pool/docker-bench-security
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
docker-bench-security/docker-bench-security.spec

71 lines
2.3 KiB
RPMSpec
Raw Permalink Normal View History

- Update to docker-bench-security v1.6.1. See upstream changelog online at <https://github.com/docker/docker-bench-security/releases/tag/v1.6.1>. * Align with CIS Docker Benchmark v1.6.0. v1.6.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.6.0> * Fix image sprawl miscalculation. * Add an option to filter out labels to exclude from checks. v1.5.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.5.0> * Align with CIS Docker Benchmark v1.5.0. * Add support for .NanoCpus. v1.3.6 <https://github.com/docker/docker-bench-security/releases/tag/v1.3.6> * Add CIS Level 1 only functions. * Support user namespaces in partition check. * Deprecate rule 2.16 for Docker > 19.03. * Add checks for capabilities that allows container escape. * Implement listing of open ports. * Add 4.12 check. - Rather than patching the script entirely using sed (which can make updates error-prone), apply an actual patch to switch to using a LIBEXEC variable we can replace during packaging. Backport of <https://github.com/docker/docker-bench-security/pull/559>. + 0001-dist-adjust-script-imports-to-be-able-to-use-usr-lib.patch - checks implementing CIS Docker 1.11.0 Benchmark OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-bench-security?expand=0&rev=33
2024-11-12 09:43:56 +00:00
#
# spec file for package docker-bench-security
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: docker-bench-security
Version: 1.6.1
Release: 0
Summary: Docker Bench for Security
License: Apache-2.0
Group: Productivity/Networking/Security
URL: https://dockerbench.com
Source: https://github.com/docker/docker-bench-security/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
# FIX-UPSTREAM: Adjust the script so that we can package the helper scripts in
# /usr/libexec. <https://github.com/docker/docker-bench-security/pull/559>
Patch1: 0001-dist-adjust-script-imports-to-be-able-to-use-usr-lib.patch
Requires: audit
Requires: coreutils
Requires: docker >= 1.13.0
Requires: findutils
Requires: gawk
Requires: grep
Requires: net-tools
Requires: sed
%if 0%{?suse_version} > 1320
Requires: net-tools-deprecated
%endif
%if %{?suse_version} > 1110
BuildArch: noarch
%endif
%description
The Docker Bench for Security is a script that checks for dozens of common
best-practices around deploying Docker containers in production.
The tests are all automated, and implement the CIS Docker Benchmark.
%prep
%autosetup -p1
%build
# Replace LIBEXEC= added by patch1 with the actual libexec directory.
sed -i 's|^LIBEXEC=.*$|LIBEXEC="%{_libexecdir}/%{name}"|' docker-bench-security.sh
chmod +x docker-bench-security.sh
%install
install -D %{name}.sh %{buildroot}/%{_bindir}/docker-bench-security
mkdir -p %{buildroot}/%{_libexecdir}/%{name}
cp -vpr functions/ tests/ %{buildroot}%{_libexecdir}/%{name}
%files
%license LICENSE.md
%doc README.md
%attr(0755,root,root) %{_bindir}/%{name}
%attr(0755,root,root) %{_libexecdir}/%{name}
%changelog
Reference in New Issue Copy Permalink