Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign-image for openSUSE:Factory checked in at 2026-07-09 22:20:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign-image (Old) and /work/SRC/openSUSE:Factory/.cosign-image.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign-image" Thu Jul 9 22:20:17 2026 rev:25 rq:1364632 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/cosign-image/cosign-image.changes 2026-06-19 17:14:55.664751487 +0200 +++ /work/SRC/openSUSE:Factory/.cosign-image.new.1991/cosign-image.changes 2026-07-09 22:20:59.877430639 +0200 @@ -1,0 +2,5 @@ +Tue Jul 7 19:59:09 UTC 2026 - SUSE Update Bot <[email protected]> + +- adjust for cosign 3.1 + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ Dockerfile ++++++ --- /var/tmp/diff_new_pack.JXFEPH/_old 2026-07-09 22:21:00.513452363 +0200 +++ /var/tmp/diff_new_pack.JXFEPH/_new 2026-07-09 22:21:00.517452501 +0200 @@ -17,7 +17,7 @@ #!BuildTag: opensuse/cosign:%%cosign_version%%-%RELEASE% #!BuildTag: opensuse/cosign:%%cosign_version%% -#!BuildTag: opensuse/cosign:3.0 +#!BuildTag: opensuse/cosign:3.1 #!BuildTag: opensuse/cosign:3 #!BuildTag: opensuse/cosign:latest @@ -31,7 +31,7 @@ # sanity check that the version from the tag is equal to the version of cosign that we expect RUN set -euo pipefail; \ [ "$(rpm --root /target -q --qf '%{version}' cosign | \ - cut -d '.' -f -2)" = "3.0" ] + cut -d '.' -f -2)" = "3.1" ] # cleanup logs and temporary files RUN set -euo pipefail; zypper -n --installroot /target clean -a; \ ++++++ README.md ++++++ --- /var/tmp/diff_new_pack.JXFEPH/_old 2026-07-09 22:21:00.549453593 +0200 +++ /var/tmp/diff_new_pack.JXFEPH/_new 2026-07-09 22:21:00.557453866 +0200 @@ -22,7 +22,7 @@ `--certificate-oidc-issuer` flags: ```ShellSession -$ podman run registry.opensuse.org/opensuse/cosign:3.0 \ +$ podman run registry.opensuse.org/opensuse/cosign:3.1 \ verify $IMAGE \ --certificate-identity=$IDENTITY \ --certificate-oidc-issuer=$OIDC_ISSUER @@ -42,7 +42,7 @@ signed payload includes the digest of the container image, which indicates that these "detached" signatures apply to the correct image. ```ShellSession -$ podman run registry.opensuse.org/opensuse/cosign:3.0 verify --key cosign.pub $IMAGE_URI:1h +$ podman run registry.opensuse.org/opensuse/cosign:3.1 verify --key cosign.pub $IMAGE_URI:1h The following checks were performed on these signatures: - The cosign claims were validated - The signatures were verified against the specified public key
