160 lines
4.1 KiB
RPMSpec
160 lines
4.1 KiB
RPMSpec
#
|
|
# spec file for package scanner-databases
|
|
#
|
|
# Copyright (c) 2025 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
%define _dbdir /var/lib/clamav
|
|
|
|
%define trivydbversion 202512140632
|
|
%define neuvectordbversion 4.012
|
|
|
|
Name: scanner-databases
|
|
Version: 202512150018
|
|
Release: 0.0
|
|
Summary: Various scanner databases
|
|
License: GPL-2.0
|
|
Group: Security
|
|
|
|
# adds changes entry
|
|
Source9: refresh-spec.sh
|
|
|
|
# clamav stuff
|
|
Source0: clamav-database.tar.bz2
|
|
Source1: clamav-database-refresh.sh
|
|
# local database , currently containing equation group hash
|
|
Source2: local.hdb
|
|
|
|
|
|
# trivy stuff
|
|
Source10: trivy-database-%trivydbversion.tar.xz
|
|
Source11: trivy-database-refresh.sh
|
|
|
|
# neuvector stuff
|
|
Source20: neuvector-scanner-database-%neuvectordbversion.tar.xz
|
|
Source21: neuvector-scanner-database-refresh.sh
|
|
|
|
BuildRequires: clamav
|
|
BuildRequires: xz
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
|
|
%package -n clamav-database
|
|
Summary: Offline availability for clamav database
|
|
License: GPL-2.0
|
|
Group: Security
|
|
#!BuildIgnore: clamav-nodb
|
|
Requires: clamav
|
|
BuildArch: noarch
|
|
|
|
%description
|
|
This is a shared package for multiple scanner engines that contain
|
|
their offline data.
|
|
|
|
%description -n clamav-database
|
|
Open Build Service package build environments do not have network access
|
|
and need to have a recent version of the clamav database stored offline.
|
|
This package just wraps up /var/lib/clamav into an RPM package.
|
|
|
|
After installing, clamav can be used as usual, no need for special
|
|
commandline arguments.
|
|
|
|
|
|
%package -n trivy-database
|
|
Summary: Trivy database archive
|
|
Version: %trivydbversion
|
|
License: Apache-2.0
|
|
Group: Security
|
|
URL: https://aquasecurity.github.io/trivy/latest/docs/configuration/db/
|
|
# must be arch dependend due to endianess
|
|
|
|
%description -n trivy-database
|
|
Trivy is a comprehensive and versatile security scanner. Trivy has scanners
|
|
that look for security issues, and targets where it can find those issues.
|
|
|
|
This package contains the database archive that can be used to run the Trivy
|
|
scanner in an isolated environment.
|
|
|
|
Use the offline database:
|
|
|
|
trivy image
|
|
--cache-dir /usr/share/trivy/cache
|
|
--format cosign-vuln
|
|
--offline-scan
|
|
--skip-db-update
|
|
--skip-java-db-update
|
|
--output trivy.result.txt
|
|
$containertag
|
|
|
|
%package -n neuvector-scanner-database
|
|
Summary: Neuvector database archive
|
|
Version: %neuvectordbversion
|
|
License: Apache-2.0
|
|
Group: Security
|
|
URL: https://github.com/neuvector/vul-dbgen
|
|
BuildArch: noarch
|
|
|
|
%description -n neuvector-scanner-database
|
|
This package contains the NeuVector scanner vulnerability database archive that
|
|
can be used to run the NeuVector scanner in an isolated environment.
|
|
|
|
%prep
|
|
%setup -n db -c db
|
|
|
|
mkdir trivy-database
|
|
pushd trivy-database
|
|
tar xf %{SOURCE10}
|
|
popd
|
|
|
|
tar xf %{SOURCE20}
|
|
|
|
%install
|
|
pwd
|
|
ls -la
|
|
|
|
# clamav stuff
|
|
mkdir -p $RPM_BUILD_ROOT/var
|
|
cp -al var/* $RPM_BUILD_ROOT/var/
|
|
find $RPM_BUILD_ROOT
|
|
cp %SOURCE2 $RPM_BUILD_ROOT/%_dbdir
|
|
|
|
|
|
# trivy stuf
|
|
pushd trivy-database
|
|
install -d -m 0755 %{buildroot}%{_datadir}/trivy/cache
|
|
cp -av * %{buildroot}%{_datadir}/trivy/cache/
|
|
popd
|
|
|
|
# neuvector stuff
|
|
pushd neuvector-scanner-database-%neuvectordbversion
|
|
install -d -m 0755 %{buildroot}%{_sysconfdir}/neuvector
|
|
cp -av * %{buildroot}
|
|
popd
|
|
|
|
|
|
%files -n clamav-database
|
|
%defattr(-,vscan,vscan,644)
|
|
%attr(755,vscan,vscan) %_dbdir
|
|
%attr(644,vscan,vscan) %_dbdir/*
|
|
|
|
%files -n trivy-database
|
|
%defattr(-,root,root)
|
|
%dir %{_datadir}/trivy
|
|
%{_datadir}/trivy/cache
|
|
|
|
%files -n neuvector-scanner-database
|
|
%defattr(-,root,root)
|
|
%{_sysconfdir}/neuvector
|
|
|
|
%changelog
|