Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package melange for openSUSE:Factory checked
in at 2025-01-12 11:22:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
and /work/SRC/openSUSE:Factory/.melange.new.1881 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "melange"
Sun Jan 12 11:22:41 2025 rev:57 rq:1237036 version:0.19.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/melange/melange.changes 2024-12-30
12:52:34.322191402 +0100
+++ /work/SRC/openSUSE:Factory/.melange.new.1881/melange.changes
2025-01-12 11:29:09.219448650 +0100
@@ -1,0 +2,21 @@
+Sat Jan 11 12:10:16 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.19.0:
+ * feat: add support to add and drop linux capabilities (#1702)
+ * Update pkg/build/pipeline.go
+ * Update pkg/build/pipeline.go
+ * build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0
+ * build(deps): bump github.com/invopop/jsonschema from 0.12.0 to
+ 0.13.0
+ * build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0
+ * build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to
+ 5.13.1
+ * minor go cleanup
+ * minor go cleanup
+ * build(deps): bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0
+ * Fix(piepline): use correct comment systax
+ * fix: Move the go mod tidy after cd to modrootfeat: Check if
+ go.mod file exiest in modroot dir to ensure modroot is set
+ correctly
+
+-------------------------------------------------------------------
Old:
----
melange-0.18.3.obscpio
New:
----
melange-0.19.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.gwI1t4/_old 2025-01-12 11:29:09.947478609 +0100
+++ /var/tmp/diff_new_pack.gwI1t4/_new 2025-01-12 11:29:09.947478609 +0100
@@ -1,7 +1,7 @@
#
# spec file for package melange
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: melange
-Version: 0.18.3
+Version: 0.19.0
Release: 0
Summary: Build APKs from source code
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.gwI1t4/_old 2025-01-12 11:29:09.979479926 +0100
+++ /var/tmp/diff_new_pack.gwI1t4/_new 2025-01-12 11:29:09.983480091 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/melange</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.18.3</param>
+ <param name="revision">v0.19.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.gwI1t4/_old 2025-01-12 11:29:10.003480914 +0100
+++ /var/tmp/diff_new_pack.gwI1t4/_new 2025-01-12 11:29:10.007481079 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/melange</param>
- <param
name="changesrevision">fe103190cecea4938e1bbeb88e3179023cc69c2e</param></service></servicedata>
+ <param
name="changesrevision">1c0002b45a39afb617493c0cce16ce21ecb3411d</param></service></servicedata>
(No newline at EOF)
++++++ melange-0.18.3.obscpio -> melange-0.19.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/Makefile new/melange-0.19.0/Makefile
--- old/melange-0.18.3/Makefile 2024-12-25 02:24:02.000000000 +0100
+++ new/melange-0.19.0/Makefile 2025-01-10 12:34:58.000000000 +0100
@@ -117,7 +117,7 @@
setup-golangci-lint:
rm -f $(GOLANGCI_LINT_BIN) || :
set -e ;
- GOBIN=$(GOLANGCI_LINT_DIR) go install
github.com/golangci/golangci-lint/cmd/golangci-lint@v1.59.0;
+ GOBIN=$(GOLANGCI_LINT_DIR) go install
github.com/golangci/golangci-lint/cmd/golangci-lint@v1.63.4;
.PHONY: fmt
fmt: ## Format all go files
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/melange-0.18.3/e2e-tests/capabilities-add-drop-build.yaml
new/melange-0.19.0/e2e-tests/capabilities-add-drop-build.yaml
--- old/melange-0.18.3/e2e-tests/capabilities-add-drop-build.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/melange-0.19.0/e2e-tests/capabilities-add-drop-build.yaml
2025-01-10 12:34:58.000000000 +0100
@@ -0,0 +1,31 @@
+package:
+ name: busybox
+ description: Capabilities add-drop feature test
+ version: 0.1.0
+ epoch: 0
+
+capabilities:
+ add:
+ - CAP_NET_ADMIN
+ drop:
+ - CAP_SYS_ADMIN
+ - CAP_SYS_CHROOT
+
+environment:
+ contents:
+ packages:
+ - busybox
+ - cmd:capsh
+
+pipeline:
+ - name: Test default effective capability
+ runs: |
+ capsh --decode=$(grep CapEff /proc/self/status | cut -d ':' -f2 | xargs)
| grep -i cap_dac_override
+
+ - name: Test added non-default effective capability
+ runs: |
+ capsh --decode=$(grep CapEff /proc/self/status | cut -d ':' -f2 | xargs)
| grep -i cap_net_admin
+
+ - name: Test dropped default effective capability
+ runs: |
+ capsh --decode=$(grep CapEff /proc/self/status | cut -d ':' -f2 | xargs)
| grep -vi cap_sys_chroot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/melange-0.18.3/e2e-tests/capabilities-add-drop-nopkg-test.yaml
new/melange-0.19.0/e2e-tests/capabilities-add-drop-nopkg-test.yaml
--- old/melange-0.18.3/e2e-tests/capabilities-add-drop-nopkg-test.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/melange-0.19.0/e2e-tests/capabilities-add-drop-nopkg-test.yaml
2025-01-10 12:34:58.000000000 +0100
@@ -0,0 +1,33 @@
+package:
+ name: busybox
+ description: Capabilities add-drop feature test
+ version: 0.1.0
+ epoch: 0
+
+capabilities:
+ add:
+ - CAP_NET_ADMIN
+ drop:
+ - CAP_SYS_ADMIN
+ - CAP_SYS_CHROOT
+
+pipeline:
+
+test:
+ environment:
+ contents:
+ packages:
+ - busybox
+ - cmd:capsh
+ pipeline:
+ - name: Test default effective capability
+ runs: |
+ capsh --decode=$(grep CapEff /proc/self/status | cut -d ':' -f2 |
xargs) | grep -i cap_dac_override
+
+ - name: Test added non-default effective capability
+ runs: |
+ capsh --decode=$(grep CapEff /proc/self/status | cut -d ':' -f2 |
xargs) | grep -i cap_net_admin
+
+ - name: Test dropped default effective capability
+ runs: |
+ capsh --decode=$(grep CapEff /proc/self/status | cut -d ':' -f2 |
xargs) | grep -vi cap_sys_chroot
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/examples/capabilities-add-drop.yaml
new/melange-0.19.0/examples/capabilities-add-drop.yaml
--- old/melange-0.18.3/examples/capabilities-add-drop.yaml 1970-01-01
01:00:00.000000000 +0100
+++ new/melange-0.19.0/examples/capabilities-add-drop.yaml 2025-01-10
12:34:58.000000000 +0100
@@ -0,0 +1,27 @@
+package:
+ name: busybox
+ version: 0.1.0
+ epoch: 0
+
+capabilities:
+ add:
+ - CAP_NET_ADMIN
+ drop:
+ - CAP_SYS_ADMIN
+
+pipeline:
+ # Here your build pipeline.
+ # Capabilities are added/dropped to both build and test pipelines.
+
+test:
+ environment:
+ contents:
+ packages:
+ - busybox
+ - iproute2
+ pipeline:
+ # Note: you can't do it with bubblewrap runner,
+ # as it shares the host network namespace.
+ - name: Simulate a test attempting to create network interfaces
+ runs: |
+ ip link add dev myinterface type dummy
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/go.mod new/melange-0.19.0/go.mod
--- old/melange-0.18.3/go.mod 2024-12-25 02:24:02.000000000 +0100
+++ new/melange-0.19.0/go.mod 2025-01-10 12:34:58.000000000 +0100
@@ -14,17 +14,18 @@
github.com/docker/docker v27.4.1+incompatible
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936
github.com/github/go-spdx/v2 v2.3.2
- github.com/go-git/go-git/v5 v5.12.0
+ github.com/go-git/go-git/v5 v5.13.1
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.2
github.com/google/go-github/v54 v54.0.0
github.com/ijt/goparsify v0.0.0-20221203142333-3a5276334b8d
- github.com/invopop/jsonschema v0.12.0
+ github.com/invopop/jsonschema v0.13.0
github.com/joho/godotenv v1.5.1
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
github.com/klauspost/compress v1.17.11
github.com/klauspost/pgzip v1.2.6
github.com/kubescape/go-git-url v0.0.30
+ github.com/moby/moby v27.4.0+incompatible
github.com/opencontainers/image-spec v1.1.0
github.com/package-url/packageurl-go v0.1.3
github.com/pkg/errors v0.9.1
@@ -41,15 +42,15 @@
golang.org/x/crypto v0.31.0
golang.org/x/exp v0.0.0-20241210194714-1829a127f884
golang.org/x/sync v0.10.0
- golang.org/x/sys v0.28.0
+ golang.org/x/sys v0.29.0
golang.org/x/text v0.21.0
- golang.org/x/time v0.8.0
+ golang.org/x/time v0.9.0
google.golang.org/api v0.214.0
gopkg.in/ini.v1 v1.67.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f
mvdan.cc/sh/v3 v3.10.0
- sigs.k8s.io/release-utils v0.8.5
+ sigs.k8s.io/release-utils v0.9.0
sigs.k8s.io/yaml v1.4.0
)
@@ -93,10 +94,12 @@
github.com/cloudflare/circl v1.5.0 // indirect
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
github.com/common-nighthawk/go-figure
v0.0.0-20210622060536-734e95fb86be // indirect
+ github.com/containerd/containerd v1.7.24 // indirect
+ github.com/containerd/log v0.1.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.16.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
github.com/cyberphone/json-canonicalization
v0.0.0-20231217050601-ba74d44ecf5f // indirect
- github.com/cyphar/filepath-securejoin v0.3.5 // indirect
+ github.com/cyphar/filepath-securejoin v0.3.6 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc //
indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
@@ -110,7 +113,7 @@
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-chi/chi v4.1.2+incompatible // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
- github.com/go-git/go-billy/v5 v5.6.0 // indirect
+ github.com/go-git/go-billy/v5 v5.6.1 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
github.com/go-logfmt/logfmt v0.6.0 // indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/go.sum new/melange-0.19.0/go.sum
--- old/melange-0.18.3/go.sum 2024-12-25 02:24:02.000000000 +0100
+++ new/melange-0.19.0/go.sum 2025-01-10 12:34:58.000000000 +0100
@@ -110,6 +110,8 @@
github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod
h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be
h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
github.com/common-nighthawk/go-figure
v0.0.0-20210622060536-734e95fb86be/go.mod
h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w=
+github.com/containerd/containerd v1.7.24
h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA=
+github.com/containerd/containerd v1.7.24/go.mod
h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
github.com/containerd/log v0.1.0
h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod
h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/stargz-snapshotter/estargz v0.16.2
h1:DMcqm1rd1ak2hFghkyHlquacSo+zRe+cysRR3CmSpGk=
@@ -121,8 +123,8 @@
github.com/creack/pty v1.1.23/go.mod
h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f
h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM=
github.com/cyberphone/json-canonicalization
v0.0.0-20231217050601-ba74d44ecf5f/go.mod
h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
-github.com/cyphar/filepath-securejoin v0.3.5
h1:L81NHjquoQmcPgXcttUS9qTSR/+bXry6pbSINQGpjj4=
-github.com/cyphar/filepath-securejoin v0.3.5/go.mod
h1:edhVd3c6OXKjUmSrVa/tGJRS9joFTxlslFCAyaxigkE=
+github.com/cyphar/filepath-securejoin v0.3.6
h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM=
+github.com/cyphar/filepath-securejoin v0.3.6/go.mod
h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
github.com/davecgh/go-spew v1.1.0/go.mod
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -147,8 +149,8 @@
github.com/dprotaso/go-yit v0.0.0-20220510233725-9ba8df137936/go.mod
h1:ttYvX5qlB+mlV1okblJqcSMtR4c52UKxDiX9GRBS8+Q=
github.com/dustin/go-humanize v1.0.1
h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod
h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a
h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod
h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM=
+github.com/elazarl/goproxy v1.2.3
h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ=
+github.com/elazarl/goproxy v1.2.3/go.mod
h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64=
github.com/emirpasic/gods v1.18.1
h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
github.com/emirpasic/gods v1.18.1/go.mod
h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod
h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -169,18 +171,18 @@
github.com/fsnotify/fsnotify v1.7.0/go.mod
h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/github/go-spdx/v2 v2.3.2
h1:IfdyNHTqzs4zAJjXdVQfRnxt1XMfycXoHBE2Vsm1bjs=
github.com/github/go-spdx/v2 v2.3.2/go.mod
h1:2ZxKsOhvBp+OYBDlsGnUMcchLeo2mrpEBn2L1C+U3IQ=
-github.com/gliderlabs/ssh v0.3.7
h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE=
-github.com/gliderlabs/ssh v0.3.7/go.mod
h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
+github.com/gliderlabs/ssh v0.3.8
h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=
+github.com/gliderlabs/ssh v0.3.8/go.mod
h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU=
github.com/go-chi/chi v4.1.2+incompatible
h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
github.com/go-chi/chi v4.1.2+incompatible/go.mod
h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376
h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod
h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.0
h1:w2hPNtoehvJIxR00Vb4xX94qHQi/ApZfX+nBE2Cjio8=
-github.com/go-git/go-billy/v5 v5.6.0/go.mod
h1:sFDq7xD3fn3E0GOwUSZqHo9lrkmx8xJhA0ZrfvjBRGM=
+github.com/go-git/go-billy/v5 v5.6.1
h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA=
+github.com/go-git/go-billy/v5 v5.6.1/go.mod
h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE=
github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399
h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
github.com/go-git/go-git-fixtures/v4
v4.3.2-0.20231010084843-55a94097c399/go.mod
h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
-github.com/go-git/go-git/v5 v5.12.0
h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=
-github.com/go-git/go-git/v5 v5.12.0/go.mod
h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY=
+github.com/go-git/go-git/v5 v5.13.1
h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M=
+github.com/go-git/go-git/v5 v5.13.1/go.mod
h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc=
github.com/go-jose/go-jose/v3 v3.0.3
h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
github.com/go-jose/go-jose/v3 v3.0.3/go.mod
h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
github.com/go-jose/go-jose/v4 v4.0.4
h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
@@ -294,8 +296,8 @@
github.com/ijt/goparsify v0.0.0-20221203142333-3a5276334b8d/go.mod
h1:112TOyA+aruNSUBlyBWlKBdLVYTdhjiO2CKD0j/URSU=
github.com/inconshreveable/mousetrap v1.1.0
h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod
h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/invopop/jsonschema v0.12.0
h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI=
-github.com/invopop/jsonschema v0.12.0/go.mod
h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
+github.com/invopop/jsonschema v0.13.0
h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E=
+github.com/invopop/jsonschema v0.13.0/go.mod
h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99
h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod
h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267
h1:TMtDYDHKYY15rFihtRfck/bfFqNfvcabqvXAFQfAUpY=
@@ -349,6 +351,8 @@
github.com/mitchellh/mapstructure v1.5.0/go.mod
h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/moby/docker-image-spec v1.3.1
h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod
h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/moby/moby v27.4.0+incompatible
h1:jGXXZCMAmFZS9pKsQqUt9yAPHOC450PM9lbQYPSQnuc=
+github.com/moby/moby v27.4.0+incompatible/go.mod
h1:fDXVQ6+S340veQPv35CzDahGBmHsiclFwfEygB/TWMc=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod
h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
@@ -636,8 +640,8 @@
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
-golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod
h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod
h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -654,8 +658,8 @@
golang.org/x/text v0.14.0/go.mod
h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
golang.org/x/text v0.21.0/go.mod
h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
-golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
+golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod
h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -744,7 +748,7 @@
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod
h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
mvdan.cc/sh/v3 v3.10.0 h1:v9z7N1DLZ7owyLM/SXZQkBSXcwr2IGMm2LY2pmhVXj4=
mvdan.cc/sh/v3 v3.10.0/go.mod h1:z/mSSVyLFGZzqb3ZIKojjyqIx/xbmz/UHdCSv9HmqXY=
-sigs.k8s.io/release-utils v0.8.5
h1:FUtFqEAN621gSXv0L7kHyWruBeS7TUU9aWf76olX7uQ=
-sigs.k8s.io/release-utils v0.8.5/go.mod
h1:qsm5bdxdgoHkD8HsXpgme2/c3mdsNaiV53Sz2HmKeJA=
+sigs.k8s.io/release-utils v0.9.0
h1:+JYA8E5YXzVj2Eh929woeRn1U82vLUQbpqKsgZPEmEo=
+sigs.k8s.io/release-utils v0.9.0/go.mod
h1:xZoCJyajMJ0wtgGXWuznbC1r9dw7iJzMp/+dCkf1UGw=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/build/build.go
new/melange-0.19.0/pkg/build/build.go
--- old/melange-0.18.3/pkg/build/build.go 2024-12-25 02:24:02.000000000
+0100
+++ new/melange-0.19.0/pkg/build/build.go 2025-01-10 12:34:58.000000000
+0100
@@ -1175,6 +1175,12 @@
cfg.Memory = b.Configuration.Package.Resources.Memory
cfg.Disk = b.Configuration.Package.Resources.Disk
}
+ if b.Configuration.Capabilities.Add != nil {
+ cfg.Capabilities.Add = b.Configuration.Capabilities.Add
+ }
+ if b.Configuration.Capabilities.Drop != nil {
+ cfg.Capabilities.Drop = b.Configuration.Capabilities.Drop
+ }
for k, v := range b.Configuration.Environment.Environment {
cfg.Environment[k] = v
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/build/pipeline.go
new/melange-0.19.0/pkg/build/pipeline.go
--- old/melange-0.18.3/pkg/build/pipeline.go 2024-12-25 02:24:02.000000000
+0100
+++ new/melange-0.19.0/pkg/build/pipeline.go 2025-01-10 12:34:58.000000000
+0100
@@ -23,11 +23,10 @@
"os/signal"
"path"
"path/filepath"
- "regexp"
"strconv"
"strings"
- apko_types "chainguard.dev/apko/pkg/build/types"
+ apkoTypes "chainguard.dev/apko/pkg/build/types"
"chainguard.dev/melange/pkg/cond"
"chainguard.dev/melange/pkg/config"
"chainguard.dev/melange/pkg/container"
@@ -74,7 +73,7 @@
return &SubstitutionMap{nw}
}
-func NewSubstitutionMap(cfg *config.Configuration, arch
apko_types.Architecture, flavor string, buildOpts []string) (*SubstitutionMap,
error) {
+func NewSubstitutionMap(cfg *config.Configuration, arch
apkoTypes.Architecture, flavor string, buildOpts []string) (*SubstitutionMap,
error) {
pkg := cfg.Package
nw := map[string]string{
@@ -139,47 +138,39 @@
if data == nil {
data = make(map[string]string)
}
-
for k, v := range inputs {
if data[k] == "" {
data[k] = v.Default
}
- if k == "expected-sha256" && data[k] != "" {
- if !matchValidShaChars(data[k]) {
- return data, fmt.Errorf("checksum input %q for
pipeline contains invalid characters", k)
- }
- if len(data[k]) != 64 {
- return data, fmt.Errorf("checksum input %q for
pipeline, invalid length", k)
- }
- }
- if k == "expected-sha512" && data[k] != "" {
- if !matchValidShaChars(data[k]) {
- return data, fmt.Errorf("checksum input %q for
pipeline contains invalid characters", k)
- }
- if len(data[k]) != 128 {
- return data, fmt.Errorf("checksum input %q for
pipeline, invalid length", k)
- }
- }
- if k == "expected-commit" && data[k] != "" {
- if !matchValidShaChars(data[k]) {
- return data, fmt.Errorf("expectec commit %q for
pipeline contains invalid characters", k)
- }
- if len(data[k]) != 40 {
- return data, fmt.Errorf("expected commit %q for
pipeline, invalid length", k)
+ if data[k] != "" {
+ switch k {
+ case "expected-sha256", "expected-sha512":
+ if !matchValidShaChars(data[k]) || len(data[k])
!= expectedShaLength(k) {
+ return data, fmt.Errorf("checksum input
%q for pipeline, invalid length", k)
+ }
+ case "expected-commit":
+ if !matchValidShaChars(data[k]) || len(data[k])
!= expectedShaLength(k) {
+ return data, fmt.Errorf("expected
commit %q for pipeline contains invalid characters or invalid sha length", k)
+ }
}
}
-
if v.Required && data[k] == "" {
return data, fmt.Errorf("required input %q for pipeline
is missing", k)
}
+
}
return data, nil
}
func matchValidShaChars(s string) bool {
- match, _ := regexp.MatchString("^[a-fA-F0-9]+$", s)
- return match
+ for i := 0; i < len(s); i++ {
+ c := s[i]
+ if !(c >= '0' && c <= '9') && !(c >= 'a' && c <= 'f') && !(c >=
'A' && c <= 'F') {
+ return false
+ }
+ }
+ return true
}
// Build a script to run as part of evalRun
@@ -335,5 +326,17 @@
return result, nil
}
+func expectedShaLength(shaType string) int {
+ switch shaType {
+ case "expected-sha256":
+ return 64
+ case "expected-sha512":
+ return 128
+ case "expected-commit":
+ return 40
+ }
+ return 0
+}
+
//go:embed pipelines/*
var f embed.FS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/build/pipeline_test.go
new/melange-0.19.0/pkg/build/pipeline_test.go
--- old/melange-0.18.3/pkg/build/pipeline_test.go 2024-12-25
02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/build/pipeline_test.go 2025-01-10
12:34:58.000000000 +0100
@@ -172,3 +172,63 @@
})
}
}
+
+func Test_validateWith(t *testing.T) {
+ tests := []struct {
+ name string
+ data map[string]string
+ inputs map[string]config.Input
+ expected map[string]string
+ expectError bool
+ errorMsg string
+ }{
+ {
+ name: "Valid SHA256 checksum",
+ data: map[string]string{
+ "expected-sha256":
"a3c2567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
+ },
+ inputs: map[string]config.Input{
+ "expected-sha256": {Default: "", Required:
true},
+ },
+ expected: map[string]string{
+ "expected-sha256":
"a3c2567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
+ },
+ expectError: false,
+ },
+ {
+ name: "Invalid SHA256 length",
+ data: map[string]string{
+ "expected-sha256": "abcdef",
+ },
+ inputs: map[string]config.Input{
+ "expected-sha256": {Default: "", Required:
true},
+ },
+ expectError: true,
+ errorMsg: "checksum input \"expected-sha256\" for
pipeline, invalid length",
+ },
+ {
+ name: "Missing required input",
+ data: map[string]string{},
+ inputs: map[string]config.Input{
+ "expected-commit": {Default: "", Required:
true},
+ },
+ expectError: true,
+ errorMsg: "required input \"expected-commit\" for
pipeline is missing",
+ },
+ }
+
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ result, err := validateWith(tt.data, tt.inputs)
+
+ if tt.expectError {
+ require.Error(t, err)
+ require.EqualError(t, err, tt.errorMsg)
+ return // Skip further checks if error is
expected
+ }
+
+ require.NoError(t, err)
+ require.Equal(t, tt.expected, result)
+ })
+ }
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/build/pipelines/go/build.yaml
new/melange-0.19.0/pkg/build/pipelines/go/build.yaml
--- old/melange-0.18.3/pkg/build/pipelines/go/build.yaml 2024-12-25
02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/build/pipelines/go/build.yaml 2025-01-10
12:34:58.000000000 +0100
@@ -98,8 +98,16 @@
pipeline:
- runs: |
+ cd "${{inputs.modroot}}"
+
+ # check if modroot is set correctly by checking go.mod file exist
+ if [ ! -e go.mod ]; then
+ echo "go.mod not found in ${{inputs.modroot}}"
+ exit 1
+ fi
+
"${{inputs.tidy}}" && go mod tidy
-
+
LDFLAGS="${{inputs.strip}} ${{inputs.ldflags}}"
BASE_PATH="${{inputs.prefix}}/${{inputs.install-dir}}/${{inputs.output}}"
@@ -107,8 +115,6 @@
# Take advantage of melange's buid cache for downloaded modules
export GOMODCACHE=/var/cache/melange/gomodcache
- cd "${{inputs.modroot}}"
-
# Install any specified dependencies
if [ ! "${{inputs.deps}}" == "" ]; then
for dep in ${{inputs.deps}}; do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/build/test.go
new/melange-0.19.0/pkg/build/test.go
--- old/melange-0.18.3/pkg/build/test.go 2024-12-25 02:24:02.000000000
+0100
+++ new/melange-0.19.0/pkg/build/test.go 2025-01-10 12:34:58.000000000
+0100
@@ -574,6 +574,12 @@
Environment: map[string]string{},
RunAs: imgcfg.Accounts.RunAs,
}
+ if t.Configuration.Capabilities.Add != nil {
+ cfg.Capabilities.Add = t.Configuration.Capabilities.Add
+ }
+ if t.Configuration.Capabilities.Drop != nil {
+ cfg.Capabilities.Drop = t.Configuration.Capabilities.Drop
+ }
for k, v := range imgcfg.Environment {
cfg.Environment[k] = v
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/config/config.go
new/melange-0.19.0/pkg/config/config.go
--- old/melange-0.18.3/pkg/config/config.go 2024-12-25 02:24:02.000000000
+0100
+++ new/melange-0.19.0/pkg/config/config.go 2025-01-10 12:34:58.000000000
+0100
@@ -595,12 +595,23 @@
Required bool `json:"required,omitempty"`
}
-// The root melange configuration
+// Capabilities is the configuration for Linux capabilities for the runner.
+type Capabilities struct {
+ // Linux process capabilities to add to the pipeline container.
+ Add []string `json:"add,omitempty" yaml:"add,omitempty"`
+ // Linux process capabilities to drop from the pipeline container.
+ Drop []string `json:"drop,omitempty" yaml:"drop,omitempty"`
+}
+
+// Configuration is the root melange configuration.
type Configuration struct {
// Package metadata
Package Package `json:"package" yaml:"package"`
// The specification for the packages build environment
Environment apko_types.ImageConfiguration `json:"environment"
yaml:"environment"`
+ // Optional: Linux capabilities configuration to apply to the melange
runner.
+ Capabilities Capabilities `json:"capabilities,omitempty"
yaml:"capabilities,omitempty"`
+
// Required: The list of pipelines that produce the package.
Pipeline []Pipeline `json:"pipeline,omitempty"
yaml:"pipeline,omitempty"`
// Optional: The list of subpackages that this package also produces.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/container/bubblewrap_runner.go
new/melange-0.19.0/pkg/container/bubblewrap_runner.go
--- old/melange-0.18.3/pkg/container/bubblewrap_runner.go 2024-12-25
02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/container/bubblewrap_runner.go 2025-01-10
12:34:58.000000000 +0100
@@ -25,11 +25,13 @@
"path/filepath"
"strings"
+ "chainguard.dev/melange/internal/logwriter"
+
apko_build "chainguard.dev/apko/pkg/build"
apko_types "chainguard.dev/apko/pkg/build/types"
- "chainguard.dev/melange/internal/logwriter"
"github.com/chainguard-dev/clog"
v1 "github.com/google/go-containerregistry/pkg/v1"
+ moby "github.com/moby/moby/oci/caps"
"go.opentelemetry.io/otel"
)
@@ -126,6 +128,23 @@
baseargs = append(baseargs, "--gid", buildUserID)
}
+ // Add Docker runner-parity kernel capabilities to the container.
+ for _, c := range moby.DefaultCapabilities() {
+ baseargs = append(baseargs, "--cap-add", c)
+ }
+ // Add additional process kernel capabilities to the container as
configured.
+ if cfg.Capabilities.Add != nil {
+ for _, c := range cfg.Capabilities.Add {
+ baseargs = append(baseargs, "--cap-add", c)
+ }
+ }
+ // Drop process kernel capabilities from the container as configured.
+ if cfg.Capabilities.Drop != nil {
+ for _, c := range cfg.Capabilities.Drop {
+ baseargs = append(baseargs, "--cap-drop", c)
+ }
+ }
+
if !debug {
// This flag breaks job control, which we only care about for
--interactive debugging.
// So we usually include it, but if we're about to debug, don't
set it.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/container/config.go
new/melange-0.19.0/pkg/container/config.go
--- old/melange-0.18.3/pkg/container/config.go 2024-12-25 02:24:02.000000000
+0100
+++ new/melange-0.19.0/pkg/container/config.go 2025-01-10 12:34:58.000000000
+0100
@@ -40,6 +40,8 @@
type Capabilities struct {
Networking bool
+ Add []string // List of kernel capabilities to add to the
container.
+ Drop []string // List of kernel capabilities to drop from the
container.
}
type Config struct {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/container/docker/docker_runner.go
new/melange-0.19.0/pkg/container/docker/docker_runner.go
--- old/melange-0.18.3/pkg/container/docker/docker_runner.go 2024-12-25
02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/container/docker/docker_runner.go 2025-01-10
12:34:58.000000000 +0100
@@ -99,6 +99,14 @@
hostConfig := &container.HostConfig{
Mounts: mounts,
}
+ // Add process kernel capabilities to the container if configured.
+ if len(cfg.Capabilities.Add) > 0 {
+ hostConfig.CapAdd = cfg.Capabilities.Add
+ }
+ // Drop process kernel capabilities from the container if configured.
+ if len(cfg.Capabilities.Drop) > 0 {
+ hostConfig.CapDrop = cfg.Capabilities.Drop
+ }
platform := &image_spec.Platform{
Architecture: cfg.Arch.String(),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/melange-0.18.3/pkg/convert/relmon/release_monitoring.go
new/melange-0.19.0/pkg/convert/relmon/release_monitoring.go
--- old/melange-0.18.3/pkg/convert/relmon/release_monitoring.go 2024-12-25
02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/convert/relmon/release_monitoring.go 2025-01-10
12:34:58.000000000 +0100
@@ -41,7 +41,7 @@
func (mf *MonitorFinder) FindMonitor(ctx context.Context, pkg string) (*Item,
error) {
var items *Items
url := fmt.Sprintf(searchFmt, pkg)
- req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
if err != nil {
return nil, err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/http/http.go
new/melange-0.19.0/pkg/http/http.go
--- old/melange-0.18.3/pkg/http/http.go 2024-12-25 02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/http/http.go 2025-01-10 12:34:58.000000000 +0100
@@ -61,17 +61,12 @@
}
defer resp.Body.Close()
-
if resp.StatusCode != http.StatusOK {
return "", fmt.Errorf("%d when getting %s", resp.StatusCode,
artifactURI)
}
-
- body, err := io.ReadAll(resp.Body)
- if err != nil {
- return "", fmt.Errorf("reading body: %w", err)
- }
-
h256 := sha256.New()
- h256.Write(body)
+ if _, err := io.Copy(h256, resp.Body); err != nil {
+ return "", fmt.Errorf("hashing %s: %w", artifactURI, err)
+ }
return fmt.Sprintf("%x", h256.Sum(nil)), nil
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/renovate/cache/cache.go
new/melange-0.19.0/pkg/renovate/cache/cache.go
--- old/melange-0.18.3/pkg/renovate/cache/cache.go 2024-12-25
02:24:02.000000000 +0100
+++ new/melange-0.19.0/pkg/renovate/cache/cache.go 2025-01-10
12:34:58.000000000 +0100
@@ -222,7 +222,7 @@
func downloadFile(ctx context.Context, uri string) (string, error) {
targetFile, err := os.CreateTemp("", "melange-update-*")
if err != nil {
- return "", err
+ return "", fmt.Errorf("failed to create temp file: %w", err)
}
defer targetFile.Close()
@@ -234,9 +234,9 @@
},
}
- req, err := http.NewRequestWithContext(ctx, "GET", uri, nil)
+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, uri, nil)
if err != nil {
- return "", err
+ return "", fmt.Errorf("failed to create HTTP request: %w", err)
}
// Set accept header to match the expected MIME types and avoid 403's
for some servers like https://www.netfilter.org
@@ -244,13 +244,13 @@
resp, err := client.Do(req)
if err != nil {
- return "", err
+ return "", fmt.Errorf("failed to fetch URL %s: %w", uri, err)
}
defer resp.Body.Close()
- if resp.StatusCode != 200 {
- return "", fmt.Errorf("got %s when fetching %s", resp.Status,
uri)
+ if resp.StatusCode != http.StatusOK {
+ return "", fmt.Errorf("unexpected status code %d (%s) when
fetching %s", resp.StatusCode, resp.Status, uri)
}
if _, err := io.Copy(targetFile, resp.Body); err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/sbom/package.go
new/melange-0.19.0/pkg/sbom/package.go
--- old/melange-0.18.3/pkg/sbom/package.go 2024-12-25 02:24:02.000000000
+0100
+++ new/melange-0.19.0/pkg/sbom/package.go 2025-01-10 12:34:58.000000000
+0100
@@ -20,7 +20,6 @@
import (
"context"
"fmt"
- "regexp"
"sort"
"strconv"
"strings"
@@ -174,10 +173,6 @@
return result
}
-// invalidIDCharsRe is a regular expression that matches characters not
-// considered valid in SPDX identifiers.
-var invalidIDCharsRe = regexp.MustCompile(`[^a-zA-Z0-9-.]+`)
-
// stringToIdentifier converts a string to a valid SPDX identifier by replacing
// invalid characters. Colons and slashes are replaced by dashes, and all other
// invalid characters are replaced by their Unicode code point prefixed with
@@ -189,20 +184,21 @@
// "foo/bar" -> "foo-bar"
// "foo bar" -> "fooC32bar"
func stringToIdentifier(in string) string {
- in = strings.ReplaceAll(in, ":", "-")
- in = strings.ReplaceAll(in, "/", "-")
+ var sb strings.Builder
+ sb.Grow(len(in))
- invalidCharReplacer := func(s string) string {
- sb := strings.Builder{}
- for _, r := range s {
+ for _, r := range in {
+ switch {
+ case r == ':' || r == '/':
+ sb.WriteRune('-')
+ case r == '-' || r == '.' || (r >= 'a' && r <= 'z') || (r >=
'A' && r <= 'Z') || (r >= '0' && r <= '9'):
+ sb.WriteRune(r)
+ default:
sb.WriteString(encodeInvalidRune(r))
}
- return sb.String()
}
-
- return invalidIDCharsRe.ReplaceAllStringFunc(in, invalidCharReplacer)
+ return sb.String()
}
-
func encodeInvalidRune(r rune) string {
return "C" + strconv.Itoa(int(r))
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.18.3/pkg/sbom/package_test.go
new/melange-0.19.0/pkg/sbom/package_test.go
--- old/melange-0.18.3/pkg/sbom/package_test.go 1970-01-01 01:00:00.000000000
+0100
+++ new/melange-0.19.0/pkg/sbom/package_test.go 2025-01-10 12:34:58.000000000
+0100
@@ -0,0 +1,61 @@
+// Copyright 2024 Chainguard, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package sbom
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/require"
+)
+
+func Test_stringToIdentifier(t *testing.T) {
+ tests := []struct {
+ name string
+ input string
+ expected string
+ }{
+ {
+ name: "basic_colon",
+ input: "foo:bar",
+ expected: "foo-bar", // Colons replaced with dashes.
+ },
+ {
+ name: "basic_slash",
+ input: "foo/bar",
+ expected: "foo-bar", // Slashes replaced with dashes.
+ },
+ {
+ name: "space_replacement",
+ input: "foo bar",
+ expected: "fooC32bar", // Spaces encoded as Unicode
prefix.
+ },
+ {
+ name: "mixed_colon_and_slash",
+ input: "foo:bar/baz",
+ expected: "foo-bar-baz", // Mixed colons and slashes
replaced with dashes.
+ },
+ {
+ name: "valid_characters_unchanged",
+ input: "example-valid.123",
+ expected: "example-valid.123", // Valid characters
remain unchanged.
+ },
+ }
+
+ for _, test := range tests {
+ t.Run(test.name, func(t *testing.T) {
+ result := stringToIdentifier(test.input)
+ require.Equal(t, test.expected, result, "unexpected
result for input %q", test.input)
+ })
+ }
+}
++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.gwI1t4/_old 2025-01-12 11:29:10.303493260 +0100
+++ /var/tmp/diff_new_pack.gwI1t4/_new 2025-01-12 11:29:10.307493425 +0100
@@ -1,5 +1,5 @@
name: melange
-version: 0.18.3
-mtime: 1735089842
-commit: fe103190cecea4938e1bbeb88e3179023cc69c2e
+version: 0.19.0
+mtime: 1736508898
+commit: 1c0002b45a39afb617493c0cce16ce21ecb3411d
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz
/work/SRC/openSUSE:Factory/.melange.new.1881/vendor.tar.gz differ: char 5, line
1
