new package clair: Vulnerability Static Analysis for Containers, including the clairctl CLI

OBS-URL: https://build.opensuse.org/package/show/security/clair?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

_service

@@ -0,0 +1,22 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/quay/clair/</param>
+    <param name="scm">git</param>
+    <param name="revision">v4.7.4</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="set_version" mode="manual">
+  </service>
+  <service name="go_modules" mode="manual">
+  </service>
+  <service name="tar" mode="buildtime">
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+</services>

_servicedata

@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/quay/clair/</param>
+              <param name="changesrevision">4170798b6d464be0b8f74b1979785a17ad71dbd0</param></service></servicedata>

clair-4.7.4.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f89b2c4f18bdcc11e43ede34c1a6ca73e902cbf9f96ebe32e0aa4aad5d2457b4
+size 2849804

clair-indexer.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode indexer -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target

clair-matcher.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode matcher -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target

clair-watcher.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode watcher -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target

clair.changes

@@ -0,0 +1,20 @@
+-------------------------------------------------------------------
+Fri May 31 12:27:45 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 4.7.4:
+  * chore: 4.7.4 changelog bump
+  * chore: Add merge step when creating release binaries
+  * chore: update go version for release
+  * chore: update claircore to v1.5.27
+  * chore: update go version
+  * Dockerfile: remove sh loop
+  * cicd: add container version skew check
+  * cicd: update testing workflow
+  * cicd: don't upload workspace on failure
+  * cicd: change version specifiers to be major-version only
+
+-------------------------------------------------------------------
+Fri May 31 12:27:30 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- new package clair: Vulnerability Static Analysis for Containers,
+  including the clairctl CLI

clair.obsinfo

@@ -0,0 +1,4 @@
+name: clair
+version: 4.7.4
+mtime: 1714582404
+commit: 4170798b6d464be0b8f74b1979785a17ad71dbd0

clair.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode combo -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target

clair.spec

@@ -0,0 +1,116 @@
+#
+# spec file for package clair
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
+
+%define cli_executable_name clairctl
+%define services clair.service clair-indexer.service clair-matcher.service clair-watcher.service
+
+Name:           clair
+Version:        4.7.4
+Release:        0
+Summary:        Vulnerability Static Analysis for Containers
+License:        Apache-2.0
+URL:            https://github.com/quay/clair
+Source:         %{name}-%{version}.tar.gz
+Source1:        vendor.tar.gz
+Source2:        clair.service
+Source3:        clair-indexer.service
+Source4:        clair-matcher.service
+Source5:        clair-watcher.service
+BuildRequires:  go >= 1.22
+
+%description
+Clair is an open source project for the static analysis of vulnerabilities in
+application containers (currently including OCI and docker).
+
+Clients use the Clair API to index their container images and can then match it
+against known vulnerabilities.
+
+Our goal is to enable a more transparent view of the security of
+container-based infrastructure. Thus, the project was named Clair after the
+French term which translates to clear, bright, transparent.
+
+%package -n %{cli_executable_name}
+Summary:        CLI for the Clair Vulnerability scanner
+
+%description -n %{cli_executable_name}
+clairctl is a command line tool for working with Clair. This CLI is capable of
+generating manifests from most public registries (dockerhub, quay.io, Red Hat
+Container Catalog) and submitting them for analysis to a running Clair.
+
+%prep
+%autosetup -p 1 -a 1
+chmod -x LICENSE
+
+%build
+go build \
+   -mod=vendor \
+   -buildmode=pie \
+   -trimpath \
+   -buildvcs=false \
+   -ldflags="-X github.com/quay/clair/v4/cmd.Version=%{version}" \
+   -o bin/ ./cmd/...
+
+%install
+# Install the clair binary
+install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name}
+
+# Install the clairctl binary
+install -D -m 0755 bin/%{cli_executable_name} %{buildroot}/%{_bindir}/%{cli_executable_name}
+
+# Systemd unit files
+install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/clair.service
+install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/clair-indexer.service
+install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/clair-matcher.service
+install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/clair-watcher.service
+
+# configuration directory
+install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/
+
+%check
+%{buildroot}/%{_bindir}/%{cli_executable_name} --version|grep -q %{version}
+
+%pre
+%service_add_pre %{services}
+
+%post
+%service_add_post %{services}
+
+%preun
+%service_del_preun %{services}
+
+%postun
+%service_del_postun %{services}
+
+%files
+%doc README.md
+%license LICENSE
+%{_bindir}/%{name}
+%{_unitdir}/clair.service
+%{_unitdir}/clair-indexer.service
+%{_unitdir}/clair-matcher.service
+%{_unitdir}/clair-watcher.service
+%dir %{_sysconfdir}/%{name}/
+
+%files -n %{cli_executable_name}
+%doc README.md
+%license LICENSE
+%{_bindir}/%{cli_executable_name}
+
+%changelog

vendor.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:47865b6de0eb01592dff8b33e363846ef13d0fa8d86ef9956ea0a50f222f4979
+size 43267100