Request 1006386: Submit cosign - openSUSE Build Service

Overview

Request 1006386 accepted

- update to 1.12.1:
* fix: Pulls Fulcio root and intermediate when --certificate-chain is not
passed into verify-blob command. The v1.12.0 release introduced a
regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would
check a --certificate (without a --certificate-chain provided) against the
operating system root CA bundle. In this release, Cosign checks the
certificate against Fulcio's CA root instead (restoring the earlier
behavior).
* fix: fix cert chain validation for verify-blob in non-experimental mode
* fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba
* Fix BYO-root with intermediate to fetch intermediates from annotation
* fix: fixing breaking changes in rekor v1.12.0 upgrade
- use go-modules service to generate the vendor.tar and use zstd (forwarded request 1006385 from dirkmueller)

Created by msmeissn over 1 year ago
In state accepted

Submit cosign

Comments for request 1006386 0

Login required, please login in order to comment

Request History

msmeissn created request over 1 year ago

- update to 1.12.1:
* fix: Pulls Fulcio root and intermediate when --certificate-chain is not
passed into verify-blob command. The v1.12.0 release introduced a
regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would
check a --certificate (without a --certificate-chain provided) against the
operating system root CA bundle. In this release, Cosign checks the
certificate against Fulcio's CA root instead (restoring the earlier
behavior).
* fix: fix cert chain validation for verify-blob in non-experimental mode
* fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba
* Fix BYO-root with intermediate to fetch intermediates from annotation
* fix: fixing breaking changes in rekor v1.12.0 upgrade
- use go-modules service to generate the vendor.tar and use zstd (forwarded request 1006385 from dirkmueller)

factory-auto added opensuse-review-team as a reviewer over 1 year ago

Please review sources

factory-auto accepted review over 1 year ago

Check script succeeded

licensedigger accepted review over 1 year ago

ok

staging-bot added as a reviewer over 1 year ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:46"

staging-bot accepted review over 1 year ago

Picked "openSUSE:Factory:Staging:adi:46"

RBrownSUSE accepted review over 1 year ago

RBrownFactory accepted review over 1 year ago

Staging Project openSUSE:Factory:Staging:adi:46 got accepted.

RBrownFactory approved review over 1 year ago

Staging Project openSUSE:Factory:Staging:adi:46 got accepted.

RBrownFactory accepted request over 1 year ago

Staging Project openSUSE:Factory:Staging:adi:46 got accepted.

openSUSE Build Service is sponsored by