Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package apko for openSUSE:Factory checked in
at 2025-05-31 19:17:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/apko (Old)
and /work/SRC/openSUSE:Factory/.apko.new.16005 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apko"
Sat May 31 19:17:09 2025 rev:53 rq:1281581 version:0.27.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/apko/apko.changes 2025-05-22
16:57:16.650960310 +0200
+++ /work/SRC/openSUSE:Factory/.apko.new.16005/apko.changes 2025-05-31
19:18:00.941606810 +0200
@@ -1,0 +2,11 @@
+Sat May 31 06:27:17 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.27.9 (0.27.8 was yanked):
+ * Add an OperatingSystem package to our image SBOMs (#1690)
+ * build(deps): bump chainguard-dev/actions from 1.1.0 to 1.1.1
+ (#1688)
+ * build(deps): bump chainguard-dev/actions from 1.0.8 to 1.1.0
+ (#1687)
+ * Add support for the =~ constraint (#1681)
+
+-------------------------------------------------------------------
Old:
----
apko-0.27.7.obscpio
New:
----
apko-0.27.9.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ apko.spec ++++++
--- /var/tmp/diff_new_pack.BjJmcp/_old 2025-05-31 19:18:04.069736084 +0200
+++ /var/tmp/diff_new_pack.BjJmcp/_new 2025-05-31 19:18:04.081736580 +0200
@@ -17,7 +17,7 @@
Name: apko
-Version: 0.27.7
+Version: 0.27.9
Release: 0
Summary: Build OCI images from APK packages directly without Dockerfile
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.BjJmcp/_old 2025-05-31 19:18:04.393749474 +0200
+++ /var/tmp/diff_new_pack.BjJmcp/_new 2025-05-31 19:18:04.421750631 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/apko</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.27.7</param>
+ <param name="revision">v0.27.9</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.BjJmcp/_old 2025-05-31 19:18:04.541755590 +0200
+++ /var/tmp/diff_new_pack.BjJmcp/_new 2025-05-31 19:18:04.573756913 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/apko</param>
- <param
name="changesrevision">c0a179ee97c61c1c5bae7267166782d703c40a28</param></service></servicedata>
+ <param
name="changesrevision">914a57446266dc29e612ebbc2669c1045625880d</param></service></servicedata>
(No newline at EOF)
++++++ apko-0.27.7.obscpio -> apko-0.27.9.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.27.7/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
new/apko-0.27.9/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
--- old/apko-0.27.7/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
2025-05-15 18:57:42.000000000 +0200
+++ new/apko-0.27.9/internal/cli/testdata/golden/sboms/sbom-aarch64.spdx.json
2025-05-29 11:09:02.000000000 +0200
@@ -56,6 +56,16 @@
]
},
{
+ "SPDXID": "SPDXRef-OperatingSystem-replaces",
+ "name": "replaces",
+ "versionInfo": "1.0.0",
+ "filesAnalyzed": false,
+ "description": "Operating System",
+ "downloadLocation": "NOASSERTION",
+ "supplier": "Organization: Replaces",
+ "primaryPackagePurpose": "OPERATING-SYSTEM"
+ },
+ {
"SPDXID": "SPDXRef-Package-pretend-baselayout-1.0.0-r0",
"name": "pretend-baselayout",
"versionInfo": "1.0.0-r0",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.27.7/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
new/apko-0.27.9/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
--- old/apko-0.27.7/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
2025-05-15 18:57:42.000000000 +0200
+++ new/apko-0.27.9/internal/cli/testdata/golden/sboms/sbom-x86_64.spdx.json
2025-05-29 11:09:02.000000000 +0200
@@ -56,6 +56,16 @@
]
},
{
+ "SPDXID": "SPDXRef-OperatingSystem-replaces",
+ "name": "replaces",
+ "versionInfo": "1.0.0",
+ "filesAnalyzed": false,
+ "description": "Operating System",
+ "downloadLocation": "NOASSERTION",
+ "supplier": "Organization: Replaces",
+ "primaryPackagePurpose": "OPERATING-SYSTEM"
+ },
+ {
"SPDXID": "SPDXRef-Package-pretend-baselayout-1.0.0-r0",
"name": "pretend-baselayout",
"versionInfo": "1.0.0-r0",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.27.7/pkg/apk/apk/version.go
new/apko-0.27.9/pkg/apk/apk/version.go
--- old/apko-0.27.7/pkg/apk/apk/version.go 2025-05-15 18:57:42.000000000
+0200
+++ new/apko-0.27.9/pkg/apk/apk/version.go 2025-05-29 11:09:02.000000000
+0200
@@ -270,12 +270,12 @@
// includesVersion returns true if the actual version is a strict subset of
the required version
func includesVersion(actual, required Version) bool {
- // if more required numbers than actual numbers, than require is more
specific,
+ // if more required numbers than actual numbers, then require is more
specific,
// so no match
if len(actual.numbers) < len(required.numbers) {
return false
}
- for i := 0; i < len(required.numbers); i++ {
+ for i := range len(required.numbers) {
if actual.numbers[i] != required.numbers[i] {
return false
}
@@ -420,6 +420,8 @@
p.dep = versionLessEqual
case "~":
p.dep = versionTilde
+ case "=~":
+ p.dep = versionTilde
default:
p.dep = versionAny
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.27.7/pkg/apk/apk/version_test.go
new/apko-0.27.9/pkg/apk/apk/version_test.go
--- old/apko-0.27.7/pkg/apk/apk/version_test.go 2025-05-15 18:57:42.000000000
+0200
+++ new/apko-0.27.9/pkg/apk/apk/version_test.go 2025-05-29 11:09:02.000000000
+0200
@@ -833,6 +833,9 @@
{"0.0_git20230331", less, "0.0_git20230508"},
{"2.0.0", less, "2.0.6-r0"},
{"6.4_p20231125-r0", greater, "6.4-r2"},
+ {"0.14.0-r3", less, "0.15.0-r0"},
+ {"0.14.0", less, "0.15.0"},
+ {"0.14", less, "0.15.0"},
}
for _, tt := range tests {
var exp string
@@ -868,6 +871,8 @@
testNamedPackageFromVersionAndPin("1.7.1-r0", ""),
testNamedPackageFromVersionAndPin("1.7.1-r1", ""),
testNamedPackageFromVersionAndPin("2.0.6-r0", ""),
+ testNamedPackageFromVersionAndPin("0.14.0-r3", ""),
+ testNamedPackageFromVersionAndPin("0.15.0-r0", ""),
pinPackage,
}
tests := []struct {
@@ -894,6 +899,10 @@
{"1.7", versionTilde, "", nil, "1.7.1-r1", "fits within"},
{"1.7.1", versionTilde, "", nil, "1.7.1-r1", "fits within"},
{"1.7.1-r2", versionTilde, "", nil, "", "no match"},
+ {"0.14", versionTilde, "", nil, "0.14.0-r3", "fits within"},
+ {"0.14.0", versionTilde, "", nil, "0.14.0-r3", "fits within"},
+ {"0.15", versionTilde, "", nil, "0.15.0-r0", "fits within"},
+ {"0.15.0", versionTilde, "", nil, "0.15.0-r0", "fits within"},
}
for _, tt := range tests {
t.Run(tt.description, func(t *testing.T) {
@@ -933,6 +942,8 @@
{"name<1.2.3", "name", "1.2.3", versionLess, ""},
{"name>=1.2.3", "name", "1.2.3", versionGreaterEqual, ""},
{"name<=1.2.3", "name", "1.2.3", versionLessEqual, ""},
+ {"name~1.2.3", "name", "1.2.3", versionTilde, ""},
+ {"name=~1.2.3", "name", "1.2.3", versionTilde, ""},
{"name@edge=1.2.3", "name@edge=1.2.3", "", versionAny, ""}, //
wrong order, so just returns the whole thing
{"name=1.2.3@community", "name", "1.2.3", versionEqual,
"community"},
{"so:libfoo.so.6=6", "so:libfoo.so.6", "0.6", versionEqual, ""},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/apko-0.27.7/pkg/sbom/generator/spdx/spdx.go
new/apko-0.27.9/pkg/sbom/generator/spdx/spdx.go
--- old/apko-0.27.7/pkg/sbom/generator/spdx/spdx.go 2025-05-15
18:57:42.000000000 +0200
+++ new/apko-0.27.9/pkg/sbom/generator/spdx/spdx.go 2025-05-29
11:09:02.000000000 +0200
@@ -134,6 +134,9 @@
doc.DocumentDescribes = []string{imagePackage.ID}
}
+ // Add the operating system package
+ addOperatingSystem(doc, opts)
+
if opts.ImageInfo.VCSUrl != "" {
if opts.ImageInfo.ImageDigest != "" {
addSourcePackage(opts.ImageInfo.VCSUrl, doc,
imagePackage, opts)
@@ -623,6 +626,22 @@
return nil
}
+// addOperatingSystem adds a package describing the operating system
+func addOperatingSystem(doc *Document, opts *options.Options) {
+ osPackage := Package{
+ ID: fmt.Sprintf("SPDXRef-OperatingSystem-%s",
stringToIdentifier(opts.OS.ID)),
+ Name: opts.OS.ID,
+ Version: opts.OS.Version,
+ Supplier: supplier(opts),
+ FilesAnalyzed: false,
+ Description: "Operating System",
+ DownloadLocation: NOASSERTION,
+ PrimaryPurpose: "OPERATING-SYSTEM",
+ }
+
+ doc.Packages = append(doc.Packages, osPackage)
+}
+
// addSourcePackage creates a package describing the source code
func addSourcePackage(vcsURL string, doc *Document, parent *Package, opts
*options.Options) {
version := ""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/custom-license.spdx.json
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/custom-license.spdx.json
---
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/custom-license.spdx.json
2025-05-15 18:57:42.000000000 +0200
+++
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/custom-license.spdx.json
2025-05-29 11:09:02.000000000 +0200
@@ -33,6 +33,16 @@
]
},
{
+ "SPDXID": "SPDXRef-OperatingSystem-unknown",
+ "name": "unknown",
+ "versionInfo": "3.0",
+ "filesAnalyzed": false,
+ "description": "Operating System",
+ "downloadLocation": "NOASSERTION",
+ "supplier": "Organization: unknown",
+ "primaryPackagePurpose": "OPERATING-SYSTEM"
+ },
+ {
"SPDXID": "SPDXRef-Package-font-ubuntu-0.869-r1",
"name": "font-ubuntu",
"versionInfo": "0.869-r1",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/no-supplier.spdx.json
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/no-supplier.spdx.json
---
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/no-supplier.spdx.json
2025-05-15 18:57:42.000000000 +0200
+++
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/no-supplier.spdx.json
2025-05-29 11:09:02.000000000 +0200
@@ -33,6 +33,16 @@
]
},
{
+ "SPDXID": "SPDXRef-OperatingSystem-apko-images",
+ "name": "apko-images",
+ "versionInfo": "3.0",
+ "filesAnalyzed": false,
+ "description": "Operating System",
+ "downloadLocation": "NOASSERTION",
+ "supplier": "Organization: Apko Images, Plc",
+ "primaryPackagePurpose": "OPERATING-SYSTEM"
+ },
+ {
"SPDXID": "SPDXRef-Package-libattr1-2.5.1-r2",
"name": "libattr1",
"versionInfo": "2.5.1-r2",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/package-deduplicating.spdx.json
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/package-deduplicating.spdx.json
---
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/package-deduplicating.spdx.json
2025-05-15 18:57:42.000000000 +0200
+++
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/package-deduplicating.spdx.json
2025-05-29 11:09:02.000000000 +0200
@@ -33,6 +33,16 @@
]
},
{
+ "SPDXID": "SPDXRef-OperatingSystem-unknown",
+ "name": "unknown",
+ "versionInfo": "3.0",
+ "filesAnalyzed": false,
+ "description": "Operating System",
+ "downloadLocation": "NOASSERTION",
+ "supplier": "Organization: unknown",
+ "primaryPackagePurpose": "OPERATING-SYSTEM"
+ },
+ {
"SPDXID": "SPDXRef-Package-logstash-8-8.15.3-r4",
"name": "logstash-8",
"versionInfo": "8.15.3-r4",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/unbound-package-dedupe.spdx.json
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/unbound-package-dedupe.spdx.json
---
old/apko-0.27.7/pkg/sbom/generator/spdx/testdata/expected_image_sboms/unbound-package-dedupe.spdx.json
2025-05-15 18:57:42.000000000 +0200
+++
new/apko-0.27.9/pkg/sbom/generator/spdx/testdata/expected_image_sboms/unbound-package-dedupe.spdx.json
2025-05-29 11:09:02.000000000 +0200
@@ -33,6 +33,16 @@
]
},
{
+ "SPDXID": "SPDXRef-OperatingSystem-unknown",
+ "name": "unknown",
+ "versionInfo": "3.0",
+ "filesAnalyzed": false,
+ "description": "Operating System",
+ "downloadLocation": "NOASSERTION",
+ "supplier": "Organization: unknown",
+ "primaryPackagePurpose": "OPERATING-SYSTEM"
+ },
+ {
"SPDXID": "SPDXRef-Package-unbound-libs-1.23.0-r0",
"name": "unbound-libs",
"versionInfo": "1.23.0-r0",
++++++ apko.obsinfo ++++++
--- /var/tmp/diff_new_pack.BjJmcp/_old 2025-05-31 19:18:06.945854942 +0200
+++ /var/tmp/diff_new_pack.BjJmcp/_new 2025-05-31 19:18:06.965855769 +0200
@@ -1,5 +1,5 @@
name: apko
-version: 0.27.7
-mtime: 1747328262
-commit: c0a179ee97c61c1c5bae7267166782d703c40a28
+version: 0.27.9
+mtime: 1748509742
+commit: 914a57446266dc29e612ebbc2669c1045625880d
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/apko/vendor.tar.gz
/work/SRC/openSUSE:Factory/.apko.new.16005/vendor.tar.gz differ: char 13, line 1
