Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kyverno for openSUSE:Factory checked in at 2023-05-31 21:54:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kyverno (Old) and /work/SRC/openSUSE:Factory/.kyverno.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kyverno" Wed May 31 21:54:37 2023 rev:21 rq:1089909 version:1.10.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kyverno/kyverno.changes 2023-05-29 22:48:29.506544566 +0200 +++ /work/SRC/openSUSE:Factory/.kyverno.new.1533/kyverno.changes 2023-05-31 21:54:39.305061300 +0200 @@ -1,0 +2,72 @@ +Tue May 30 14:04:50 UTC 2023 - Johannes Kastl <ka...@b1-systems.de> + +- BuildRequire go1.20 +- add completion subpackages for bash, zsh and fish shells + +------------------------------------------------------------------- +Tue May 30 11:15:57 UTC 2023 - ka...@b1-systems.de + +- Update to version 1.10.0: + Kyverno 1.10 is a huge release which brings breaking changes in + both the application and Helm chart. Please read these release + notes carefully! + * Major features: + - Split the main Kyverno Deployment into 3 separate + controllers/Deployments + - Intra-cluster Service calls + - Notary v2 support + - Major reworking of generate and "mutate existing" policies + * Breaking changes + - This release separates Kyverno into its 3 main components: + admission controller, reporting controller, and background + controller. As a result, there is no direct upgrade path from + previous versions. When deploying with Helm, we recommend + either backing up and restoring Kyverno policies (kubectl get + pol,cpol,cleanpol,ccleanpol,polex -A > backup.yaml) or + scaling the Kyverno deployment(s) to zero first. Policy + reports will be regenerated from existing resources when + policies are reinstalled. Regardless of the option, this + upgrade should be performed in a maintenance window as there + will be downtime involved. + - As a result of this decomposition, aggregated ClusterRoles + may need to be updated to use the new label values depending + on the controller which requires those permissions. + - Policies which matched on some types of subresources (such as + PodExecOptions) will need to be updated to use the + standardized form of <parent>/<subresource> (Pod/exec). + - The following fields in a generate rule are now immutable + once created: spec.rules.name, spec.rules.match, + spec.rules.exclude, spec.rules.preconditions, + spec.generate.apiVersion, spec.generate.kind, + spec.generate.namespace, spec.generate.name, + spec.generate.clone, and spec.generate.cloneList (#6328, + #6451) + - Variables in these portions of a generate rule will now be + disallowed: clone, cloneList, generate.kind, and + generate.apiVersion (#6438) + - Generate and "mutate existing" policies, once installed, will + check to see if Kyverno has the necessary permissions to + successfully execute them. If not, Kyverno will block their + creation until the permissions are available. This is added + to bring behavior in alignment with how cleanup policies work + and provide a better UX (#6610) + - Properly enforcing that "mutate existing" rules, when + mutateExistingOnPolicyUpdate is set to true, also has + mutate.targets[] defined or else the policy creation will be + blocked (#6693) + - When a verifyImages policy is created in Audit mode, its + creation will be rejected unless mutateDigest is set to false + (#6757) + - Mutation rules which change the image field in a Pod spec and + which relied on docker.io being silently added by Kyverno + (when it was not explicitly defined in the image) will need + to be adjusted to either use the images.*.registry predefined + variable or the new normalize_image() JMESPath filter. To + address other discovered issues with mutation, Kyverno can no + longer add the default registry to the context. It will only + be accessible to internal variables and JMESPath. + - The generate.apiVersion field is now required in a generate + rule. Policies/rules without this defined will need to set + it. (#7080) + +------------------------------------------------------------------- Old: ---- kyverno-1.9.5.obscpio New: ---- kyverno-1.10.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kyverno.spec ++++++ --- /var/tmp/diff_new_pack.1faWGw/_old 2023-05-31 21:54:40.405067801 +0200 +++ /var/tmp/diff_new_pack.1faWGw/_new 2023-05-31 21:54:40.413067848 +0200 @@ -19,18 +19,49 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: kyverno -Version: 1.9.5 +Version: 1.10.0 Release: 0 Summary: CLI and kubectl plugin for Kyverno License: Apache-2.0 URL: https://github.com/kyverno/kyverno Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz -BuildRequires: go >= 1.17 +BuildRequires: go >= 1.20 %description Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git. +%package -n %{name}-bash-completion +Summary: Bash Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Requires: bash-completion +Supplements: (%{name} and bash-completion) +BuildArch: noarch + +%description -n %{name}-bash-completion +Bash command line completion support for %{name}. + +%package -n %{name}-fish-completion +Summary: Fish Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements: (%{name} and fish) +BuildArch: noarch + +%description -n %{name}-fish-completion +Fish command line completion support for %{name}. + +%package -n %{name}-zsh-completion +Summary: Zsh Completion for %{name} +Group: System/Shells +Requires: %{name} = %{version} +Supplements: (%{name} and zsh) +BuildArch: noarch + +%description -n %{name}-zsh-completion +zsh command line completion support for %{name}. + %prep %setup -q %setup -q -T -D -a 1 @@ -50,10 +81,36 @@ cd %{buildroot}/%{_bindir}/ ln -s %{name} kubectl-%{name} +# create the bash completion file +mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/ +%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name} + +# create the fish completion file +mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/ +%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +# create the zsh completion file +mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/ +%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name} + %files %doc README.md %license LICENSE %{_bindir}/%{name} %{_bindir}/kubectl-%{name} +%files -n %{name}-bash-completion +%dir %{_datarootdir}/bash-completion/completions/ +%{_datarootdir}/bash-completion/completions/%{name} + +%files -n %{name}-fish-completion +%dir %{_datarootdir}/fish +%dir %{_datarootdir}/fish/vendor_completions.d +%{_datarootdir}/fish/vendor_completions.d/%{name}.fish + +%files -n %{name}-zsh-completion +%defattr(-,root,root) +%dir %{_datarootdir}/zsh_completion.d/ +%{_datarootdir}/zsh_completion.d/_%{name} + %changelog ++++++ _service ++++++ --- /var/tmp/diff_new_pack.1faWGw/_old 2023-05-31 21:54:40.445068038 +0200 +++ /var/tmp/diff_new_pack.1faWGw/_new 2023-05-31 21:54:40.445068038 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/kyverno/kyverno</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.9.5</param> + <param name="revision">v1.10.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.1faWGw/_old 2023-05-31 21:54:40.465068156 +0200 +++ /var/tmp/diff_new_pack.1faWGw/_new 2023-05-31 21:54:40.469068179 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/kyverno/kyverno</param> - <param name="changesrevision">f4efee1daefacb4d391f48dfcb8f025478e4e332</param></service></servicedata> + <param name="changesrevision">da6f5c18132f773af15d0e09cbf2e16a36725232</param></service></servicedata> (No newline at EOF) ++++++ kyverno-1.9.5.obscpio -> kyverno-1.10.0.obscpio ++++++ /work/SRC/openSUSE:Factory/kyverno/kyverno-1.9.5.obscpio /work/SRC/openSUSE:Factory/.kyverno.new.1533/kyverno-1.10.0.obscpio differ: char 50, line 1 ++++++ kyverno.obsinfo ++++++ --- /var/tmp/diff_new_pack.1faWGw/_old 2023-05-31 21:54:40.513068440 +0200 +++ /var/tmp/diff_new_pack.1faWGw/_new 2023-05-31 21:54:40.517068463 +0200 @@ -1,5 +1,5 @@ name: kyverno -version: 1.9.5 -mtime: 1685142287 -commit: f4efee1daefacb4d391f48dfcb8f025478e4e332 +version: 1.10.0 +mtime: 1685435054 +commit: da6f5c18132f773af15d0e09cbf2e16a36725232 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kyverno/vendor.tar.gz /work/SRC/openSUSE:Factory/.kyverno.new.1533/vendor.tar.gz differ: char 5, line 1
