Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package melange for openSUSE:Factory checked
in at 2025-06-10 09:04:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/melange (Old)
and /work/SRC/openSUSE:Factory/.melange.new.19631 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "melange"
Tue Jun 10 09:04:12 2025 rev:94 rq:1283772 version:0.26.7
Changes:
--------
--- /work/SRC/openSUSE:Factory/melange/melange.changes 2025-06-05
20:36:29.858678157 +0200
+++ /work/SRC/openSUSE:Factory/.melange.new.19631/melange.changes
2025-06-10 09:07:37.233227016 +0200
@@ -1,0 +2,6 @@
+Sat Jun 07 04:46:26 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 0.26.7:
+ * sbom: generate downloadLocations for unknown gits (#2028)
+
+-------------------------------------------------------------------
Old:
----
melange-0.26.6.obscpio
New:
----
melange-0.26.7.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ melange.spec ++++++
--- /var/tmp/diff_new_pack.NWfCXU/_old 2025-06-10 09:07:38.785291173 +0200
+++ /var/tmp/diff_new_pack.NWfCXU/_new 2025-06-10 09:07:38.785291173 +0200
@@ -17,7 +17,7 @@
Name: melange
-Version: 0.26.6
+Version: 0.26.7
Release: 0
Summary: Build APKs from source code
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.NWfCXU/_old 2025-06-10 09:07:38.833293157 +0200
+++ /var/tmp/diff_new_pack.NWfCXU/_new 2025-06-10 09:07:38.837293323 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/chainguard-dev/melange</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v0.26.6</param>
+ <param name="revision">v0.26.7</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.NWfCXU/_old 2025-06-10 09:07:38.865294480 +0200
+++ /var/tmp/diff_new_pack.NWfCXU/_new 2025-06-10 09:07:38.869294645 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/chainguard-dev/melange</param>
- <param
name="changesrevision">addc3900ae08621dc5d0bb6a6a595a25c52d4907</param></service></servicedata>
+ <param
name="changesrevision">6418f7c66370d9058a152e1022f2ef48b5c4661a</param></service></servicedata>
(No newline at EOF)
++++++ melange-0.26.6.obscpio -> melange-0.26.7.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.26.6/pkg/config/config.go
new/melange-0.26.7/pkg/config/config.go
--- old/melange-0.26.6/pkg/config/config.go 2025-06-04 19:35:52.000000000
+0200
+++ new/melange-0.26.7/pkg/config/config.go 2025-06-06 16:28:13.000000000
+0200
@@ -17,7 +17,9 @@
import (
"bytes"
"context"
+ "crypto/sha256"
"encoding/binary"
+ "encoding/hex"
"errors"
"fmt"
"io/fs"
@@ -34,7 +36,6 @@
"time"
apko_types "chainguard.dev/apko/pkg/build/types"
- "chainguard.dev/apko/pkg/sbom/generator/spdx"
"chainguard.dev/melange/pkg/sbom"
purl "github.com/package-url/packageurl-go"
@@ -524,6 +525,14 @@
Environment map[string]string `json:"environment,omitempty"
yaml:"environment,omitempty"`
}
+// SHA256 generates a digest based on the text provided
+// Returns a hex encoded string
+func SHA256(text string) string {
+ algorithm := sha256.New()
+ algorithm.Write([]byte(text))
+ return hex.EncodeToString(algorithm.Sum(nil))
+}
+
// getGitSBOMPackage creates an SBOM package for Git based repositories.
// Returns nil package and nil error if the repository is not from a supported
platform or
// if neither a tag of expectedCommit is not provided
@@ -566,7 +575,8 @@
repoType = purl.TypeGeneric
namespace = ""
name = strings.TrimSuffix(trimmedPath, ".git")
- downloadLocation = spdx.NOASSERTION
+ // Use first letter of name as a directory to avoid a single
huge bucket of tarballs
+ downloadLocation =
fmt.Sprintf("https://tarballs.cgr.dev/%s/%s-%s.tar.gz";, name[:1], SHA256(name),
ref)
}
// Prefer tag to commit, but use only ONE of these.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/melange-0.26.6/pkg/config/config_test.go
new/melange-0.26.7/pkg/config/config_test.go
--- old/melange-0.26.6/pkg/config/config_test.go 2025-06-04
19:35:52.000000000 +0200
+++ new/melange-0.26.7/pkg/config/config_test.go 2025-06-06
16:28:13.000000000 +0200
@@ -8,7 +8,6 @@
"strings"
"testing"
- "chainguard.dev/apko/pkg/sbom/generator/spdx"
"chainguard.dev/melange/pkg/sbom"
"github.com/chainguard-dev/clog/slogtest"
purl "github.com/package-url/packageurl-go"
@@ -779,7 +778,7 @@
Version: "v3.2.1",
Qualifiers:
purl.QualifiersFromMap(map[string]string{"vcs_url":
"git+https://git.example.com/custom-org/custom-project"}),
},
- DownloadLocation: spdx.NOASSERTION,
+ DownloadLocation:
"https://tarballs.cgr.dev/c/96d75acab51420a1b54afcc15734f3c5e67aee89a2e73f226000bc308ff09789-v3.2.1.tar.gz";,
},
expectError: false,
},
@@ -802,7 +801,7 @@
Version:
"abcdef0123456789abcdef0123456789abcdef01",
Qualifiers:
purl.QualifiersFromMap(map[string]string{"vcs_url":
"git+https://git.example.com/custom-org/custom-project@abcdef0123456789abcdef0123456789abcdef01"}),
},
- DownloadLocation: spdx.NOASSERTION,
+ DownloadLocation:
"https://tarballs.cgr.dev/c/96d75acab51420a1b54afcc15734f3c5e67aee89a2e73f226000bc308ff09789-abcdef0123456789abcdef0123456789abcdef01.tar.gz";,
},
expectError: false,
},
@@ -825,7 +824,7 @@
Version: "v3.2.1",
Qualifiers:
purl.QualifiersFromMap(map[string]string{"vcs_url":
"git+https://git.example.com/custom-org/custom-project@abcdef0123456789abcdef0123456789abcdef01"}),
},
- DownloadLocation: spdx.NOASSERTION,
+ DownloadLocation:
"https://tarballs.cgr.dev/c/96d75acab51420a1b54afcc15734f3c5e67aee89a2e73f226000bc308ff09789-abcdef0123456789abcdef0123456789abcdef01.tar.gz";,
},
expectError: false,
},
@@ -848,7 +847,7 @@
Version: "v3.2.1",
Qualifiers:
purl.QualifiersFromMap(map[string]string{"vcs_url":
"git://git.example.com/custom-project@abcdef0123456789abcdef0123456789abcdef01"}),
},
- DownloadLocation: spdx.NOASSERTION,
+ DownloadLocation:
"https://tarballs.cgr.dev/c/a37e698130227f6921f1963616a45dc5337f7249cc00c53e6b80f5a44bf01fd7-abcdef0123456789abcdef0123456789abcdef01.tar.gz";,
},
expectError: false,
},
++++++ melange.obsinfo ++++++
--- /var/tmp/diff_new_pack.NWfCXU/_old 2025-06-10 09:07:39.121305062 +0200
+++ /var/tmp/diff_new_pack.NWfCXU/_new 2025-06-10 09:07:39.129305393 +0200
@@ -1,5 +1,5 @@
name: melange
-version: 0.26.6
-mtime: 1749058552
-commit: addc3900ae08621dc5d0bb6a6a595a25c52d4907
+version: 0.26.7
+mtime: 1749220093
+commit: 6418f7c66370d9058a152e1022f2ef48b5c4661a
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/melange/vendor.tar.gz
/work/SRC/openSUSE:Factory/.melange.new.19631/vendor.tar.gz differ: char 116,
line 1
