Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package product-composer for
openSUSE:Factory checked in at 2026-03-23 17:14:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/product-composer (Old)
and /work/SRC/openSUSE:Factory/.product-composer.new.8177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "product-composer"
Mon Mar 23 17:14:26 2026 rev:51 rq:1342053 version:0.9.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/product-composer/product-composer.changes
2026-02-20 17:50:55.144253808 +0100
+++
/work/SRC/openSUSE:Factory/.product-composer.new.8177/product-composer.changes
2026-03-23 17:16:12.412758061 +0100
@@ -1,0 +2,14 @@
+Mon Mar 23 13:58:23 UTC 2026 - Adrian Schröter <[email protected]>
+
+- update to version 0.9.3
+ * Generate SBOM files also for seperate source and debug media
+
+-------------------------------------------------------------------
+Mon Mar 23 06:34:10 UTC 2026 - Adrian Schröter <[email protected]>
+
+- update to version 0.9.2
+ - fixed SBOM generation when using iso: tree drop option
+ - use /usr/bin/sign instead of hardcoded signdummy.
+ This is no difference when using the build script.
+
+-------------------------------------------------------------------
Old:
----
product-composer-0.9.1.tar.xz
New:
----
product-composer-0.9.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ product-composer.spec ++++++
--- /var/tmp/diff_new_pack.JY8BtE/_old 2026-03-23 17:16:14.476843906 +0100
+++ /var/tmp/diff_new_pack.JY8BtE/_new 2026-03-23 17:16:14.480844072 +0100
@@ -23,7 +23,7 @@
%endif
Name: product-composer
-Version: 0.9.1
+Version: 0.9.3
Release: 0
Summary: Product Composer
License: GPL-2.0-or-later
++++++ _scmsync.obsinfo ++++++
--- /var/tmp/diff_new_pack.JY8BtE/_old 2026-03-23 17:16:14.524845902 +0100
+++ /var/tmp/diff_new_pack.JY8BtE/_new 2026-03-23 17:16:14.528846069 +0100
@@ -1,5 +1,6 @@
-mtime: 1771527461
-commit: a1d847a5d1ee7f025220d6beb4b33de3269a19d46735322eea1be4bdcdbe2508
+mtime: 1774274369
+commit: f3dc279e53d5840d3bb6dbd66ac3a7e79ddefca6a68abe8c107c822d9426b4bd
url: https://src.opensuse.org/tools/product-composer
-revision: devel
+revision: factory
+trackingbranch: factory
++++++ _service ++++++
--- /var/tmp/diff_new_pack.JY8BtE/_old 2026-03-23 17:16:14.552847067 +0100
+++ /var/tmp/diff_new_pack.JY8BtE/_new 2026-03-23 17:16:14.556847233 +0100
@@ -2,8 +2,8 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/openSUSE/product-composer</param>
<param name="scm">git</param>
- <param name="revision">0.9.1</param>
- <param name="version">0.9.1</param>
+ <param name="revision">0.9.3</param>
+ <param name="version">0.9.3</param>
</service>
<service name="tar" mode="manual" />
<service name="recompress" mode="manual">
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 2026-02-19 20:02:01.000000000 +0100
+++ new/.gitignore 2026-03-23 15:02:39.000000000 +0100
@@ -1,3 +1,4 @@
+product-composer
.osc
*.obscpio
*.osc
++++++ build.specials.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.gitignore new/.gitignore
--- old/.gitignore 1970-01-01 01:00:00.000000000 +0100
+++ new/.gitignore 2026-03-23 15:02:39.000000000 +0100
@@ -0,0 +1,6 @@
+product-composer
+.osc
+*.obscpio
+*.osc
+*.obscpio
+*.osc
++++++ product-composer-0.9.1.tar.xz -> product-composer-0.9.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/product-composer-0.9.1/src/productcomposer/createartifacts/createtree.py
new/product-composer-0.9.3/src/productcomposer/createartifacts/createtree.py
---
old/product-composer-0.9.1/src/productcomposer/createartifacts/createtree.py
2026-02-19 19:23:37.000000000 +0100
+++
new/product-composer-0.9.3/src/productcomposer/createartifacts/createtree.py
2026-03-23 14:57:17.000000000 +0100
@@ -199,24 +199,37 @@
if os.path.exists(maindir + '/license.tar.gz'):
os.unlink(maindir + '/license.tar.gz')
- for repodatadir in repodatadirectories:
- # detached signature
- args = ['/usr/lib/build/signdummy', '-d', repodatadir +
"/repodata/repomd.xml"]
- run_helper(args, failmsg="create detached signature")
- if 'enable_cmssign' in yml['build_options']:
- args = ['/usr/lib/build/signdummy', '--cmssign',
repodatadir + "/repodata/repomd.xml"]
- run_helper(args, failmsg="create cms signature")
-
- # pubkey
- with open(repodatadir + "/repodata/repomd.xml.key", 'w') as
pubkey_file:
- args = ['/usr/lib/build/signdummy', '-p']
- run_helper(args, stdout=pubkey_file, failmsg="write signature
public key")
+ if os.path.exists('/usr/bin/sign'):
+ for repodatadir in repodatadirectories:
+ # detached signature
+ args = ['/usr/bin/sign', '-d', repodatadir +
"/repodata/repomd.xml"]
+ run_helper(args, failmsg="create detached signature")
+ if 'enable_cmssign' in yml['build_options']:
+ args = ['/usr/bin/sign', '--cmssign', repodatadir +
"/repodata/repomd.xml"]
+ run_helper(args, failmsg="create cms signature")
+ # pubkey
+ with open(repodatadir + "/repodata/repomd.xml.key", 'w') as
pubkey_file:
+ args = ['/usr/bin/sign', '-p']
+ run_helper(args, stdout=pubkey_file, failmsg="write signature
public key")
- for workdir in workdirectories:
- if os.path.exists(workdir + '/CHECKSUMS'):
- args = ['/usr/lib/build/signdummy', '-d', workdir + '/CHECKSUMS']
- run_helper(args, failmsg="create detached signature for CHECKSUMS")
+ for workdir in workdirectories:
+ if os.path.exists(workdir + '/CHECKSUMS'):
+ args = ['/usr/bin/sign', '-d', workdir + '/CHECKSUMS']
+ run_helper(args, failmsg="create detached signature for
CHECKSUMS")
+
+ # create SBOM data
+ generate_sbom_call = None
+ if os.path.exists("/usr/lib/build/generate_sbom"):
+ generate_sbom_call = ["/usr/lib/build/generate_sbom"]
+
+ # Take sbom generation from OBS server
+ # Con: build results are not reproducible
+ # Pro: SBOM formats are constant changing, we don't need to adapt always
all distributions for that
+ if os.path.exists("/.build/generate_sbom"):
+ # unfortunatly, it is not exectuable by default
+ generate_sbom_call = ['env', 'BUILD_DIR=/.build', 'perl',
'/.build/generate_sbom']
+ for workdir in workdirectories:
application_id = product_base_dir
# When using the baseiso feature, the primary media should be
# the base iso, with the packages added.
@@ -236,42 +249,41 @@
iso_config['joliet'] = False
create_iso(outdir, iso_config, workdir, application_id)
- # cleanup
- if yml['iso']['tree'] == 'drop':
- shutil.rmtree(workdir)
-
- # create SBOM data
- generate_sbom_call = None
- if os.path.exists("/usr/lib/build/generate_sbom"):
- generate_sbom_call = ["/usr/lib/build/generate_sbom"]
+ if generate_sbom_call:
+ spdx_distro = f"{yml['name']}-{yml['version']}"
+ note(f"Creating sboom data for {spdx_distro}")
+ # SPDX
+ args = generate_sbom_call + [
+ "--format", 'spdx',
+ "--distro", spdx_distro,
+ "--product", workdir
+ ]
+ with open(workdir + ".spdx.json", 'w') as sbom_file:
+ run_helper(args, stdout=sbom_file, failmsg="run generate_sbom
for SPDX")
+
+ # CycloneDX
+ args = generate_sbom_call + [
+ "--format", 'cyclonedx',
+ "--distro", spdx_distro,
+ "--product", workdir
+ ]
+ with open(workdir + ".cdx.json", 'w') as sbom_file:
+ run_helper(args, stdout=sbom_file, failmsg="run generate_sbom
for CycloneDX")
- # Take sbom generation from OBS server
- # Con: build results are not reproducible
- # Pro: SBOM formats are constant changing, we don't need to adapt always
all distributions for that
- if os.path.exists("/.build/generate_sbom"):
- # unfortunatly, it is not exectuable by default
- generate_sbom_call = ['env', 'BUILD_DIR=/.build', 'perl',
'/.build/generate_sbom']
+ # drop everything except selected meta data. intended for test builds
+ if 'discard_artifacts' in yml['build_options']:
+ for workdir in workdirectories:
+ for suffix in ["", ".iso", ".install.iso"]:
+ if os.path.exists(workdir + suffix):
+ warn("discard_artifacts enabled, removing " + workdir +
suffix)
+ shutil.rmtree(workdir + suffix)
+ return
- if generate_sbom_call:
- spdx_distro = f"{yml['name']}-{yml['version']}"
- note(f"Creating sboom data for {spdx_distro}")
- # SPDX
- args = generate_sbom_call + [
- "--format", 'spdx',
- "--distro", spdx_distro,
- "--product", maindir
- ]
- with open(maindir + ".spdx.json", 'w') as sbom_file:
- run_helper(args, stdout=sbom_file, failmsg="run generate_sbom for
SPDX")
-
- # CycloneDX
- args = generate_sbom_call + [
- "--format", 'cyclonedx',
- "--distro", spdx_distro,
- "--product", maindir
- ]
- with open(maindir + ".cdx.json", 'w') as sbom_file:
- run_helper(args, stdout=sbom_file, failmsg="run generate_sbom for
CycloneDX")
+ # drop just the entire tree, we have the iso already
+ if yml['iso'] and yml['iso']['tree'] == 'drop':
+ for workdir in workdirectories:
+ shutil.rmtree(workdir)
+ return
# cleanup main repodata if wanted and existing
if yml['repodata'] and yml['repodata'] != 'all':
@@ -280,11 +292,3 @@
if os.path.exists(repodatadir):
shutil.rmtree(repodatadir)
- # drop everything except selected meta data. intended for test builds
- if 'discard_artifacts' in yml['build_options']:
- for workdir in workdirectories:
- for suffix in [ "", ".iso", ".install.iso" ]:
- if os.path.exists(workdir + suffix):
- warn("discard_artifacts enabled, removing " + workdir +
suffix)
- shutil.rmtree(workdir + suffix)
-
++++++ product-composer.obsinfo ++++++
--- /var/tmp/diff_new_pack.JY8BtE/_old 2026-03-23 17:16:14.900861541 +0100
+++ /var/tmp/diff_new_pack.JY8BtE/_new 2026-03-23 17:16:14.904861707 +0100
@@ -1,5 +1,5 @@
name: product-composer
-version: 0.9.1
-mtime: 1771525417
-commit: c3fb48d44369427148e795c79634ac9a0ee5c3e1
+version: 0.9.3
+mtime: 1774274237
+commit: a84a8791052bd7b01ce3b67cc4402836b2780238
