Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apko for openSUSE:Factory checked in
at 2025-01-31 16:04:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apko (Old)
and /work/SRC/openSUSE:Factory/.apko.new.2316 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apko"
Fri Jan 31 16:04:59 2025 rev:35 rq:1241570 version:0.24.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/apko/apko.changes 2025-01-23
18:04:25.965706803 +0100
+++ /work/SRC/openSUSE:Factory/.apko.new.2316/apko.changes 2025-01-31
16:05:16.358097786 +0100
@@ -1,0 +2,11 @@
+Fri Jan 31 05:36:31 UTC 2025 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 0.24.0:
+ * Allow passing in an http.RoundTripper (#1505)
+ * fix(apk/client): silence request logging (#1497)
+ * Return an if fetching index fails (#1495)
+ * Disallow '/' in key name (#1494)
+ * Revert "Disallow `/` in key names" (#1493)
+ * Disallow `/` in key names
+
+-------------------------------------------------------------------
Old:
----
apko-0.23.0.obscpio
New:
----
apko-0.24.0.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apko.spec ++++++
--- /var/tmp/diff_new_pack.HShLQS/_old 2025-01-31 16:05:17.322137433 +0100
+++ /var/tmp/diff_new_pack.HShLQS/_new 2025-01-31 16:05:17.326137598 +0100
@@ -17,7 +17,7 @@
Name: apko
-Version: 0.23.0
+Version: 0.24.0
Release: 0
Summary: Build OCI images from APK packages directly without Dockerfile
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.HShLQS/_old 2025-01-31 16:05:17.358138914 +0100
+++ /var/tmp/diff_new_pack.HShLQS/_new 2025-01-31 16:05:17.362139079 +0100
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/apko</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.23.0</param>
+ <param name="revision">v0.24.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.HShLQS/_old 2025-01-31 16:05:17.382139901 +0100
+++ /var/tmp/diff_new_pack.HShLQS/_new 2025-01-31 16:05:17.386140066 +0100
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/apko</param>
- <param
name="changesrevision">ec48e3070da9b4691b74de219fffd69d31da3f5d</param></service></servicedata>
+ <param
name="changesrevision">2668cf55135b756d3b19771deb5c6dc3b26a5233</param></service></servicedata>
(No newline at EOF)
++++++ apko-0.23.0.obscpio -> apko-0.24.0.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/go.mod new/apko-0.24.0/go.mod
--- old/apko-0.23.0/go.mod 2025-01-23 00:02:19.000000000 +0100
+++ new/apko-0.24.0/go.mod 2025-01-31 00:07:05.000000000 +0100
@@ -10,6 +10,7 @@
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.3
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+ github.com/hashicorp/go-cleanhttp v0.5.2
github.com/hashicorp/go-retryablehttp v0.7.7
github.com/invopop/jsonschema v0.13.0
github.com/klauspost/compress v1.17.11
@@ -97,7 +98,6 @@
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus
v1.2.1-0.20210315223345-82c243799c99 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0 // indirect
- github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 //
indirect
github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 //
indirect
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/apk/apk/implementation.go
new/apko-0.24.0/pkg/apk/apk/implementation.go
--- old/apko-0.23.0/pkg/apk/apk/implementation.go 2025-01-23
00:02:19.000000000 +0100
+++ new/apko-0.24.0/pkg/apk/apk/implementation.go 2025-01-31
00:07:05.000000000 +0100
@@ -96,6 +96,8 @@
}
client := retryablehttp.NewClient()
+
+ client.HTTPClient = &http.Client{Transport: opt.transport}
client.Logger = clog.FromContext(context.Background())
return &APK{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/apk/apk/index.go
new/apko-0.24.0/pkg/apk/apk/index.go
--- old/apko-0.23.0/pkg/apk/apk/index.go 2025-01-23 00:02:19.000000000
+0100
+++ new/apko-0.24.0/pkg/apk/apk/index.go 2025-01-31 00:07:05.000000000
+0100
@@ -135,6 +135,10 @@
return nil, err
}
+ if resp.StatusCode != http.StatusOK {
+ return nil, fmt.Errorf("unexpected status code %d",
resp.StatusCode)
+ }
+
fetchAndParse := func(etag string) (NamedIndex, error) {
b, err := fetchRepositoryIndex(ctx, u, etag, opts)
if err != nil {
@@ -343,6 +347,12 @@
if len(keys) == 0 {
return nil, fmt.Errorf("no keys provided to verify
signature")
}
+ // check that they key name aren't paths or URLs
+ for keyName := range keys {
+ if strings.Contains(keyName, "/") {
+ return nil, fmt.Errorf("invalid keyname %q",
keyName)
+ }
+ }
buf := bytes.NewReader(b)
gzipReader, err := gzip.NewReader(buf)
if err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/apk/apk/options.go
new/apko-0.24.0/pkg/apk/apk/options.go
--- old/apko-0.23.0/pkg/apk/apk/options.go 2025-01-23 00:02:19.000000000
+0100
+++ new/apko-0.24.0/pkg/apk/apk/options.go 2025-01-31 00:07:05.000000000
+0100
@@ -15,10 +15,13 @@
package apk
import (
+ "net/http"
"os"
"path/filepath"
"runtime"
+ "github.com/hashicorp/go-cleanhttp"
+
"chainguard.dev/apko/pkg/apk/auth"
apkfs "chainguard.dev/apko/pkg/apk/fs"
)
@@ -33,6 +36,7 @@
noSignatureIndexes []string
auth auth.Authenticator
ignoreSignatures bool
+ transport http.RoundTripper
}
type Option func(*opts) error
@@ -130,10 +134,21 @@
}
}
+// WithTransport allows explicitly setting the inner HTTP transport.
+func WithTransport(t http.RoundTripper) Option {
+ return func(o *opts) error {
+ if t != nil {
+ o.transport = t
+ }
+ return nil
+ }
+}
+
func defaultOpts() *opts {
return &opts{
arch: ArchToAPK(runtime.GOARCH),
ignoreMknodErrors: false,
auth: auth.DefaultAuthenticators,
+ transport: cleanhttp.DefaultPooledTransport(),
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/apk/client/client.go
new/apko-0.24.0/pkg/apk/client/client.go
--- old/apko-0.23.0/pkg/apk/client/client.go 2025-01-23 00:02:19.000000000
+0100
+++ new/apko-0.24.0/pkg/apk/client/client.go 2025-01-31 00:07:05.000000000
+0100
@@ -3,6 +3,8 @@
import (
"context"
"fmt"
+ "io"
+ "log"
"net/http"
"net/url"
@@ -35,6 +37,7 @@
httpClient = http.DefaultClient
}
rc := retryablehttp.NewClient()
+ rc.Logger = log.New(io.Discard, "", 0) // Don't log requests at all.
rc.HTTPClient = httpClient
return &Client{httpClient: rc.StandardClient()}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/build/build.go
new/apko-0.24.0/pkg/build/build.go
--- old/apko-0.23.0/pkg/build/build.go 2025-01-23 00:02:19.000000000 +0100
+++ new/apko-0.24.0/pkg/build/build.go 2025-01-31 00:07:05.000000000 +0100
@@ -246,6 +246,7 @@
apk.WithIgnoreMknodErrors(true),
apk.WithIgnoreIndexSignatures(bc.o.IgnoreSignatures),
apk.WithAuthenticator(bc.o.Auth),
+ apk.WithTransport(bc.o.Transport),
}
// only try to pass the cache dir if one of the following is true:
// - the user has explicitly set a cache dir
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/build/options.go
new/apko-0.24.0/pkg/build/options.go
--- old/apko-0.23.0/pkg/build/options.go 2025-01-23 00:02:19.000000000
+0100
+++ new/apko-0.24.0/pkg/build/options.go 2025-01-31 00:07:05.000000000
+0100
@@ -19,6 +19,7 @@
sha2562 "crypto/sha256"
"encoding/base64"
"fmt"
+ "net/http"
"time"
"chainguard.dev/apko/pkg/apk/apk"
@@ -229,3 +230,11 @@
return nil
}
}
+
+// WithTransport allows explicitly setting the inner HTTP transport.
+func WithTransport(t http.RoundTripper) Option {
+ return func(bc *Context) error {
+ bc.o.Transport = t
+ return nil
+ }
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.23.0/pkg/options/options.go
new/apko-0.24.0/pkg/options/options.go
--- old/apko-0.23.0/pkg/options/options.go 2025-01-23 00:02:19.000000000
+0100
+++ new/apko-0.24.0/pkg/options/options.go 2025-01-31 00:07:05.000000000
+0100
@@ -17,6 +17,7 @@
import (
"fmt"
"log"
+ "net/http"
"os"
"runtime"
"time"
@@ -55,6 +56,7 @@
Auth auth.Authenticator `json:"-"`
IncludePaths []string
`json:"includePaths,omitempty"`
IgnoreSignatures bool
`json:"ignoreSignatures,omitempty"`
+ Transport http.RoundTripper `json:"-"`
}
type Auth struct{ User, Pass string }
++++++ apko.obsinfo ++++++
--- /var/tmp/diff_new_pack.HShLQS/_old 2025-01-31 16:05:17.698152898 +0100
+++ /var/tmp/diff_new_pack.HShLQS/_new 2025-01-31 16:05:17.702153062 +0100
@@ -1,5 +1,5 @@
name: apko
-version: 0.23.0
-mtime: 1737586939
-commit: ec48e3070da9b4691b74de219fffd69d31da3f5d
+version: 0.24.0
+mtime: 1738278425
+commit: 2668cf55135b756d3b19771deb5c6dc3b26a5233
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/apko/vendor.tar.gz
/work/SRC/openSUSE:Factory/.apko.new.2316/vendor.tar.gz differ: char 5, line 1
