head 1.26; access; symbols pkgsrc-2026Q2:1.26.0.2 pkgsrc-2026Q2-base:1.26 pkgsrc-2026Q1:1.23.0.2 pkgsrc-2026Q1-base:1.23 pkgsrc-2025Q4:1.19.0.2 pkgsrc-2025Q4-base:1.19 pkgsrc-2025Q3:1.16.0.2 pkgsrc-2025Q3-base:1.16 pkgsrc-2025Q2:1.13.0.2 pkgsrc-2025Q2-base:1.13 pkgsrc-2025Q1:1.11.0.2 pkgsrc-2025Q1-base:1.11 pkgsrc-2024Q4:1.9.0.4 pkgsrc-2024Q4-base:1.9 pkgsrc-2024Q3:1.9.0.2 pkgsrc-2024Q3-base:1.9 pkgsrc-2024Q2:1.6.0.2 pkgsrc-2024Q2-base:1.6 pkgsrc-2024Q1:1.3.0.2 pkgsrc-2024Q1-base:1.3; locks; strict; comment @# @; 1.26 date 2026.06.05.10.21.49; author bsiegert; state Exp; branches; next 1.25; commitid jt8yVpLxXvatZAIG; 1.25 date 2026.05.07.18.50.05; author bsiegert; state Exp; branches; next 1.24; commitid MMrI2EXGAt3HJUEG; 1.24 date 2026.04.08.05.45.07; author bsiegert; state Exp; branches; next 1.23; commitid FFJx9trbRMg7k7BG; 1.23 date 2026.03.06.21.08.01; author bsiegert; state Exp; branches 1.23.2.1; next 1.22; commitid AQtIeR1eh5qvuXwG; 1.22 date 2026.02.24.08.45.36; author bsiegert; state Exp; branches; next 1.21; commitid IrpU9bGVDwSIHBvG; 1.21 date 2026.01.25.11.50.56; author leot; state Exp; branches; next 1.20; commitid nnNlewJ7YTofHLrG; 1.20 date 2026.01.15.19.54.53; author bsiegert; state Exp; branches; next 1.19; commitid Zuo9UmMrkrU4HwqG; 1.19 date 2025.12.02.19.25.19; author bsiegert; state Exp; branches; next 1.18; commitid 269raRGxaHJBWRkG; 1.18 date 2025.10.16.17.59.59; author bsiegert; state Exp; branches; next 1.17; commitid RAGpkHmyeYCUYOeG; 1.17 date 2025.10.08.06.54.35; author bsiegert; state Exp; branches; next 1.16; commitid 5p46uH9RJXSFyJdG; 1.16 date 2025.09.14.13.19.59; author leot; state Exp; branches; next 1.15; commitid kFjgviUGASdQsGaG; 1.15 date 2025.09.06.13.17.09; author bsiegert; state Exp; branches; next 1.14; commitid cojusOdnRBFGHE9G; 1.14 date 2025.08.31.10.02.58; author bsiegert; state Exp; branches; next 1.13; commitid SdH7Ppgppxg5PR8G; 1.13 date 2025.06.06.14.01.37; author bsiegert; state Exp; branches; next 1.12; commitid JbNcx43ItkrmUPXF; 1.12 date 2025.04.05.18.51.26; author bsiegert; state Exp; branches; next 1.11; commitid 5KX0APffNjdlvTPF; 1.11 date 2025.03.07.20.54.28; author bsiegert; state Exp; branches 1.11.2.1; next 1.10; commitid rfTPfnLphAPl7bMF; 1.10 date 2025.01.19.18.21.06; author leot; state Exp; branches; next 1.9; commitid tfhx699mP9woM7GF; 1.9 date 2024.09.06.18.48.56; author bsiegert; state Exp; branches; next 1.8; commitid sM1YPLxu37gUgMoF; 1.8 date 2024.08.11.15.57.09; author bsiegert; state Exp; branches; next 1.7; commitid Q02ZqKpOSdvP9qlF; 1.7 date 2024.07.03.06.59.31; author bsiegert; state Exp; branches; next 1.6; commitid clKUvbmZS6C5rmgF; 1.6 date 2024.06.13.13.47.08; author bsiegert; state Exp; branches; next 1.5; commitid JAoDOmAvI7TNkPdF; 1.5 date 2024.06.01.14.03.00; author bsiegert; state Exp; branches; next 1.4; commitid ffwNZJIDPPV5OhcF; 1.4 date 2024.04.05.19.14.08; author bsiegert; state Exp; branches; next 1.3; commitid eg3d1kDRSryvmZ4F; 1.3 date 2024.02.07.14.50.58; author bsiegert; state Exp; branches; next 1.2; commitid 7gDVHFycBNsGLvXE; 1.2 date 2024.01.10.19.14.38; author bsiegert; state Exp; branches; next 1.1; commitid UV9PAPQbNGpZ7WTE; 1.1 date 2024.01.02.21.00.20; author leot; state Exp; branches; next ; commitid DV0TbaxAwhjpYUSE; 1.23.2.1 date 2026.04.22.14.32.13; author maya; state Exp; branches; next ; commitid iDHLLUhOplH6NXCG; 1.11.2.1 date 2025.04.05.20.45.11; author maya; state Exp; branches; next ; commitid ts1uPa8RLrwE7UPF; desc @@ 1.26 log @Revbump all Go packages after go126 security update @ text @# $NetBSD: Makefile,v 1.25 2026/05/07 18:50:05 bsiegert Exp $ DISTNAME= sops-3.11.0 PKGREVISION= 5 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_GITHUB:=getsops/} GITHUB_TAG= v${PKGVERSION_NOREV} MAINTAINER= leot@@NetBSD.org HOMEPAGE= https://getsops.io/ COMMENT= Simple and flexible tool for managing secrets LICENSE= mpl-2.0 GO_BUILD_PATTERN+= ./cmd/sops .include "go-modules.mk" .include "../../lang/go/go-module.mk" .include "../../mk/bsd.pkg.mk" @ 1.25 log @Revbump all Go packages after go126 security update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2026/04/08 05:45:07 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.24 log @Revbump all Go packages after security update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2026/03/06 21:08:01 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.23 log @Revbump all Go packages after go126 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2026/02/24 08:45:36 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.23.2.1 log @Revbump all Go packages after go126 security fix @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2026/03/06 21:08:01 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.22 log @Revbump all Go packages after default version bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2026/01/25 11:50:56 leot Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.21 log @sops: Update to 3.11.0 Changes: v3.11.0 * Update dependencies * Add "--value-file" option to "sops set [...]" * Ensure temporary file for editing is only read-writable by owner * Add `--value-stdin` option to `sops set` * Collect age identity loading errors and only report if decryption failed * Allow to configure --enable-local-keyservice and --keyservice through env variables @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2026/01/15 19:54:53 bsiegert Exp $ d4 1 @ 1.20 log @Revbump all Go packages after go125 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2025/12/02 19:25:19 bsiegert Exp $ d3 1 a3 2 DISTNAME= sops-3.10.2 PKGREVISION= 4 @ 1.19 log @Revbump all Go packages after go125 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2025/10/16 17:59:59 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.18 log @Revbump all Go packages after go125 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2025/10/08 06:54:35 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.17 log @Revbump all Go packages after go125 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2025/09/14 13:19:59 leot Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.16 log @sops: Update to 3.10.2 Changes: ## 3.10.2 Bugfixes: * Remove reserved keyword check from YAML store, which hid a better check Improvements: * Dependency updates * Use latest 1.24 Go version for release build ## 3.10.1 This is a re-release of 3.10.0 with no code changes. ## 3.10.0 Security fixes: * Cherry-pick a fix for a timing vulnerability in the Shamir Secret Sharing code. The code was vendored from HashiCorp's Vault project, and the issue was fixed there two years ago; see GHSA-vq4h-9ghm-qmrr for details Features: * Add `--input-type` option for `sops filestatus` subcommand * Allow to set the editor `sops` should use with the `SOPS_EDITOR` environment variable. If not set, `sops` falls back to `EDITOR` as before. * Allow users to disable the latest version check with the environment variable `SOPS_DISABLE_VERSION_CHECK`. Setting it to `1`, `t`, `T`, `TRUE`, `true`, or `True` explicitly disables the check * Allow users to explicitly enable the latest version check with the `--check-for-updates` option. * Add duplicate section support for INI store * Add check to prevent duplicate keys in YAML files * Add `--same-process` option for the `sops exec-env` to use the `execve` syscall instead of starting the command in a child process * Add `--idempotent` option for the `sops set` subcommand that will only write the file if a change happened * Encrypt and decrypt `time.Time` objects that can appear in YAML files when using dates and timestamps * Allow to encrypt and decrypt from `stdin` without having to provide platform-specific device names. This only works when using the `sops encrypt` and `sops decrypt` subcommands * Allow to set the SOPS config location with the environment variable `SOPS_CONFIG` * Support the `--config` option in the `sops publish` subcommand * Omit empty master key metadata from encrypted files * Add SSH support for Age * Support Age identities with passphrases * Add Age plugin support * Allow to set the `SOPS_AGE_KEY_CMD` environment variable to an executable that returns Age keys * Add support for `oauth2.TokenSource` injection from key service clients in GCP KMS * Support `GOOGLE_OAUTH_ACCESS_TOKEN` for GCP KMS Improvements: * Dependency updates * Make sure that tests do not pick up `keys.txt` from user's `$HOME` dir * Consolidate passphrase reading functionality in Age code * Fix some problems reported by the `staticcheck` linter * Improve documentation of Shamir Secret Sharing code to ease maintenance * Make sure all files are properly formatted * `sops` now warns if it finds a `.sops.yml` file while searching for a `.sops.yaml` config file Bugfixes: * Add trailing newline at the end of JSON files * Check GnuPG decryption result for non-empty size. Certain older versions return an empty result with a successful return code when a AEAD cipher from a newer version was used * Fix caching of `Metadata.DataKey` * If `--filename-override` is specified, convert it to an absolute path same as regular filenames Deprecations: * The current behavior that `sops --version` always checks whether the current version is the latest is deprecated and will no longer be the default eventually. It is best to right now always specify `--disable-version-check` or `--check-for-updates` to `sops --version`, or alternatively set the environment variable `SOPS_DISABLE_VERSION_CHECK=true` to already get the planned default behavior today. ## 3.9.4 Improvements: * Dependency updates Bugfixes: * Prevent key deduplication to identify different AWS KMS keys that only differ by role, context, or profile * Update part of Azure SDK which prevented decryption in some cases @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2025/09/06 13:17:09 bsiegert Exp $ d4 1 @ 1.15 log @Revbump all Go packages after go125 security update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2025/08/31 10:02:58 bsiegert Exp $ d3 1 a3 2 DISTNAME= sops-3.9.3 PKGREVISION= 5 d9 1 a9 1 HOMEPAGE= https://github.com/getsops/sops @ 1.14 log @Revbump all Go packages after moving to go125 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2025/06/06 14:01:37 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.13 log @Revbump all Go packages after go124 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2025/04/05 18:51:26 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.12 log @Belated revbump for all Go packages after go124 update I forgot to do the revbump again, sorry for doing it so late after the update. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2025/03/07 20:54:28 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.11 log @Revbump all Go packages after go124 update I realize I forgot to do the revbump after updating the default Go version to 1.24, so let's do that now. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2025/01/19 18:21:06 leot Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.11.2.1 log @Pulup ticket #6952 - Update PKGREVISION for all Go packages. Go had a security update to one of the builtin libraries. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2025/03/07 20:54:28 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.10 log @sops: Update to 3.9.3 Changes: 3.9.3 ----- Improvements: * Dependency updates * Add ``persist-credentials: false`` to checkouts in GitHub workflows Bugfixes: * GnuPG: do not incorrectly trim fingerprint in presence of exclamation marks for specific subkey selection 3.9.2 ----- Improvements: * Dependency updates * Update compiled Protobuf definitions * Remove unused variables and simplify conditional Bugfixes: * Handle whitespace in Azure Key Vault URLs * Correctly handle comments during JSON serialization 3.9.1 ----- Improvements: * Dependency updates * Clarify naming of the configuration file in the documentation * Build with Go 1.22 * Specify filename of missing file in error messages * ``updatekeys`` subcommand: show changes in ``shamir_threshold`` Bugfixes: * Fix the URL used for determining the latest SOPS version * ``updatekeys`` subcommand: actually use option ``--shamir-secret-sharing-threshold`` * Fix ``--config`` being ignored in subcommands by ``loadConfig`` * Allow ``edit`` subcommand to create files * Do not encrypt if a key group is empty, or there are no key groups * Do not ignore config errors when trying to parse a config file 3.9.0 ----- Features: * Add ``--mac-only-encrypted`` to compute MAC only over values which end up encrypted * Allow configuration of indentation for YAML and JSON stores * Introduce a ``--pristine`` flag to ``sops exec-env`` * Allow to pass multiple paths to ``sops updatekeys`` * Allow to override ``fileName`` with different value * Sort masterkeys according to ``--decryption-order`` * Add separate subcommands for encryption, decryption, rotating, editing, and setting values * Add ``filestatus`` command * Add command ``unset`` * Merge key for key groups and make keys unique * Support using comments to select parts to encrypt Deprecations: * Deprecate the ``--background`` option to ``exec-env`` and ``exec-file`` Improvements: * Warn/fail if the wrong number of arguments is provided * Warn if more than one command is used * Dependency updates * Build with Go 1.21 * Polish the ``sops help`` output a bit * Create a constant for the ``sops`` metadata key Bug fixes: * Respect ``aws_profile`` from keygroup config * Fix a bug where not having a config results in a panic * Consolidate Flatten/Unflatten pre/post processing * INI and DotEnv stores: ``shamir_threshold`` is an integer * Make check whether file contains invalid keys for encryption dependent on output store * Do not panic if ``updatekeys`` is used with a config that has no creation rules defined * ``exec-file``: if ``--filename`` is used, use the provided filename without random suffix * Do not use DotEnv store for ``exec-env``, but specialized environment serializing code * Decryption: do not fail if no matching ``creation_rule`` is present in config file @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2024/09/06 18:48:56 bsiegert Exp $ d4 1 @ 1.9 log @Revbump all Go packages after go122 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2024/08/11 15:57:09 bsiegert Exp $ d3 1 a3 2 DISTNAME= sops-3.8.1 PKGREVISION= 8 @ 1.8 log @Revbump all Go packages after update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2024/07/03 06:59:31 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 7 @ 1.7 log @Revbump all Go packages after go122 security update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2024/06/13 13:47:08 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 6 @ 1.6 log @Revbump all Go packages after go122 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2024/06/01 14:03:00 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 5 @ 1.5 log @Revbump all Go packages, default Go version is now 1.22. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2024/04/05 19:14:08 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 4 @ 1.4 log @Revbump all Go packages after go121 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2024/02/07 14:50:58 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 3 @ 1.3 log @Revbump all Go packages after go121 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2024/01/10 19:14:38 bsiegert Exp $ d4 1 a4 1 PKGREVISION= 2 @ 1.2 log @Revbump all Go packages after go121 update @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2024/01/02 21:00:20 leot Exp $ d4 1 a4 1 PKGREVISION= 1 @ 1.1 log @sops: Import sops-3.8.1 as security/sops sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP. Packaged in pkgsrc-wip by myself. @ text @d1 1 a1 1 # $NetBSD$ d4 1 @