Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openbao for openSUSE:Factory checked in at 2026-03-20 21:25:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openbao (Old) and /work/SRC/openSUSE:Factory/.openbao.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openbao" Fri Mar 20 21:25:05 2026 rev:17 rq:1341517 version:2.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/openbao/openbao.changes 2026-02-05 18:03:48.012164606 +0100 +++ /work/SRC/openSUSE:Factory/.openbao.new.8177/openbao.changes 2026-03-20 21:25:36.411978652 +0100 @@ -1,0 +2,32 @@ +Wed Feb 25 12:12:52 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 2.5.1: + * SECURITY + - Build with Go 1.25.7 to resolve CVE-2025-68121 / + GO-2026-4337. [GH-2426] + - Bump go.opentelemetry.io/otel/sdk to 1.40.0 to resolve + CVE-2026-24051 / GO-2026-4394 / GHSA-9h8m-3fm2-qjrq. + [GH-2518] + * BUG FIXES + - seal: Fix Auto Unseal failing when upgrading to v2.5.0 or + downgrading from v2.5.0 to an earlier version. This affected + the following providers: AliCloud KMS, AWS KMS, Azure Key + Vault, GCP Cloud KMS & OCI KMS. [GH-2505] + - core/mounts: Don't attempt to upgrade legacy mount tables + when in read-only standby mode. [GH-2467] + - core/expiration: Fix total lease count not being decremented + when revoking irrevocable leases. [GH-2414] + - pki: Fix "context canceled" issue when processing cache + invalidation, leading to pki returning 500 until reload. + [GH-2472] + - command: Fix panic when the home directory cannot be + trivially deduced via environment variables. [GH-2446] + * CHANGES + - core/identity: Remove pre-v2.5.0 corrupt namespace identity + groups during unseal; corrupt groups need to be recreated by + an admin. Check for deleting corrupt group in server startup + logs. [GH-2454] +- add script to package webassets inside a podman container, to not + endanger or pollute the host system with npm + +------------------------------------------------------------------- Old: ---- openbao-2.5.0.obscpio ui-2.5.0.tar.gz New: ---- openbao-2.5.1.obscpio prepare_webassets.sh ui-2.5.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openbao.spec ++++++ --- /var/tmp/diff_new_pack.VZVPCd/_old 2026-03-20 21:25:49.824536143 +0100 +++ /var/tmp/diff_new_pack.VZVPCd/_new 2026-03-20 21:25:49.824536143 +0100 @@ -23,7 +23,7 @@ %define short_executable_name bao Name: openbao -Version: 2.5.0 +Version: 2.5.1 Release: 0 Summary: Manage, store, and distribute sensitive data License: MPL-2.0 @@ -37,6 +37,7 @@ # Source11: Makefile Source12: PACKAGING_README.md +Source13: prepare_webassets.sh BuildRequires: fdupes BuildRequires: golang(API) >= 1.25 BuildRequires: user(openbao) ++++++ Makefile ++++++ --- /var/tmp/diff_new_pack.VZVPCd/_old 2026-03-20 21:25:49.864537805 +0100 +++ /var/tmp/diff_new_pack.VZVPCd/_new 2026-03-20 21:25:49.868537972 +0100 @@ -1,26 +1,25 @@ +.ONESHELL: +.SILENT: obsservices tar + NAME = openbao SPEC = openbao.spec -default: clean tar +default: clean obsservices tar clean: rm -rf $(NAME) $(NAME)-*.obscpio ui-*.tar.gz vendor.tar.gz -tar: +obsservices: + echo "##########" + echo "Running OBS services" osc service manualrun - @version=$$( awk '/^Version:/ {print $$2;exit;}' $(SPEC) ) && \ - echo "Package version is $$version" && \ - ui=ui-$$version.tar && \ - wd=$$(pwd) && \ - tmpdir=$$(mktemp -d -p /tmp) && \ - cd $$tmpdir && \ - echo $$tmpdir && \ - cp -r $$wd/$(NAME) . && \ - cd $$tmpdir/$(NAME) && \ - ls -lh && \ - make install-ui-dependencies ember-dist && \ - tar -cf $$wd/$$ui ui http/ && \ - cd $$wd && \ - gzip -f $$ui && \ - rm -rf $$tmpdir + +tar: + podman run \ + -ti \ + --rm \ + --pull=always \ + -v .:/data/ \ + registry.opensuse.org/opensuse/leap:16.0 \ + bash /data/prepare_webassets.sh $(NAME) nodejs22 ++++++ PACKAGING_README.md ++++++ --- /var/tmp/diff_new_pack.VZVPCd/_old 2026-03-20 21:25:49.900539302 +0100 +++ /var/tmp/diff_new_pack.VZVPCd/_new 2026-03-20 21:25:49.904539468 +0100 @@ -3,12 +3,16 @@ In addition to the source code in the tarball, this package also needs the assets for the web UI. These can be generated by the `Makefile` that is present in this package. -To do that, you need to have `make`, `yarn` and `npm` installed locally. -For the OBS workflow you also need `obs-service-go_modules` as well -as `obs-service-tar_scm` and `obs-service-recompress`. +To do that, you need to have `make` and `podman` installed locally. +For the OBS workflow you also need to have `obs-service-go_modules` installed. 1. Change the version in the `_service` file 2. Run `make` 3. Create a changelog entry 4. Commit the changes as usual +5. If desired, remove the container image used to build the web assets: + + ``` + podman image rm registry.opensuse.org/opensuse/leap:16.0 + ``` ++++++ _service ++++++ --- /var/tmp/diff_new_pack.VZVPCd/_old 2026-03-20 21:25:49.928540466 +0100 +++ /var/tmp/diff_new_pack.VZVPCd/_new 2026-03-20 21:25:49.932540632 +0100 @@ -2,8 +2,8 @@ <service name="obs_scm" mode="manual"> <param name="url">https://github.com/openbao/openbao</param> <param name="scm">git</param> - <param name="exclude">.git</param> - <param name="revision">v2.5.0</param> + <param name="revision">v2.5.1</param> + <param name="package-meta">yes</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.VZVPCd/_old 2026-03-20 21:25:49.956541629 +0100 +++ /var/tmp/diff_new_pack.VZVPCd/_new 2026-03-20 21:25:49.980542627 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/openbao/openbao</param> - <param name="changesrevision">bcbb6036ec2b747bceb98c7706ce9b974faa1b23</param></service></servicedata> + <param name="changesrevision">e546fae8cbfe95d8f36a351deb2cd23bfb94119e</param></service></servicedata> (No newline at EOF) ++++++ openbao-2.5.0.obscpio -> openbao-2.5.1.obscpio ++++++ /work/SRC/openSUSE:Factory/openbao/openbao-2.5.0.obscpio /work/SRC/openSUSE:Factory/.openbao.new.8177/openbao-2.5.1.obscpio differ: char 49, line 1 ++++++ openbao.obsinfo ++++++ --- /var/tmp/diff_new_pack.VZVPCd/_old 2026-03-20 21:25:50.052545620 +0100 +++ /var/tmp/diff_new_pack.VZVPCd/_new 2026-03-20 21:25:50.056545786 +0100 @@ -1,5 +1,5 @@ name: openbao -version: 2.5.0 -mtime: 1770220637 -commit: bcbb6036ec2b747bceb98c7706ce9b974faa1b23 +version: 2.5.1 +mtime: 1771866154 +commit: e546fae8cbfe95d8f36a351deb2cd23bfb94119e ++++++ prepare_webassets.sh ++++++ #!/bin/bash # do not use set -e, as the make step will abort the build due to warnings/errors set -o pipefail cd /data [[ "$#" == "2" ]] || { echo "Please use the package name and the nodejs version as the only arguments" exit 1 } package_name="${1}" nodejs_package="${2}" zypper -n install \ cpio \ gawk \ make \ git-core \ yarn \ npm \ "${nodejs_package}" version="$( awk '/^Version:/ {print $2;exit;}' "${package_name}.spec" )" echo "##########" echo "Package version is $version" basename="${package_name}-$version" obscpio="$basename.obscpio" wd="$(pwd)" tmpdir="$(mktemp -d -p /tmp)" cd "$tmpdir" echo "##########" echo "Extracting obscpio archive" cpio -id < "$wd/$obscpio" ls -lah cd "$basename" || exit 13 ls -lah echo "##########" make install-ui-dependencies ember-dist tar -czf "${wd}/ui-${version}.tar.gz" ui http/ echo "##########" echo "DONE preparing the webassets" rm -rf "$tmpdir" ++++++ ui-2.5.0.tar.gz -> ui-2.5.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/ui-2.5.0.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.8177/ui-2.5.1.tar.gz differ: char 4, line 1 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/openbao/vendor.tar.gz /work/SRC/openSUSE:Factory/.openbao.new.8177/vendor.tar.gz differ: char 13, line 1
