commit
eb699f6600
GPG Key ID:
D87CBBC16D2E4A72
@ -0,0 +1,2 @@
|
||||
SOURCES/trivy-0.50.4.tar.gz
|
||||
SOURCES/trivy-0.50.4-vendor.tar.xz
|
||||
@ -0,0 +1,2 @@
|
||||
37c90203b5048102d860d6a9a9a7794d9e21bd27 SOURCES/trivy-0.50.4.tar.gz
|
||||
8716f5d1e2bbb8c00fdbca1d041a440863c23b87 SOURCES/trivy-0.50.4-vendor.tar.xz
|
||||
@ -0,0 +1,106 @@
|
||||
[archive]
|
||||
use_module_proxy = true
|
||||
pre_commands = [
|
||||
# Change to a different sqlite3 backend without generated content and
|
||||
# questionable licensing
|
||||
# https://github.com/aquasecurity/trivy/discussions/6449
|
||||
[
|
||||
"sh", "-exc",
|
||||
"""
|
||||
sed -i 's|_ "modernc.org/sqlite"|_ "github.com/mattn/go-sqlite3"|' \
|
||||
$(grep -rl '_ "modernc.org/sqlite"' pkg/ cmd/ integration/)
|
||||
|
||||
""",
|
||||
],
|
||||
["sed", "-i", "/modernc.org/d", "go.mod"],
|
||||
["go", "get", "-u", "github.com/mattn/go-sqlite3"],
|
||||
]
|
||||
post_commands = [
|
||||
# Copy missing license files that go mod vendor doesn't include
|
||||
["mkdir", "-p", "vendor/github.com/csaf-poc/csaf_distribution/v3/LICENSES"],
|
||||
[
|
||||
"wget", "-q",
|
||||
"https://github.com/csaf-poc/csaf_distribution/raw/v3.0.0/LICENSES/MIT.txt",
|
||||
"-O", "vendor/github.com/csaf-poc/csaf_distribution/v3/LICENSES/MIT.txt"
|
||||
],
|
||||
[
|
||||
"wget", "-q",
|
||||
"https://github.com/csaf-poc/csaf_distribution/raw/v3.0.0/LICENSES/LicenseRef-Go119-BSD-Patentgrant.txt",
|
||||
"-O", "vendor/github.com/csaf-poc/csaf_distribution/v3/LICENSES/BSD-3-Clause.txt"
|
||||
],
|
||||
[
|
||||
"cp",
|
||||
"vendor/github.com/hashicorp/golang-lru/v2/LICENSE",
|
||||
"vendor/github.com/hashicorp/golang-lru/LICENSE"
|
||||
],
|
||||
|
||||
[
|
||||
"sh", "-c",
|
||||
"""
|
||||
# Ensure modernc is properly removed
|
||||
! grep 'modernc.org' go.mod
|
||||
# Remove bundled sqlite
|
||||
rm -v \
|
||||
vendor/github.com/mattn/go-sqlite3/sqlite3-binding.* \
|
||||
vendor/github.com/mattn/go-sqlite3/sqlite3ext.h
|
||||
""",
|
||||
],
|
||||
]
|
||||
|
||||
|
||||
[licensing]
|
||||
exclude_directories = [
|
||||
"pkg/licensing/testdata",
|
||||
"pkg/fanal/analyzer/language/golang/mod/testdata",
|
||||
"pkg/fanal/analyzer/language/python/packaging/testdata/",
|
||||
"pkg/fanal/analyzer/licensing/testdata/",
|
||||
"vendor/github.com/google/licenseclassifier/v2/assets",
|
||||
|
||||
]
|
||||
exclude_files = [
|
||||
"vendor/cloud.google.com/go/internal/version/update_version.sh",
|
||||
"vendor/cloud.google.com/go/storage/emulator_test.sh",
|
||||
"vendor/github.com/go-git/go-git/v5/oss-fuzz.sh",
|
||||
"vendor/go.opentelemetry.io/otel/get_main_pkgs.sh",
|
||||
"vendor/go.opentelemetry.io/otel/verify_examples.sh",
|
||||
"vendor/google.golang.org/grpc/regenerate.sh",
|
||||
"vendor/k8s.io/kubectl/pkg/util/i18n/translations/extract.py",
|
||||
]
|
||||
backend = "trivy"
|
||||
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/google/shlex/COPYING"
|
||||
sha256sum = "cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30"
|
||||
expression = "Apache-2.0"
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/spdx/tools-golang/LICENSE.code"
|
||||
sha256sum = "e914fb1f3927226e04b0438e0b541b3c6e3c65de4d64aa8f5cdaa803f05448fd"
|
||||
expression = "Apache-2.0 OR GPL-2.0-or-later"
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/go-errors/errors/LICENSE.MIT"
|
||||
sha256sum = "4c1b2259f160d975ec6594b602be5db4e6c0c06afe312ca3cd7cff91b75c7c26"
|
||||
expression = "MIT"
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/alecthomas/chroma/COPYING"
|
||||
sha256sum = "e7bf754e7153012a3a8ff697d21acd6c12e590d6a55f2aef8ee83616aa9a795f"
|
||||
expression = "MIT"
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/BurntSushi/toml/COPYING"
|
||||
sha256sum = "d21cb1c60785d6d3a84a7059323ccafc45c645b1bbda281c76a62d66ad2d7dc3"
|
||||
expression = "MIT"
|
||||
[[licensing.licenses]]
|
||||
path = "pkg/iac/scanners/helm/test/mysql/README.md"
|
||||
sha256sum = "745fadb84a68937b060856d30dca16516a731d5685e03271ee6fa124295054b0"
|
||||
expression = "Apache-2.0"
|
||||
[[licensing.licenses]]
|
||||
path = "pkg/iac/scanners/helm/test/mysql/charts/common/README.md"
|
||||
sha256sum = "62b77785b81344c7108495e6d0f29fa1b6e0d4078b88284d85f3113ab84a48f1"
|
||||
expression = "Apache-2.0"
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/rcrowley/go-metrics/LICENSE"
|
||||
sha256sum = "d2571186acad91c8a3121fb31f1aa5963e82ccd08608d00cef3eb3f3a6c8ad38"
|
||||
expression = "BSD-2-Clause-Views"
|
||||
[[licensing.licenses]]
|
||||
path = "vendor/github.com/alecthomas/chroma/formatters/svg/font_liberation_mono.go"
|
||||
sha256sum = "62b52a13f5eaa92c7ec5cecbdb9fc17871ad98095668967938ffe3ae4ee96a2c"
|
||||
expression = "OFL-1.1-RFN"
|
||||
@ -0,0 +1,129 @@
|
||||
## START: Set by rpmautospec
|
||||
## (rpmautospec version 0.6.3)
|
||||
## RPMAUTOSPEC: autorelease, autochangelog
|
||||
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
|
||||
release_number = 1;
|
||||
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
|
||||
print(release_number + base_release_number - 1);
|
||||
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
|
||||
## END: Set by rpmautospec
|
||||
|
||||
# Generated by go2rpm 1.10.0
|
||||
%bcond_without check
|
||||
|
||||
# https://github.com/aquasecurity/trivy
|
||||
%global goipath github.com/aquasecurity/trivy
|
||||
Version: 0.50.4
|
||||
|
||||
%gometa -L
|
||||
|
||||
%global common_description %{expand:
|
||||
Find vulnerabilities, misconfigurations, secrets, SBOM in containers,
|
||||
Kubernetes, code repositories, clouds and more.}
|
||||
|
||||
Name: trivy
|
||||
Release: %autorelease
|
||||
Summary: Vulnerability and license scanner
|
||||
|
||||
# Generated with go-vendor-tools
|
||||
License: Apache-2.0 AND BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause AND BSL-1.0 AND ISC AND MIT AND MPL-2.0 AND OFL-1.1-RFN AND Unicode-DFS-2016 AND Unlicense AND (Apache-2.0 OR GPL-2.0-or-later)
|
||||
URL: %{gourl}
|
||||
Source0: %{gosource}
|
||||
Source1: trivy-%{version}-vendor.tar.xz
|
||||
Source2: go-vendor-tools.toml
|
||||
|
||||
BuildRequires: go-vendor-tools
|
||||
BuildRequires: sqlite-devel
|
||||
|
||||
%description %{common_description}
|
||||
|
||||
%prep
|
||||
%goprep -A
|
||||
%setup -q -T -D -a1 %{forgesetupargs}
|
||||
%autopatch -p1
|
||||
# Keep in sync with go-vendor-tools.toml
|
||||
sed -i 's|_ "modernc.org/sqlite"|_ "github.com/mattn/go-sqlite3"|' \
|
||||
$(grep -rl '_ "modernc.org/sqlite"' pkg/ cmd/ integration/)
|
||||
|
||||
%build
|
||||
# Set the package version in the binary
|
||||
# Change go-sqlite3 driver name for compatibility with modernc sqlite
|
||||
%global our_goldflags %{shrink:
|
||||
-X=github.com/aquasecurity/trivy/pkg/version.ver=%{version}
|
||||
-X=github.com/mattn/go-sqlite3.driverName=sqlite
|
||||
}
|
||||
export GO_LDFLAGS=%{shescape:%our_goldflags}
|
||||
# Do not use the bundled sqlite
|
||||
export CGO_CFLAGS="-D USE_LIBSQLITE3=1 %{build_cflags}" CGO_LDFLAGS="-lsqlite3 %{build_ldflags}"
|
||||
# This package does not build without go modules enabled
|
||||
%global gomodulesmode GO111MODULE=on
|
||||
%gobuild -o trivy %{goipath}/cmd/trivy
|
||||
|
||||
./trivy completion bash > trivy.bash
|
||||
./trivy completion fish > trivy.fish
|
||||
./trivy completion zsh > trivy.zsh
|
||||
|
||||
%install
|
||||
install -m 0755 -vd %{buildroot}%{_bindir}
|
||||
install -m 0755 -vp trivy %{buildroot}%{_bindir}/
|
||||
install -Dpm 0755 trivy.bash %{buildroot}%{bash_completions_dir}/trivy
|
||||
install -Dpm 0755 trivy.fish %{buildroot}%{fish_completions_dir}/trivy.fish
|
||||
install -Dpm 0755 trivy.zsh %{buildroot}%{zsh_completions_dir}/_trivy
|
||||
%go_vendor_license_install -c %{SOURCE2} -d trivy -D "trivy_path=$(pwd)/trivy"
|
||||
|
||||
%check
|
||||
skiptest() {
|
||||
for test in "$@"; do
|
||||
awk -i inplace '/^func.*'"${test}"'\(/ { print; print "\tt.Skip(\"disabled failing test\")"; next}1' \
|
||||
$(grep -rl "${test}")
|
||||
done
|
||||
}
|
||||
|
||||
%go_vendor_license_check -c %{SOURCE2} -d trivy -D "trivy_path=$(pwd)/trivy"
|
||||
%if %{with check}
|
||||
# Disable tests that require WASM, generated code, or networking
|
||||
rm -v \
|
||||
pkg/fanal/artifact/repo/git_test.go \
|
||||
pkg/module/module_test.go
|
||||
|
||||
%ifarch s390x
|
||||
%dnl Cannot load the test database on s390x
|
||||
rm -v pkg/fanal/cache/fs_test.go
|
||||
skiptest Test_dbWorker_update
|
||||
%endif
|
||||
|
||||
# Terraform tests attempt to connect to the terraform registry
|
||||
find pkg/iac/scanners/terraform*/ -name '*_test.go' -print -delete
|
||||
|
||||
export GO_LDFLAGS="-X=github.com/mattn/go-sqlite3.driverName=sqlite"
|
||||
export CGO_CFLAGS="-D USE_LIBSQLITE3=1" CGO_LDFLAGS="-lsqlite3"
|
||||
%gotest ./...
|
||||
%endif
|
||||
|
||||
%files -f %{go_vendor_license_filelist}
|
||||
%doc CONTRIBUTING.md README.md SECURITY.md
|
||||
%{_bindir}/trivy
|
||||
%{bash_completions_dir}/trivy
|
||||
%{fish_completions_dir}/trivy.fish
|
||||
%{zsh_completions_dir}/_trivy
|
||||
|
||||
%changelog
|
||||
* Fri Jul 19 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 0.50.4-1
|
||||
- Rebuilt for MSVSphere 9.4
|
||||
|
||||
## START: Generated by rpmautospec
|
||||
* Thu May 02 2024 Maxwell G <maxwell@gtmx.me> - 0.50.4-1
|
||||
- Update to 0.50.4. Fixes rhbz#2277210.
|
||||
|
||||
* Tue Apr 23 2024 Maxwell G <maxwell@gtmx.me> - 0.50.2-1
|
||||
- Update to 0.50.2. Fixes rhbz#2276563.
|
||||
|
||||
* Sat Apr 13 2024 Maxwell G <maxwell@gtmx.me> - 0.50.1-2
|
||||
- Enable i686 builds
|
||||
|
||||
* Sat Apr 06 2024 Maxwell G <maxwell@gtmx.me> - 0.50.1-1
|
||||
- Update to 0.50.1.
|
||||
|
||||
* Sat Apr 06 2024 Maxwell G <maxwell@gtmx.me> - 0.50.0-1
|
||||
- Initial import (rhbz#2272258)
|
||||
## END: Generated by rpmautospec
|
||||
Loading…
Reference in new issue