Accepting request 1142127 from home:dirkmueller:Factory

- update to 1.3.4:
  * add mysql indexstorage backend
  * add s3 storage for attestations
  * fix: Do not check for pubsub.topics.get on initialization
  * fix optional field in cose schema
  * Update ranges.go
  * update indexstorage interface to reduce roundtrips
  * use a single validator library in rekor-cli
  * Remove go-playground/validator dependency from pkg/pki

OBS-URL: https://build.opensuse.org/request/show/1142127
OBS-URL: https://build.opensuse.org/package/show/security/rekor?expand=0&rev=39
This commit is contained in:
Wolfgang Frisch 2024-01-29 11:09:57 +00:00 committed by Git OBS Bridge
parent 4c93cf3ca5
commit 3dc243eed6
7 changed files with 31 additions and 13 deletions

5
_service Normal file
View File

@ -0,0 +1,5 @@
<services>
<service name="go_modules" mode="manual">
<param name="compression">zst</param>
</service>
</services>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2e4e75fcae81ef85e6e3c20e00a9b590bfa86c0706a6c902024222cd61b64c47
size 890347

3
rekor-1.3.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:08e220b6fbc473ecd3561e88c4fde2ca259f9daa895a17bed1f458c33c33a2b9
size 851698

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Sun Jan 28 18:45:08 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 1.3.4:
* add mysql indexstorage backend
* add s3 storage for attestations
* fix: Do not check for pubsub.topics.get on initialization
* fix optional field in cose schema
* Update ranges.go
* update indexstorage interface to reduce roundtrips
* use a single validator library in rekor-cli
* Remove go-playground/validator dependency from pkg/pki
-------------------------------------------------------------------
Fri Nov 24 16:03:38 UTC 2023 - Marcus Meissner <meissner@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package rekor
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -19,18 +19,18 @@
%define apps cli server
Name: rekor
Version: 1.3.3
Version: 1.3.4
Release: 0
%define revision 2ea1ef00f03b493ace47b1f26a8bfd4ab3b17fe9
%define revision 5072901241fc6370a78457219e7aa2da490f399f
Summary: Supply Chain Transparency Log
License: Apache-2.0
URL: https://github.com/sigstore/rekor
Source: https://github.com/sigstore/rekor/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: vendor.tar.xz
Source1: vendor.tar.zst
Source2: rekor-zypper-verify.sh
BuildRequires: golang-packaging
BuildRequires: zstd
BuildRequires: golang(API)
%{go_nostrip}
%description
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
@ -46,9 +46,9 @@ Rekor fulfils the signature transparency role of sigstore's software signing inf
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
for app in %{apps} ; do
CLI_PKG=github.com/sigstore/rekor/cmd/rekor-${app}/app
CLI_PKG=sigs.k8s.io/release-utils/version
CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}"
go build -mod=vendor -buildmode=pie -ldflags "${CLI_LDFLAGS}" ./cmd/rekor-${app}
go build -mod=vendor -trimpath -buildmode=pie -ldflags "${CLI_LDFLAGS}" ./cmd/rekor-${app}
./rekor-${app} version
done

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:891b340a8b408986cc2700606aa511015c62b5f56da828365a022f7e6067d3a2
size 6234840

3
vendor.tar.zst Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:88a539d9a7d1fb1a3c6a869a91049cce1831d25aaa78a508d7464bf9cf6e297a
size 5956954