Hello community, here is the log from the commit of package trivy for openSUSE:Factory checked in at 2020-10-21 14:40:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trivy (Old) and /work/SRC/openSUSE:Factory/.trivy.new.3486 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trivy" Wed Oct 21 14:40:13 2020 rev:2 rq:843194 version:0.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/trivy/trivy.changes 2020-10-20 16:21:53.110335816 +0200 +++ /work/SRC/openSUSE:Factory/.trivy.new.3486/trivy.changes 2020-10-21 14:40:26.785675270 +0200 @@ -1,0 +2,15 @@ +Tue Oct 20 13:13:39 UTC 2020 - msab...@suse.com + +- Update to version 0.12.0: + * ci(circle): update remote docker version (#683) + * suse: update end of life dates for SLES service packs (#676) + * update readme for parallel run issue (#660) + * fix link for Clear images section in README (#659) + * add link to Gitlab CI pipeline in README (#658) + * test: add tests for mux (#645) + * chore: bump up Go to 1.15 (#646) + * Add contrib/ to the release chain for Docker (#638) + * Add health check endpoint to trivy server (#644) + * fix(cli): show help for subcommands (#629) + +------------------------------------------------------------------- Old: ---- _servicedata trivy-0.9.2.tar.gz New: ---- trivy-0.12.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trivy.spec ++++++ --- /var/tmp/diff_new_pack.Bc7GQs/_old 2020-10-21 14:40:28.213676078 +0200 +++ /var/tmp/diff_new_pack.Bc7GQs/_new 2020-10-21 14:40:28.217676080 +0200 @@ -16,42 +16,53 @@ # # nodebuginfo - -%define goipath github.com/aquasecurity/trivy - Name: trivy -Version: 0.9.2 +Version: 0.12.0 Release: 0 -Summary: Vulnerability Scanner for Containers +Summary: A Simple and Comprehensive Vulnerability Scanner for Containers License: Apache-2.0 Group: System/Management URL: https://github.com/aquasecurity/trivy -Source0: %{name}-%{version}.tar.gz +Source: %{name}-%{version}.tar.gz Source1: vendor.tar.gz BuildRequires: golang-packaging -BuildRequires: golang(API) >= 1.13 +BuildRequires: golang(API) = 1.13 + +# As specified in their documentation. The version of these packages doesn't +# seem to matter too much. +Requires: git-core +Requires: ca-certificates +Requires: rpm +%{go_nostrip} %description -A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, -Suitable for CI. +Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and +comprehensive vulnerability scanner for containers and other artifacts. A +software vulnerability is a glitch, flaw, or weakness present in the software or +in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine, +RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, +etc.). Trivy is easy to use. Just install the binary and you're ready to +scan. All you need to do for scanning is to specify a target such as an image +name of the container. %prep -%setup -q -n %{name}-%{version} -%setup -q -T -D -a 1 +%setup -q -a1 -%build -%goprep %{goipath} - -export CGO_ENABLED=0 +# Even though this is a bit ugly because it falls outside of the scope of the +# original intent of the `LDFLAGS` variable, it's useful to do it once just so +# we don't have to patch both `build` and `install`. +sed -i -e 's|LDFLAGS=|LDFLAGS=-buildmode=pie -mod vendor |g' Makefile -%gobuild -mod vendor cmd/trivy +%build +make build VERSION=%{version} %install -%goinstall +make install VERSION=%{version} +install -D -m 0755 ~/go/bin/%{name} "%{buildroot}/%{_bindir}/%{name}" %files %license LICENSE %doc README.md -%{_bindir}/trivy +%{_bindir}/%{name} %changelog ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Bc7GQs/_old 2020-10-21 14:40:28.245676096 +0200 +++ /var/tmp/diff_new_pack.Bc7GQs/_new 2020-10-21 14:40:28.245676096 +0200 @@ -1,18 +1,17 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="url">https://github.com/aquasecurity/trivy.git</param> + <param name="url">https://github.com/aquasecurity/trivy</param> <param name="scm">git</param> - <param name="exclude">.git</param> - <param name="filename">trivy</param> - <param name="revision">v0.9.2</param> - <param name="versionformat">@PARENT_TAG@</param> - <param name="versionrewrite-pattern">v(.*)</param> + <param name="versionformat">0.12.0</param> + <param name="revision">v0.12.0</param> <param name="changesgenerate">enable</param> </service> - <service name="set_version" mode="disabled"/> <service name="recompress" mode="disabled"> - <param name="file">*.tar</param> + <param name="file">trivy-*.tar</param> <param name="compression">gz</param> </service> + <service name="set_version" mode="disabled"> + <param name="basename">trivy</param> + </service> <service name="go_modules" mode="disabled"/> </services> ++++++ trivy-0.9.2.tar.gz -> trivy-0.12.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/trivy/trivy-0.9.2.tar.gz /work/SRC/openSUSE:Factory/.trivy.new.3486/trivy-0.12.0.tar.gz differ: char 12, line 1 ++++++ vendor.tar.gz ++++++ ++++ 98973 lines of diff (skipped)