pool/cosign
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Adrian Schröter
9609eb599a Sync changes to SLFO-1.2 branch 2025-08-20 09:10:07 +02:00
9 changed files with 13 additions and 140 deletions
Expand all files Collapse all files

2
_service
View File

@@ -3,7 +3,7 @@
<param name="url">https://github.com/sigstore/cosign</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v3.0.3</param>
<param name="revision">v2.5.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>

2
_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/sigstore/cosign</param>
<param name="changesrevision">3f32cea203c59a93323a6bebfebff03417520143</param></service></servicedata>
<param name="changesrevision">488ef8ceed5ab5d77379e9077a124a0d0df41d06</param></service></servicedata>

BIN
cosign-2.5.3.obscpio LFS Normal file
View File

Binary file not shown.

3
cosign-3.0.3.obscpio
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:03dd3d8bdf710dd4eba957be3e8895995813c51713b6d080147e8b710482c970
size 4057100

3
cosign-3.0.3.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0cea36c79cd4083ce62c7d20a6b54d0550424576bcffc056e948354e5391b6ed
size 949214

124
cosign.changes
View File

@@ -1,127 +1,3 @@
-------------------------------------------------------------------
Wed Dec 10 14:35:48 UTC 2025 - meissner@suse.com
- Update to version 3.0.3:
* 4554: Closes 4554 - Add warning when --output* is used (#4556)
* chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 (#4545)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.111.0 to 3.113.0 (#4542)
* chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#4543)
* chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4546)
* chore(deps): bump the actions group with 4 updates (#4544)
* chore(deps): bump the gomod group across 1 directory with 5 updates (#4567)
* chore(deps): bump golang from 1.25.4 to 1.25.5 in the all group (#4568)
* update builder to use go1.25.5 (#4566)
* Protobuf bundle support for subcommand `clean` (#4539)
* Add staging flag to initialize with staging TUF metadata
* update slack invite link (#4560)
* Updating sign-blob to also support signing with a certificate (#4547)
* Bump sigstore library dependencies (#4532)
* Protobuf bundle support for subcommands `save` and `load` (#4538)
* Fix cert attachment for new bundle with signing config
* Fix OCI verification with local cert - old bundle
* chore(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.1 (#4519)
* chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#4535)
* chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4536)
* update go builder and cosign (#4529)
* chore(deps): bump the gomod group across 1 directory with 7 updates (#4528)
* chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4478)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4520)
* chore(deps): bump golang from 1.25.3 to 1.25.4 in the all group (#4515)
* chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#4518)
* chore(deps): bump cuelang.org/go from 0.14.2 to 0.15.0 (#4524)
* chore(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 (#4521)
* chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4502)
* chore(deps): bump the actions group across 1 directory with 2 updates (#4516)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.110.0 to 3.111.0 (#4523)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4522)
* Deprecate tlog-upload flag (#4458)
* fix: Use signal context for `sign` cli package.
* update offline verification directions (#4526)
* Fix signing/verifying annotations for new bundle
* Add support to download and attach for protobuf bundles (#4477)
* Add --signing-algorithm flag (#3497)
* Refactor signcommon bundle helpers
* Add --bundle and fix --upload for new bundle
* Pass insecure registry flags through to referrers
* chore(deps): bump github.com/buildkite/agent/v3 from 3.108.0 to 3.109.1 (#4483)
* Add protobuf bundle support for tree subcommand (#4491)
* Remove stale embed import (#4492)
* Support multiple container identities
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4484)
* chore(deps): bump chainguard-dev/actions in the actions group (#4480)
* chore(deps): bump github.com/sigstore/rekor-tiles/v2 (#4485)
* chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#4486)
* chore(deps): bump cuelang.org/go in the gomod group (#4479)
* upgrade OSS-Fuzz build tooling (#4487)
* Fix segfault when no attestations are found (#4472)
* Use overridden repository for new bundle format (#4473)
* update go to 1.25.3 (#4471)
* Remove --out flag from `cosign initialize` (#4462)
* chore(deps): bump the actions group with 2 updates (#4460)
* Deprecate offline flag (#4457)
* Deduplicate code in sign/attest* and verify* commands (#4449)
* Cache signing config when calling initialize (#4456)
* Update changelog for v3.0.2 (#4455)
* chore(deps): bump google.golang.org/api from 0.250.0 to 0.251.0
* chore(deps): bump gitlab.com/gitlab-org/api/client-go
* chore(deps): bump the actions group with 3 updates
* chore(deps): bump github.com/buildkite/agent/v3 from 3.107.2 to 3.108.0
* choose different signature filename for KMS-signed release signatures (#4448)
* chore(deps): bump github.com/go-jose/go-jose/v4 (#4451)
* Update rekor-tiles version path
* update CL for v3.0.1 release (#4447)
* update goreleaser config for v3.0.0 release (#4446)
* Create changelog for v3.0.0 (#4440)
* Fetch service URLs from the TUF PGI signing config by default (#4428)
* Create changelog for v2.6.1 (#4439)
* chore(deps): bump google.golang.org/api from 0.249.0 to 0.250.0 (#4432)
* chore(deps): bump the gomod group with 2 updates (#4429)
* chore(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 (#4433)
* chore(deps): bump the actions group with 3 updates (#4434)
* chore(deps): bump github.com/go-openapi/swag from 0.24.1 to 0.25.1 (#4435)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4436)
* chore(deps): bump github.com/go-openapi/runtime from 0.28.0 to 0.29.0 (#4437)
* Bump module version to v3 for Cosign v3.0 (#4427)
* Move sigstore-conformance back to tagged release (#4425)
* Bump sigstore-go to v1.1.3 (#4423)
* Partially populate the output of cosign verify when working with new bundles (#4416)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4419)
* chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4418)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.105.0 to 3.107.0 (#4420)
* chore(deps): bump chainguard-dev/actions in the actions group (#4421)
* bump go builder to use 1.25.1 and cosign (#4417)
* Bump sigstore-go for more precise user agents (#4413)
* chore(deps): bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#4408)
* chore(deps): bump the actions group with 2 updates (#4407)
* chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4410)
* chore(deps): bump github.com/buildkite/agent/v3 from 3.104.0 to 3.105.0 (#4411)
* Default to using the new protobuf format (#4318)
-------------------------------------------------------------------
Thu Sep 18 13:33:58 UTC 2025 - Marcus Meissner <meissner@suse.com>
- Update to version 2.6.0:
- Require exclusively a SigningConfig or service URLs when signing (#4403)
- Add a terminal spinner while signing with sigstore-go (#4402)
- Bump sigstore-go, support alternative hash algorithms with keys (#4386)
- Add support for SigningConfig in sign/attest (#4371)
- Support self-managed keys when signing with sigstore-go (#4368)
- Remove SHA256 assumption in sign-blob/verify-blob (#4050)
- introduce dockerfile to pin the go version to decouple go version from go.mod (#4369)
- refactor: extract function to write referrer attestations (#4357)
- Break import cycle with e2e build tag (#4370)
- Update conformance test binary for signing config (#4367)
- update builder image to use go1.25 (#4366)
- Don't load content from TUF if trusted root path is specified (#4347)
- Don't require timestamps when verifying with a key (#4337)
- Fixes to cosign sign / verify for the new bundle format (#4346)
- update builder to use go1.24.6 (#4334)
- bump golangci-lint to v2.3.x (#4333)
- Have cosign sign support bundle format (#4316)
- Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (#4319)
- Verify subject with bundle only when checking claims (#4320)
- Add to `attest-blob` the ability to supply a complete in-toto statement, and add to `verify-blob-attestation` the ability to verify with just a digest (#4306)
-------------------------------------------------------------------
Fri Jul 18 11:54:31 UTC 2025 - meissner@suse.com

6
cosign.obsinfo
View File

@@ -1,4 +1,4 @@
name: cosign
version: 3.0.3
mtime: 1765324943
commit: 3f32cea203c59a93323a6bebfebff03417520143
version: 2.5.3
mtime: 1752782207
commit: 488ef8ceed5ab5d77379e9077a124a0d0df41d06

6
cosign.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package cosign
#
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: cosign
Version: 3.0.3
Version: 2.5.3
Release: 0
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
@@ -26,7 +26,7 @@ Source: https://github.com/sigstore/cosign/archive/refs/tags/v%{version}
Source1: vendor.tar.zst
BuildRequires: golang-packaging
BuildRequires: zstd
BuildRequires: golang(API) = 1.25
BuildRequires: golang(API) = 1.24
%description
Cosign aims to make signatures invisible infrastructure.

BIN
vendor.tar.zst LFS
View File

Binary file not shown.