------------------------------------------------------------------- Mon Dec 29 09:44:54 UTC 2025 - Dirk Müller - Update to version 1.3.2: * bump to latest cosign fork release (#481) * Bump golang.org/x/crypto in the go_modules group across 1 directory (#476) ------------------------------------------------------------------- Mon Nov 10 15:08:12 UTC 2025 - Dirk Müller - Update to version 1.3.1 (bsc#1251516, CVE-2025-47911, bsc#1251891, CVE-2025-11579, bsc#1251651, CVE-2025-58190, bsc#1248937, CVE-2025-58058): * bump github.com/containerd/containerd (#474) * another fix to tests for new tests (#472) * fixed typo in testdata (#471) * fixed/cleaned new tests (#470) * trying a new way for hauler testing (#467) * update for cosign v3 verify (#469) * added digests view to info (#465) * bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 in the go_modules group across 1 directory (#457) * update oras-go to v1.2.7 for security patches (#464) * update cosign to v3.0.2+hauler.1 (#463) * fixed homebrew directory deprecation (#462) * add registry logout command (#460) ------------------------------------------------------------------- Mon Oct 27 08:34:44 UTC 2025 - Dirk Müller - Update to version 1.3.0: * bump the go_modules group across 1 directory with 2 updates (#455) * upgraded versions/dependencies/deprecations (#454) * allow loading of docker tarballs (#452) * bump the go_modules group across 1 directory with 2 updates (#449) ------------------------------------------------------------------- Mon Jul 21 12:28:01 UTC 2025 - Dirk Müller - update to 1.2.5 (bsc#1246722, CVE-2025-46569): * Bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in the go_modules group across 1 directory (CVE-2025-46569) * deprecate auth from hauler store copy * Bump github.com/cloudflare/circl from 1.3.7 to 1.6.1 in the go_modules group across 1 directory * Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group across 1 directory * upgraded go and dependencies versions ------------------------------------------------------------------- Mon Jul 21 12:23:59 UTC 2025 - Dirk Müller - Update to version 1.2.5: * upgraded go and dependencies versions (#444) * Bump github.com/go-viper/mapstructure/v2 (#442) * bump github.com/cloudflare/circl (#441) * deprecate auth from hauler store copy (#440) * Bump github.com/open-policy-agent/opa (#438) ------------------------------------------------------------------- Thu May 1 16:34:57 UTC 2025 - Dirk Müller - update to 1.2.4 (CVE-2025-22872, bsc#1241804): * Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group across 1 directory * minor tests updates ------------------------------------------------------------------- Mon Apr 28 09:58:05 UTC 2025 - Dirk Müller - Update to version 1.2.3: * formatting and flag text updates * add keyless signature verification (#434) * bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430) * add --only flag to hauler store copy (for images) (#429) * fix tlog verification error/warning output (#428) ------------------------------------------------------------------- Tue Apr 15 08:10:25 UTC 2025 - dmueller@suse.com - Update to version 1.2.2 (bsc#1241184, CVE-2024-0406): * cleanup new tlog flag typos and add shorthand (#426) * default public transparency log verification to false to be airgap friendly but allow override (#425) * bump github.com/golang-jwt/jwt/v4 (#423) * bump the go_modules group across 1 directory with 2 updates (#422) * bump github.com/go-jose/go-jose/v3 (#417) * bump github.com/go-jose/go-jose/v4 (#415) * clear default manifest name if product flag used with sync (#412) * updates for v1.2.0 (#408) * fixed remote code (#407) * added remote file fetch to load (#406) * added remote and multiple file fetch to sync (#405) * updated save flag and related logs (#404) * updated load flag and related logs [breaking change] (#403) * updated sync flag and related logs [breaking change] (#402) * upgraded api update to v1/updated dependencies (#400) * fixed consts for oci declarations (#398) * fix for correctly grabbing platform post cosign 2.4 updates (#393) * use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390) * Bump the go_modules group across 1 directory with 2 updates (#385) * replace mholt/archiver with mholt/archives (#384) * forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383) * cleaned up registry and improved logging (#378) * Bump golang.org/x/crypto in the go_modules group across 1 directory (#377) - drop 0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch (upstream) ------------------------------------------------------------------- Wed Jan 29 10:25:57 UTC 2025 - Dirk Müller - add 0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch to bump net/html dependencies (bsc#1235332, CVE-2024-45338) ------------------------------------------------------------------- Mon Jan 27 19:30:58 UTC 2025 - dmueller@suse.com - Update to version 1.1.1: * fixed cli desc for store env var (#374) * updated versions for go/k8s/helm (#373) * updated version flag to internal/flags (#369) * renamed incorrectly named consts (#371) * added store env var (#370) * adding ignore errors and retries for continue on error/fail on error (#368) * updated/fixed hauler directory (#354) * standardize consts (#353) * removed cachedir code (#355) * removed k3s code (#352) * updated dependencies for go, helm, and k8s (#351) * [feature] build with boring crypto where available (#344) * updated workflow to goreleaser builds (#341) * added timeout to goreleaser workflow (#340) * trying new workflow build processes (#337) * improved workflow performance (#336) * have extract use proper ref (#335) * yet another workflow goreleaser fix (#334) * even more workflow fixes (#333) * added more fixes to github workflow (#332) * fixed typo in hauler store save (#331) * updates to fix build processes (#330) * added integration tests for non hauler tarballs (#325) * bump: golang >= 1.23.1 (#328) * add platform flag to store save (#329) * Update feature_request.md * updated/standardize command descriptions (#313) * use new annotation for 'store save' manifest.json (#324) * enable docker load for hauler tarballs (#320) * bump to cosign v2.2.3-carbide.3 for new annotation (#322) * continue on error when adding images to store (#317) * Update README.md (#318) * fixed completion commands (#312) * github.com/rancherfederal/hauler => hauler.dev/go/hauler (#311) * pages: enable go install hauler.dev/go/hauler (#310) * Create CNAME * pages: initial workflow (#309) * testing and linting updates (#305) * feat-273: TLS Flags (#303) * added list-repos flag (#298) * fixed hauler login typo (#299) * updated cobra function for shell completion (#304) * updated install.sh to remove github api (#293) * fix image ref keys getting squashed when containing sigs/atts (#291) * fix missing versin info in release build (#283) * bump github.com/docker/docker in the go_modules group across 1 directory (#281) * updated install script (`install.sh`) (#280) * fix digest images being lost on load of hauls (Signed). (#259) * feat: add readonly flag (#277) * fixed makefile for goreleaser v2 changes (#278) * updated goreleaser versioning defaults (#279) * update feature_request.md (#274) * updated old references * updated actions workflow user * added dockerhub to github actions workflow * removed helm chart * added debug container and workflow * updated products flag description * updated chart for release * fixed workflow errors/warnings * fixed permissions on testdata * updated chart versions (will need to update again) * last bit of fixes to workflow * updated unit test workflow * updated goreleaser deprecations * added helm chart release job * updated github template names * updated imports (and go fmt) * formatted gitignore to match dockerignore * formatted all code (go fmt) * updated chart tests for new features * Adding the timeout flag for fileserver command * Configure chart commands to use helm clients for OCI and private registry support * Added some documentation text to sync command * Bump golang.org/x/net from 0.17.0 to 0.23.0 * fix for dup digest smashing in cosign * removed vagrant scripts * last bit of updates and formatting of chart * updated hauler testdata * adding functionality and cleaning up * added initial helm chart * removed tag in release workflow * updated/fixed image ref in release workflow * updated/fixed platforms in release workflow * updated/cleaned github actions (#222) * Make Product Registry configurable (#194) * updated fileserver directory name (#219) * fix logging for files * add extra info for the tempdir override flag * tempdir override flag for load * deprecate the cache flag instead of remove * switch to using bci-golang as builder image * fix: ensure /tmp for hauler store load * added the copy back for now * remove copy at the image sync not needed with cosign update * removed misleading cache flag * better logging when adding to store * update to v2.2.3 of our cosign fork * add: dockerignore * add: Dockerfile * Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * Bump github.com/docker/docker * updated and added new logos * updated github files ------------------------------------------------------------------- Tue Apr 2 14:55:42 UTC 2024 - Dirk Müller - update to 1.0.1: * Fix --name option in "store add file" command * Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 * Exit with status code 1 if cosign is not configured * fix exit code on error @amartin120 * add registry flag to cli for sync @amartin120 - update to 1.0.0: * adding graphics @bgulla * updated readme and removed roadmap @zackbradys * updated/cleaned up install.sh @zackbradys * remove deprecated commands @amartin120 * Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 * bug-fix: handle complex file names @amartin120 * add login command @amartin120 * update to add size totals and cosign bits to the info - update to 0.4.4: * add annotations for registry @amartin120 * add annotations for key and platform @amartin120 * Flags passed from the CLI have a global effect on any image UNLESS it has a (key/platform) specified on the individual image. Individual image key/platform takes precedence. * If you have `hauler.dev/key` and/or `hauler.dev/platform` at the annotation level, it would work just like the CLI flag and globally apply for everything except individual images specifying otherwise. Just like above. * If you just so happen to provide both an annotation AND the CLI flag for the same thing, the CLI flag wins. * As for the `hauler.dev/registry` annotation, it will apply globally unless the provided image reference already has a registry specified in its name. - update to 0.4.3: * dep bumps for security vuln fixes @amartin120 * check tag to determine pre-release @amartin120 * Update install.sh for file cleaning @clemenko * add platform flag for image add and sync @amartin120 * bump cosign version to v2.2.2+carbide.2 @amartin120 * improve cosign setup @amartin120 * updated archive default name @zackbradys * add license file @amartin120 * adjust to make registry and fileserver subcommands * add fileserver option for `store serve` @amartin120 ------------------------------------------------------------------- Tue Apr 02 13:41:54 UTC 2024 - dmueller@suse.com - Update to version 1.0.1: * Fix --name option in "store add file" command * Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 * Exit with status code 1 if cosign is not configured * reverting changes for logos (#189) * adding graphics * fix exit code on error * add registry flag to cli for sync * updated readme and removed roadmap * updated/cleaned up install.sh * remove deprecated commands * Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 * bug-fix: handle complex file names * add login command * update to add size totals and cosign bits to the info command * switch the 'apply the registry override first in a image sync * switch the 'not a multi-arch image' log message to be debug * fix whitspace issue * add better logging for save * add annotations for registry * add annotations for key and platform * dep bumps for security vuln fixes * check tag to determine pre-release * Update install.sh * Update install.sh for file cleaning * clean up makefile * remove extra debug statement * another fix for the unit test gh action * add platform flag for image add and sync * adjust unit test gh action for latest updates * bump cosign version to v2.2.2+carbide.2 * improve cosign setup * updated archive default name * add license file * adjust to make registry and fileserver subcommands * add fileserver option for `store serve` * added homebrew install instructions * updated hauler version and automated default version ------------------------------------------------------------------- Mon Jan 22 12:19:32 UTC 2024 - Dirk Müller - Initial package (0.4.2)