community/cosign: security upgrade to 2.6.3

and enable tests
2026-05-13 16:46:27 +02:00 · 2026-04-28 06:51:24 +00:00 · 2026-04-28 06:51:24 +00:00 · 67b136e44f
commit 67b136e44f
parent 2457378b01
1 changed files with 8 additions and 5 deletions
--- a/community/cosign/APKBUILD
+++ b/community/cosign/APKBUILD
@ -1,7 +1,7 @@
 # Maintainer: Ariadne Conill <ariadne@dereferenced.org>
 pkgname=cosign
-pkgver=2.4.3
-pkgrel=12
+pkgver=2.6.3
+pkgrel=0
 pkgdesc="container signing tool with support for ephemeral keys and Sigstore signing"
 url="https://github.com/sigstore/cosign"
 arch="all"
@ -15,9 +15,12 @@ subpackages="
 	$pkgname-zsh-completion
 	"
 source="https://github.com/sigstore/cosign/archive/v$pkgver/cosign-$pkgver.tar.gz"
-options="chmod-clean !check"
+options="chmod-clean"

 # secfixes:
+#   2.6.3-r0:
+#     - CVE-2026-22703
+#     - CVE-2026-39395
 #   2.2.1-r0:
 #     - CVE-2023-46737
 #   1.12.1-r0:
@ -44,7 +47,7 @@ build() {
 }

 check() {
-	make test
+	go test -v ./...
 }

 package() {
@ -56,5 +59,5 @@ package() {
 }

 sha512sums="
-31de560aca588aebd2180118b8150bbff82c94ce28146e03ea5414b1ae6fb1342d091980b33d8911702eddbf0a544ebad225459cbb6b56e0e71f5b714879e690  cosign-2.4.3.tar.gz
+006ba9eea8a92a63100c590ccae0ffc587c6a34f31a35a68812d248e076aa5e706c679ddbb2af8714996f92ba3c9b4b144d9d8032a021e2ece2b49352cb94fdd  cosign-2.6.3.tar.gz
 "