- Update to version 1.3.1 (bsc#1251516, CVE-2025-47911,
bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190,
bsc#1248937, CVE-2025-58058):
* bump github.com/containerd/containerd (#474)
* another fix to tests for new tests (#472)
* fixed typo in testdata (#471)
* fixed/cleaned new tests (#470)
* trying a new way for hauler testing (#467)
* update for cosign v3 verify (#469)
* added digests view to info (#465)
* bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457)
* update oras-go to v1.2.7 for security patches (#464)
* update cosign to v3.0.2+hauler.1 (#463)
* fixed homebrew directory deprecation (#462)
* add registry logout command (#460)
OBS-URL: https://build.opensuse.org/request/show/1316952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=10
bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190,
bsc#1248937, CVE-2025-58058):
* bump github.com/containerd/containerd (#474)
* another fix to tests for new tests (#472)
* fixed typo in testdata (#471)
* fixed/cleaned new tests (#470)
* trying a new way for hauler testing (#467)
* update for cosign v3 verify (#469)
* added digests view to info (#465)
* bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457)
* update oras-go to v1.2.7 for security patches (#464)
* update cosign to v3.0.2+hauler.1 (#463)
* fixed homebrew directory deprecation (#462)
* add registry logout command (#460)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=26
- update to 1.2.5 (bsc#1246722, CVE-2025-46569):
* Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in
the go_modules group across 1 directory (CVE-2025-46569)
* deprecate auth from hauler store copy
* Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the
go_modules group across 1 directory
* Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0
in the go_modules group across 1 directory
* upgraded go and dependencies versions
- Update to version 1.2.5:
* upgraded go and dependencies versions (#444)
* Bump github.com/go-viper/mapstructure/v2 (#442)
* bump github.com/cloudflare/circl (#441)
* deprecate auth from hauler store copy (#440)
* Bump github.com/open-policy-agent/opa (#438)
OBS-URL: https://build.opensuse.org/request/show/1294822
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=8
* Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in
the go_modules group across 1 directory
* deprecate auth from hauler store copy
* Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the
go_modules group across 1 directory
* Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0
in the go_modules group across 1 directory
* upgraded go and dependencies versions
- Update to version 1.2.5:
* upgraded go and dependencies versions (#444)
* Bump github.com/go-viper/mapstructure/v2 (#442)
* bump github.com/cloudflare/circl (#441)
* deprecate auth from hauler store copy (#440)
* Bump github.com/open-policy-agent/opa (#438)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=21
- Update to version 1.2.2 (bsc#1241184, CVE-2024-0406):
* cleanup new tlog flag typos and add shorthand (#426)
* default public transparency log verification to false to be airgap friendly but allow override (#425)
* bump github.com/golang-jwt/jwt/v4 (#423)
* bump the go_modules group across 1 directory with 2 updates (#422)
* bump github.com/go-jose/go-jose/v3 (#417)
* bump github.com/go-jose/go-jose/v4 (#415)
* clear default manifest name if product flag used with sync (#412)
* updates for v1.2.0 (#408)
* fixed remote code (#407)
* added remote file fetch to load (#406)
* added remote and multiple file fetch to sync (#405)
* updated save flag and related logs (#404)
* updated load flag and related logs [breaking change] (#403)
* updated sync flag and related logs [breaking change] (#402)
* upgraded api update to v1/updated dependencies (#400)
* fixed consts for oci declarations (#398)
* fix for correctly grabbing platform post cosign 2.4 updates (#393)
* use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390)
* Bump the go_modules group across 1 directory with 2 updates (#385)
* replace mholt/archiver with mholt/archives (#384)
* forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383)
* cleaned up registry and improved logging (#378)
* Bump golang.org/x/crypto in the go_modules group across 1 directory (#377)
- drop
0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
(upstream)
OBS-URL: https://build.opensuse.org/request/show/1269481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=5
* cleanup new tlog flag typos and add shorthand (#426)
* default public transparency log verification to false to be airgap friendly but allow override (#425)
* bump github.com/golang-jwt/jwt/v4 (#423)
* bump the go_modules group across 1 directory with 2 updates (#422)
* bump github.com/go-jose/go-jose/v3 (#417)
* bump github.com/go-jose/go-jose/v4 (#415)
* clear default manifest name if product flag used with sync (#412)
* updates for v1.2.0 (#408)
* fixed remote code (#407)
* added remote file fetch to load (#406)
* added remote and multiple file fetch to sync (#405)
* updated save flag and related logs (#404)
* updated load flag and related logs [breaking change] (#403)
* updated sync flag and related logs [breaking change] (#402)
* upgraded api update to v1/updated dependencies (#400)
* fixed consts for oci declarations (#398)
* fix for correctly grabbing platform post cosign 2.4 updates (#393)
* use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390)
* Bump the go_modules group across 1 directory with 2 updates (#385)
* replace mholt/archiver with mholt/archives (#384)
* forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383)
* cleaned up registry and improved logging (#378)
* Bump golang.org/x/crypto in the go_modules group across 1 directory (#377)
- drop
0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
(upstream)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=15
- Update to version 1.1.1:
* fixed cli desc for store env var (#374)
* updated versions for go/k8s/helm (#373)
* updated version flag to internal/flags (#369)
* renamed incorrectly named consts (#371)
* added store env var (#370)
* adding ignore errors and retries for continue on error/fail on error (#368)
* updated/fixed hauler directory (#354)
* standardize consts (#353)
* removed cachedir code (#355)
* removed k3s code (#352)
* updated dependencies for go, helm, and k8s (#351)
* [feature] build with boring crypto where available (#344)
* updated workflow to goreleaser builds (#341)
* added timeout to goreleaser workflow (#340)
* trying new workflow build processes (#337)
* improved workflow performance (#336)
* have extract use proper ref (#335)
* yet another workflow goreleaser fix (#334)
* even more workflow fixes (#333)
* added more fixes to github workflow (#332)
* fixed typo in hauler store save (#331)
* updates to fix build processes (#330)
* added integration tests for non hauler tarballs (#325)
* bump: golang >= 1.23.1 (#328)
* add platform flag to store save (#329)
* Update feature_request.md
* updated/standardize command descriptions (#313)
* use new annotation for 'store save' manifest.json (#324)
* enable docker load for hauler tarballs (#320)
OBS-URL: https://build.opensuse.org/request/show/1240632
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=3
* fixed cli desc for store env var (#374)
* updated versions for go/k8s/helm (#373)
* updated version flag to internal/flags (#369)
* renamed incorrectly named consts (#371)
* added store env var (#370)
* adding ignore errors and retries for continue on error/fail on error (#368)
* updated/fixed hauler directory (#354)
* standardize consts (#353)
* removed cachedir code (#355)
* removed k3s code (#352)
* updated dependencies for go, helm, and k8s (#351)
* [feature] build with boring crypto where available (#344)
* updated workflow to goreleaser builds (#341)
* added timeout to goreleaser workflow (#340)
* trying new workflow build processes (#337)
* improved workflow performance (#336)
* have extract use proper ref (#335)
* yet another workflow goreleaser fix (#334)
* even more workflow fixes (#333)
* added more fixes to github workflow (#332)
* fixed typo in hauler store save (#331)
* updates to fix build processes (#330)
* added integration tests for non hauler tarballs (#325)
* bump: golang >= 1.23.1 (#328)
* add platform flag to store save (#329)
* Update feature_request.md
* updated/standardize command descriptions (#313)
* use new annotation for 'store save' manifest.json (#324)
* enable docker load for hauler tarballs (#320)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=11
- update to 1.0.1:
* Fix --name option in "store add file" command
* Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2
* Exit with status code 1 if cosign is not configured
* fix exit code on error @amartin120
* add registry flag to cli for sync @amartin120
- update to 1.0.0:
* adding graphics @bgulla
* updated readme and removed roadmap @zackbradys
* updated/cleaned up install.sh @zackbradys
* remove deprecated commands @amartin120
* Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1
* bug-fix: handle complex file names @amartin120
* add login command @amartin120
* update to add size totals and cosign bits to the info
- update to 0.4.4:
* add annotations for registry @amartin120
* add annotations for key and platform @amartin120
* Flags passed from the CLI have a global effect on any image
UNLESS it has a (key/platform) specified on the individual
image. Individual image key/platform takes precedence.
* If you have `hauler.dev/key` and/or `hauler.dev/platform` at
the annotation level, it would work just like the CLI flag
and globally apply for everything except individual images
specifying otherwise. Just like above.
* If you just so happen to provide both an annotation AND the
CLI flag for the same thing, the CLI flag wins.
* As for the `hauler.dev/registry` annotation, it will apply
globally unless the provided image reference already has a
registry specified in its name.
OBS-URL: https://build.opensuse.org/request/show/1164155
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=2
* Fix --name option in "store add file" command
* Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2
* Exit with status code 1 if cosign is not configured
* fix exit code on error @amartin120
* add registry flag to cli for sync @amartin120
- update to 1.0.0:
* adding graphics @bgulla
* updated readme and removed roadmap @zackbradys
* updated/cleaned up install.sh @zackbradys
* remove deprecated commands @amartin120
* Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1
* bug-fix: handle complex file names @amartin120
* add login command @amartin120
* update to add size totals and cosign bits to the info
- update to 0.4.4:
* add annotations for registry @amartin120
* add annotations for key and platform @amartin120
* Flags passed from the CLI have a global effect on any image
UNLESS it has a (key/platform) specified on the individual
image. Individual image key/platform takes precedence.
* If you have `hauler.dev/key` and/or `hauler.dev/platform` at
the annotation level, it would work just like the CLI flag
and globally apply for everything except individual images
specifying otherwise. Just like above.
* If you just so happen to provide both an annotation AND the
CLI flag for the same thing, the CLI flag wins.
* As for the `hauler.dev/registry` annotation, it will apply
globally unless the provided image reference already has a
registry specified in its name.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=6
