/sboms/sbom-index.spdx.json
2024-12-14 19:47:58.000000000 +0100
@@ -1,6 +1,6 @@
{
"SPDXID": "SPDXRef-DOCUMENT",
- "name":
"sbom-sha256:3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
+ "name":
"sbom-sha256:8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544",
"spdxVersion": "SPDX-2.3",
"creationInfo": {
"created": "1970-01-01T00:00:00Z",
@@ -13,13 +13,13 @@
"dataLicense": "CC0-1.0",
"documentNamespace": "https://spdx.org/spdxdocs/apko/";,
"documentDescribes": [
-
"SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48"
+
"SPDXRef-Package-sha256-8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544"
],
"packages": [
{
- "SPDXID":
"SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
- "name":
"sha256:3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
- "versionInfo":
"sha256:3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
+ "SPDXID":
"SPDXRef-Package-sha256-8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544",
+ "name":
"sha256:8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544",
+ "versionInfo":
"sha256:8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544",
"filesAnalyzed": false,
"description": "Multi-arch image index",
"downloadLocation": "NOASSERTION",
@@ -29,21 +29,21 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue":
"3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48"
+ "checksumValue":
"8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544"
}
],
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3A3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48?mediaType=application%2Fvnd.oci.image.index.v1%2Bjson",
+ "referenceLocator":
"pkg:oci/golden@sha256%3A8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544?mediaType=application%2Fvnd.oci.image.index.v1%2Bjson",
"referenceType": "purl"
}
]
},
{
- "SPDXID":
"SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
- "name":
"sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
- "versionInfo":
"sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
+ "SPDXID":
"SPDXRef-Package-sha256-0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
+ "name":
"sha256:0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
+ "versionInfo":
"sha256:0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
"filesAnalyzed": false,
"downloadLocation": "NOASSERTION",
"supplier": "Organization: Chainguard, Inc.",
@@ -51,21 +51,21 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue":
"5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57"
+ "checksumValue":
"0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea"
}
],
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3A5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+ "referenceLocator":
"pkg:oci/golden@sha256%3A0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
"referenceType": "purl"
}
]
},
{
- "SPDXID":
"SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
- "name":
"sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
- "versionInfo":
"sha256:18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1",
+ "SPDXID":
"SPDXRef-Package-sha256-2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
+ "name":
"sha256:2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
+ "versionInfo":
"sha256:2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7",
"filesAnalyzed": false,
"downloadLocation": "NOASSERTION",
"supplier": "Organization: Chainguard, Inc.",
@@ -73,13 +73,13 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue":
"18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
+ "checksumValue":
"2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7"
}
],
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3A18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+ "referenceLocator":
"pkg:oci/golden@sha256%3A2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7?arch=arm64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
"referenceType": "purl"
}
]
@@ -87,14 +87,14 @@
],
"relationships": [
{
- "spdxElementId":
"SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
+ "spdxElementId":
"SPDXRef-Package-sha256-8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544",
"relationshipType": "VARIANT_OF",
- "relatedSpdxElement":
"SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57"
+ "relatedSpdxElement":
"SPDXRef-Package-sha256-0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea"
},
{
- "spdxElementId":
"SPDXRef-Package-sha256-3417c902dcb83e99e0d185955ebba370841866b889fc9d216780a64627c87d48",
+ "spdxElementId":
"SPDXRef-Package-sha256-8d9ac8b5cdf43d1d65837f5c947c2ef573ba65bffa9c41aa86afefb5fcd72544",
"relationshipType": "VARIANT_OF",
- "relatedSpdxElement":
"SPDXRef-Package-sha256-18d41b1f595d19375dc45a14f87f64e736d577e618fc77707bb710a8e59842b1"
+ "relatedSpdxElement":
"SPDXRef-Package-sha256-2daa2a0b7c784bbda06b9a342d2b70e72d4f213642f488250fdb62ccd65a4ba7"
}
]
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.21.0/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
new/apko-0.22.2/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
--- old/apko-0.21.0/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
2024-12-11 23:02:06.000000000 +0100
+++ new/apko-0.22.2/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
2024-12-14 19:47:58.000000000 +0100
@@ -1,6 +1,6 @@
{
"SPDXID": "SPDXRef-DOCUMENT",
- "name":
"sbom-sha256:26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328",
+ "name":
"sbom-sha256:89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7",
"spdxVersion": "SPDX-2.3",
"creationInfo": {
"created": "1970-01-01T00:00:00Z",
@@ -13,13 +13,13 @@
"dataLicense": "CC0-1.0",
"documentNamespace": "https://spdx.org/spdxdocs/apko/";,
"documentDescribes": [
-
"SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57"
+
"SPDXRef-Package-sha256-0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea"
],
"packages": [
{
- "SPDXID":
"SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
- "name":
"sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
- "versionInfo":
"sha256:5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
+ "SPDXID":
"SPDXRef-Package-sha256-0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
+ "name":
"sha256:0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
+ "versionInfo":
"sha256:0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
"filesAnalyzed": false,
"description": "apko container image",
"downloadLocation": "NOASSERTION",
@@ -28,20 +28,20 @@
"checksums": [
{
"algorithm": "SHA256",
- "checksumValue":
"5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57"
+ "checksumValue":
"0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea"
}
],
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3A5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
+ "referenceLocator":
"pkg:oci/golden@sha256%3A0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.manifest.v1%2Bjson\u0026os=linux",
"referenceType": "purl"
}
]
},
{
- "SPDXID":
"SPDXRef-Package-sha256-26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328",
- "name":
"sha256:26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328",
+ "SPDXID":
"SPDXRef-Package-sha256-89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7",
+ "name":
"sha256:89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7",
"versionInfo": "1.0.0",
"filesAnalyzed": false,
"description": "apko operating system layer",
@@ -50,7 +50,7 @@
"externalRefs": [
{
"referenceCategory": "PACKAGE-MANAGER",
- "referenceLocator":
"pkg:oci/golden@sha256%3A26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip\u0026os=linux",
+ "referenceLocator":
"pkg:oci/golden@sha256%3A89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7?arch=amd64\u0026mediaType=application%2Fvnd.oci.image.layer.v1.tar%2Bgzip\u0026os=linux",
"referenceType": "purl"
}
]
@@ -96,9 +96,9 @@
],
"relationships": [
{
- "spdxElementId":
"SPDXRef-Package-sha256-5398671bcb1dc210cfb253a808be94fff70723d939d7ce6d8053a823f4720d57",
+ "spdxElementId":
"SPDXRef-Package-sha256-0c3a3431cb3d08f1de9b3ebd19671fe54c227a6cfd33c1164cb8f67a86baadea",
"relationshipType": "CONTAINS",
- "relatedSpdxElement":
"SPDXRef-Package-sha256-26344c4399ce8d47eed8a16da31044b45634ab26a8e43493574a7c944ca35328"
+ "relatedSpdxElement":
"SPDXRef-Package-sha256-89c9e3bd4d4968247bdf82182560718f22427628a3c112902377fa7ff897f9f7"
}
]
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/pkg/apk/apk/implementation.go
new/apko-0.22.2/pkg/apk/apk/implementation.go
--- old/apko-0.21.0/pkg/apk/apk/implementation.go 2024-12-11
23:02:06.000000000 +0100
+++ new/apko-0.22.2/pkg/apk/apk/implementation.go 2024-12-14
19:47:58.000000000 +0100
@@ -135,6 +135,7 @@
{"/dev", 0o755},
{"/etc", 0o755},
{"/lib", 0o755},
+ {"/opt", 0o755},
{"/proc", 0o555},
{"/var", 0o755},
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.21.0/pkg/apk/signature/sign.go
new/apko-0.22.2/pkg/apk/signature/sign.go
--- old/apko-0.21.0/pkg/apk/signature/sign.go 2024-12-11 23:02:06.000000000
+0100
+++ new/apko-0.22.2/pkg/apk/signature/sign.go 2024-12-14 19:47:58.000000000
+0100
@@ -55,24 +55,24 @@
//
// Done:
// Step 0) apk-tools supports RSA256 since 2017
- // This PR:
// Step 1) Upgrade all deployments of melange/go-apk with verification
support for RSA256
- // Follow-up:
- // Step 2) Turn off RSA signatures & turn on RSA256 signatures
- //
- // Enable both (incorrectly ordered dual-signed) only for local testing
- sigs := []struct {
- filename string
- digestType crypto.Hash
- }{
- {
- "RSA",
- crypto.SHA1,
- },
- // {
- // "RSA256",
- // crypto.SHA256,
- // },
+ // This PR:
+ // Step 2) Turn on RSA256 signatures, with RSA escape hatch
+ // Next:
+ // Step 3) Remove RSA escape hatch
+
+ filename := "RSA256"
+ digestType := crypto.SHA256
+
+ if digest, ok := os.LookupEnv("SIGNING_DIGEST"); ok {
+ switch digest {
+ case "SHA256":
+ case "SHA1":
+ filename = "RSA"
+ digestType = crypto.SHA1
+ default:
+ return fmt.Errorf("unsupported SIGNING_DIGEST")
+ }
}
indexData, err := os.ReadFile(indexFile)
@@ -81,22 +81,20 @@
}
sigFS := memfs.New()
- for _, sig := range sigs {
- indexDigest, err := HashData(indexData, sig.digestType)
- if err != nil {
- return err
- }
+ indexDigest, err := HashData(indexData, digestType)
+ if err != nil {
+ return err
+ }
- sigData, err := RSASignDigest(indexDigest, sig.digestType,
signingKey, "")
- if err != nil {
- return fmt.Errorf("unable to sign index: %w", err)
- }
+ sigData, err := RSASignDigest(indexDigest, digestType, signingKey, "")
+ if err != nil {
+ return fmt.Errorf("unable to sign index: %w", err)
+ }
- log.Infof("appending signature %s to index %s", sig.filename,
indexFile)
+ log.Infof("appending signature %s to index %s", filename, indexFile)
- if err := sigFS.WriteFile(fmt.Sprintf(".SIGN.%s.%s.pub",
sig.filename, filepath.Base(signingKey)), sigData, 0644); err != nil {
- return fmt.Errorf("unable to append signature: %w", err)
- }
+ if err := sigFS.WriteFile(fmt.Sprintf(".SIGN.%s.%s.pub", filename,
filepath.Base(signingKey)), sigData, 0644); err != nil {
+ return fmt.Errorf("unable to append signature: %w", err)
}
// prepare control.tar.gz
++++++ apko.obsinfo ++++++
--- /var/tmp/diff_new_pack.7SmJxR/_old 2024-12-16 19:11:11.551666662 +0100
+++ /var/tmp/diff_new_pack.7SmJxR/_new 2024-12-16 19:11:11.555666828 +0100
@@ -1,5 +1,5 @@
name: apko
-version: 0.21.0
-mtime: 1733954526
-commit: d45b6da444f211f49e25d25d26cc0241023d22c8
+version: 0.22.2
+mtime: 1734202078
+commit: 559534fa1a0f3e719335aa06a9aa1dbd6609fa25
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/apko/vendor.tar.gz
/work/SRC/openSUSE:Factory/.apko.new.29675/vendor.tar.gz differ: char 5, line 1
