pool/hauler
SHA256
17
0
Fork 2
Code Issues Pull Requests 1 Activity

leap-16.0 #2

Manually merged
dimstar_suse merged 17 commits from dirkmueller/hauler:leap-16.0 into leap-16.0 2025-12-12 14:10:55 +01:00
Conversation 12 Commits 17 Files Changed 7 +226 -11
dirkmueller commented 2025-11-30 23:41:41 +01:00
Owner
Copy Link
No description provided.
dirkmueller added 17 commits 2025-11-30 23:41:41 +01:00
- Update to version 1.1.1: e25264b9d6 
* fixed cli desc for store env var (#374)
  * updated versions for go/k8s/helm (#373)
  * updated version flag to internal/flags (#369)
  * renamed incorrectly named consts (#371)
  * added store env var (#370)
  * adding ignore errors and retries for continue on error/fail on error (#368)
  * updated/fixed hauler directory (#354)
  * standardize consts (#353)
  * removed cachedir code (#355)
  * removed k3s code (#352)
  * updated dependencies for go, helm, and k8s (#351)
  * [feature] build with boring crypto where available (#344)
  * updated workflow to goreleaser builds (#341)
  * added timeout to goreleaser workflow (#340)
  * trying new workflow build processes (#337)
  * improved workflow performance (#336)
  * have extract use proper ref (#335)
  * yet another workflow goreleaser fix (#334)
  * even more workflow fixes (#333)
  * added more fixes to github workflow (#332)
  * fixed typo in hauler store save (#331)
  * updates to fix build processes (#330)
  * added integration tests for non hauler tarballs (#325)
  * bump: golang >= 1.23.1 (#328)
  * add platform flag to store save (#329)
  * Update feature_request.md
  * updated/standardize command descriptions (#313)
  * use new annotation for 'store save' manifest.json (#324)
  * enable docker load for hauler tarballs (#320)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=11
Accepting request 1240632 from Virtualization:containers c0ec59a53b 
- Update to version 1.1.1:
  * fixed cli desc for store env var (#374)
  * updated versions for go/k8s/helm (#373)
  * updated version flag to internal/flags (#369)
  * renamed incorrectly named consts (#371)
  * added store env var (#370)
  * adding ignore errors and retries for continue on error/fail on error (#368)
  * updated/fixed hauler directory (#354)
  * standardize consts (#353)
  * removed cachedir code (#355)
  * removed k3s code (#352)
  * updated dependencies for go, helm, and k8s (#351)
  * [feature] build with boring crypto where available (#344)
  * updated workflow to goreleaser builds (#341)
  * added timeout to goreleaser workflow (#340)
  * trying new workflow build processes (#337)
  * improved workflow performance (#336)
  * have extract use proper ref (#335)
  * yet another workflow goreleaser fix (#334)
  * even more workflow fixes (#333)
  * added more fixes to github workflow (#332)
  * fixed typo in hauler store save (#331)
  * updates to fix build processes (#330)
  * added integration tests for non hauler tarballs (#325)
  * bump: golang >= 1.23.1 (#328)
  * add platform flag to store save (#329)
  * Update feature_request.md
  * updated/standardize command descriptions (#313)
  * use new annotation for 'store save' manifest.json (#324)
  * enable docker load for hauler tarballs (#320)

OBS-URL: https://build.opensuse.org/request/show/1240632
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=3
- add 0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch 44ca2f997c 
to bump net/html dependencies (bsc#1235332, CVE-2024-45338)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=13
Accepting request 1241176 from Virtualization:containers f39b4f07e4 
- add 0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
  to bump net/html dependencies (bsc#1235332, CVE-2024-45338)

OBS-URL: https://build.opensuse.org/request/show/1241176
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=4
- Update to version 1.2.2 (bsc#1241184, CVE-2024-0406): 38f624a2dc 
* cleanup new tlog flag typos and add shorthand (#426)
  * default public transparency log verification to false to be airgap friendly but allow override (#425)
  * bump github.com/golang-jwt/jwt/v4 (#423)
  * bump the go_modules group across 1 directory with 2 updates (#422)
  * bump github.com/go-jose/go-jose/v3 (#417)
  * bump github.com/go-jose/go-jose/v4 (#415)
  * clear default manifest name if product flag used with sync (#412)
  * updates for v1.2.0 (#408)
  * fixed remote code (#407)
  * added remote file fetch to load (#406)
  * added remote and multiple file fetch to sync (#405)
  * updated save flag and related logs (#404)
  * updated load flag and related logs [breaking change] (#403)
  * updated sync flag and related logs [breaking change] (#402)
  * upgraded api update to v1/updated dependencies (#400)
  * fixed consts for oci declarations (#398)
  * fix for correctly grabbing platform post cosign 2.4 updates (#393)
  * use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390)
  * Bump the go_modules group across 1 directory with 2 updates (#385)
  * replace mholt/archiver with mholt/archives (#384)
  * forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383)
  * cleaned up registry and improved logging (#378)
  * Bump golang.org/x/crypto in the go_modules group across 1 directory (#377)
- drop
  0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
  (upstream)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=15
Accepting request 1269481 from Virtualization:containers 47308f6285 
- Update to version 1.2.2 (bsc#1241184, CVE-2024-0406):
  * cleanup new tlog flag typos and add shorthand (#426)
  * default public transparency log verification to false to be airgap friendly but allow override (#425)
  * bump github.com/golang-jwt/jwt/v4 (#423)
  * bump the go_modules group across 1 directory with 2 updates (#422)
  * bump github.com/go-jose/go-jose/v3 (#417)
  * bump github.com/go-jose/go-jose/v4 (#415)
  * clear default manifest name if product flag used with sync (#412)
  * updates for v1.2.0 (#408)
  * fixed remote code (#407)
  * added remote file fetch to load (#406)
  * added remote and multiple file fetch to sync (#405)
  * updated save flag and related logs (#404)
  * updated load flag and related logs [breaking change] (#403)
  * updated sync flag and related logs [breaking change] (#402)
  * upgraded api update to v1/updated dependencies (#400)
  * fixed consts for oci declarations (#398)
  * fix for correctly grabbing platform post cosign 2.4 updates (#393)
  * use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390)
  * Bump the go_modules group across 1 directory with 2 updates (#385)
  * replace mholt/archiver with mholt/archives (#384)
  * forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383)
  * cleaned up registry and improved logging (#378)
  * Bump golang.org/x/crypto in the go_modules group across 1 directory (#377)
- drop
  0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
  (upstream)

OBS-URL: https://build.opensuse.org/request/show/1269481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=5
- Update to version 1.2.3: 927c41f458 
* formatting and flag text updates
  * add keyless signature verification (#434)
  * bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430)
  * add --only flag to hauler store copy (for images) (#429)
  * fix tlog verification error/warning output (#428)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=17
Accepting request 1273079 from Virtualization:containers 68ae52ecc8 
- Update to version 1.2.3:
  * formatting and flag text updates
  * add keyless signature verification (#434)
  * bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430)
  * add --only flag to hauler store copy (for images) (#429)
  * fix tlog verification error/warning output (#428)

OBS-URL: https://build.opensuse.org/request/show/1273079
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=6
- update to 1.2.4 (CVE-2025-22872, bsc#1241804): cad49e9205 
* Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules
    group across 1 directory
  * minor tests updates

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=19
Accepting request 1273864 from Virtualization:containers 44c743f405 
- update to 1.2.4 (CVE-2025-22872, bsc#1241804):
  * Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules
    group across 1 directory
  * minor tests updates

OBS-URL: https://build.opensuse.org/request/show/1273864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=7
- update to 1.2.5: 59b8881cf2 
* Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in
    the go_modules group across 1 directory
  * deprecate auth from hauler store copy
  * Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the
    go_modules group across 1 directory
  * Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0
    in the go_modules group across 1 directory
  * upgraded go and dependencies versions

- Update to version 1.2.5:
  * upgraded go and dependencies versions (#444)
  * Bump github.com/go-viper/mapstructure/v2 (#442)
  * bump github.com/cloudflare/circl (#441)
  * deprecate auth from hauler store copy (#440)
  * Bump github.com/open-policy-agent/opa (#438)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=21
- update to 1.2.5 (bsc#1246722, CVE-2025-46569): 6fa1715698 
the go_modules group across 1 directory (CVE-2025-46569)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=22
Accepting request 1294822 from Virtualization:containers 8d8da591f4 
- update to 1.2.5 (bsc#1246722, CVE-2025-46569):
  * Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in
    the go_modules group across 1 directory (CVE-2025-46569)
  * deprecate auth from hauler store copy
  * Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the
    go_modules group across 1 directory
  * Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0
    in the go_modules group across 1 directory
  * upgraded go and dependencies versions

- Update to version 1.2.5:
  * upgraded go and dependencies versions (#444)
  * Bump github.com/go-viper/mapstructure/v2 (#442)
  * bump github.com/cloudflare/circl (#441)
  * deprecate auth from hauler store copy (#440)
  * Bump github.com/open-policy-agent/opa (#438)

OBS-URL: https://build.opensuse.org/request/show/1294822
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=8
- Update to version 1.3.0: 705fe01c7a 
* bump the go_modules group across 1 directory with 2 updates (#455)
  * upgraded versions/dependencies/deprecations (#454)
  * allow loading of docker tarballs (#452)
  * bump the go_modules group across 1 directory with 2 updates (#449)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=24
Accepting request 1313799 from Virtualization:containers fabc6174da 
- Update to version 1.3.0:
  * bump the go_modules group across 1 directory with 2 updates (#455)
  * upgraded versions/dependencies/deprecations (#454)
  * allow loading of docker tarballs (#452)
  * bump the go_modules group across 1 directory with 2 updates (#449)

OBS-URL: https://build.opensuse.org/request/show/1313799
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=9
- Update to version 1.3.1 (bsc#1251516, CVE-2025-47911, b395c09e15 
bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190,
  bsc#1248937, CVE-2025-58058):
  * bump github.com/containerd/containerd (#474)
  * another fix to tests for new tests (#472)
  * fixed typo in testdata (#471)
  * fixed/cleaned new tests (#470)
  * trying a new way for hauler testing (#467)
  * update for cosign v3 verify (#469)
  * added digests view to info (#465)
  * bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457)
  * update oras-go to v1.2.7 for security patches (#464)
  * update cosign to v3.0.2+hauler.1 (#463)
  * fixed homebrew directory deprecation (#462)
  * add registry logout command (#460)

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/hauler?expand=0&rev=26
Accepting request 1316952 from Virtualization:containers 4061841edd 
- Update to version 1.3.1 (bsc#1251516, CVE-2025-47911,
  bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190,
  bsc#1248937, CVE-2025-58058):
  * bump github.com/containerd/containerd (#474)
  * another fix to tests for new tests (#472)
  * fixed typo in testdata (#471)
  * fixed/cleaned new tests (#470)
  * trying a new way for hauler testing (#467)
  * update for cosign v3 verify (#469)
  * added digests view to info (#465)
  * bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457)
  * update oras-go to v1.2.7 for security patches (#464)
  * update cosign to v3.0.2+hauler.1 (#463)
  * fixed homebrew directory deprecation (#462)
  * add registry logout command (#460)

OBS-URL: https://build.opensuse.org/request/show/1316952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hauler?expand=0&rev=10
autogits_workflow_pr_bot requested review from legaldb 2025-11-30 23:42:09 +01:00
autogits_workflow_pr_bot requested review from maintenance-release-review 2025-11-30 23:42:10 +01:00
autogits_workflow_pr_bot requested review from opensuse-review 2025-11-30 23:42:10 +01:00
opensuse-review commented 2025-11-30 23:44:04 +01:00
Member
Copy Link

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @opensuse-review: approve.
To request changes on behalf of the group, create the following comment: @opensuse-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by opensuse-review represents a group of reviewers: alarrosa, anag, atartamo, bigironman, darix, dimstar, dmach, eroca, jdsn, jengelh, mcalabkova, mstrigl, nkrapp, oertel, RBrownSUSE, simotek, smithfarm . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@opensuse-review: approve`. To request changes on behalf of the group, create the following comment: `@opensuse-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
maintenance-release-review commented 2025-11-30 23:48:50 +01:00
First-time contributor
Copy Link

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke .

Do not use standard review interface to review on behalf of the group.
To accept the review on behalf of the group, create the following comment: @maintenance-release-review: approve.
To request changes on behalf of the group, create the following comment: @maintenance-release-review: decline followed with lines justifying the decision.
Future edits of the comments are ignored, a new comment is required to change the review state.

Review by maintenance-release-review represents a group of reviewers: abergmann, amattiazzo, bfilho, cmatos, crazybyte, emanuelecappello, gsonnu, maintenance-robot, mauriziogalli, mbozicevic, mimi_vx, mschnitzer, msmeissn, pluskalm, rfrohl, slemke . Do **not** use standard review interface to review on behalf of the group. To accept the review on behalf of the group, create the following comment: `@maintenance-release-review: approve`. To request changes on behalf of the group, create the following comment: `@maintenance-release-review: decline` followed with lines justifying the decision. Future edits of the comments are ignored, a new comment is required to change the review state.
legaldb commented 2025-11-30 23:58:03 +01:00
Member
Copy Link

Legal review in progress.

Legal review [in progress](https://legaldb.suse.de/reviews/details/491909).
report.md
6.0 KiB
rfrohl commented 2025-12-01 10:52:54 +01:00
First-time contributor
Copy Link

@maintenance-release-review: approve
merge ok

@maintenance-release-review: approve merge ok
maintenance-release-review approved these changes 2025-12-01 10:53:30 +01:00
maintenance-release-review left a comment
First-time contributor
Copy Link

rfrohl approved a review on behalf of maintenance-release-review

rfrohl approved a review on behalf of maintenance-release-review
oertel commented 2025-12-01 18:22:35 +01:00
First-time contributor
Copy Link

@opensuse-review : approve

LGTM

@opensuse-review : approve LGTM
oertel commented 2025-12-01 18:22:36 +01:00
First-time contributor
Copy Link

merge ok

merge ok
opensuse-review approved these changes 2025-12-01 18:25:36 +01:00
opensuse-review left a comment
Member
Copy Link

oertel approved a review on behalf of opensuse-review

oertel approved a review on behalf of opensuse-review
legaldb commented 2025-12-03 11:04:28 +01:00
Member
Copy Link

Legal reviewed by dec16180 as acceptable_by_lawyer:

Reviewed ok
Legal reviewed by *dec16180* as [acceptable_by_lawyer](https://legaldb.suse.de/reviews/details/491909): ``` Reviewed ok ```
report.md
6.0 KiB
legaldb approved these changes 2025-12-03 11:04:28 +01:00
msmeissn commented 2025-12-03 14:36:44 +01:00
First-time contributor
Copy Link

[ 13s] + go build -o hauler -mod=vendor -buildmode=pie -trimpath -ldflags '-s -w -X github.com/rancherfederal/hauler/internal/version.gitVersion=1.3.1 -X github.com/rancherfederal/hauler/internal/version.gitCommit=5edc8802eec20adc7d0b75847f77446d6f531012 -X github.com/rancherfederal/hauler/internal/version.gitTreeState=clean' cmd/hauler/main.go
[ 13s] go: go.mod requires go >= 1.25.3 (running go 1.25.0; GOTOOLCHAIN=local)
[ 13s] error: Bad exit status from /var/tmp/rpm-tmp.wBQsj4 (%build)

did not build.

go1.25 is too old currently in SLFO 1.2 ... I emailed the maintainer already.

[ 13s] + go build -o hauler -mod=vendor -buildmode=pie -trimpath -ldflags '-s -w -X github.com/rancherfederal/hauler/internal/version.gitVersion=1.3.1 -X github.com/rancherfederal/hauler/internal/version.gitCommit=5edc8802eec20adc7d0b75847f77446d6f531012 -X github.com/rancherfederal/hauler/internal/version.gitTreeState=clean' cmd/hauler/main.go [ 13s] go: go.mod requires go >= 1.25.3 (running go 1.25.0; GOTOOLCHAIN=local) [ 13s] error: Bad exit status from /var/tmp/rpm-tmp.wBQsj4 (%build) did not build. go1.25 is too old currently in SLFO 1.2 ... I emailed the maintainer already.
dirkmueller commented 2025-12-10 10:19:32 +01:00
Author
Owner
Copy Link

We do need the newer go 1.25.x version in the codestream, as it includes security fixes in the stdlib that are relevant. I prefer to not workaround this with a local patch to hauler.

We do need the newer go 1.25.x version in the codestream, as it includes security fixes in the stdlib that are relevant. I prefer to not workaround this with a local patch to hauler.
dimstar_suse manually merged commit 4061841edd into leap-16.0 2025-12-12 14:10:55 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
maintenance-release-review
opensuse-review
legaldb
Labels
Clear labels
legaldb
Critical Priority
Critical legaldb priority
Archived
legaldb
High Priority
2
High legaldb priority
legaldb
Normal Priority
1
Normal legaldb priority
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super adrianSuSE autobuild-owner autobuild-review autogits_workflow_pr_bot bigironman dirkmueller eroca factory_bot gitea_test legaldb lkocman-factory maxlin_factory opensuse-review packagehub-review smithfarm
No Assignees
7 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: pool/hauler#2
Delete Branch "dirkmueller/hauler:leap-16.0"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?