From 3e709dbb9ba1e6d47e4f4102f1c50d14242f59db3b4fe8fb282d9aa687cdd126 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Sun, 2 Jun 2024 11:12:51 +0000
Subject: [PATCH] new package clair: Vulnerability Static Analysis for
 Containers, including the clairctl CLI

OBS-URL: https://build.opensuse.org/package/show/security/clair?expand=0&rev=1
---
 .gitattributes        |  23 +++++++++
 .gitignore            |   1 +
 _service              |  22 ++++++++
 _servicedata          |   4 ++
 clair-4.7.4.obscpio   |   3 ++
 clair-indexer.service |   8 +++
 clair-matcher.service |   8 +++
 clair-watcher.service |   8 +++
 clair.changes         |  20 ++++++++
 clair.obsinfo         |   4 ++
 clair.service         |   8 +++
 clair.spec            | 116 ++++++++++++++++++++++++++++++++++++++++++
 vendor.tar.gz         |   3 ++
 13 files changed, 228 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 _service
 create mode 100644 _servicedata
 create mode 100644 clair-4.7.4.obscpio
 create mode 100644 clair-indexer.service
 create mode 100644 clair-matcher.service
 create mode 100644 clair-watcher.service
 create mode 100644 clair.changes
 create mode 100644 clair.obsinfo
 create mode 100644 clair.service
 create mode 100644 clair.spec
 create mode 100644 vendor.tar.gz

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..9b03811
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57affb6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.osc
diff --git a/_service b/_service
new file mode 100644
index 0000000..0087b21
--- /dev/null
+++ b/_service
@@ -0,0 +1,22 @@
+<services>
+  <service name="obs_scm" mode="manual">
+    <param name="url">https://github.com/quay/clair/</param>
+    <param name="scm">git</param>
+    <param name="revision">v4.7.4</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="set_version" mode="manual">
+  </service>
+  <service name="go_modules" mode="manual">
+  </service>
+  <service name="tar" mode="buildtime">
+    <param name="package-meta">yes</param>
+  </service>
+  <service name="recompress" mode="buildtime">
+    <param name="file">*.tar</param>
+    <param name="compression">gz</param>
+  </service>
+</services>
diff --git a/_servicedata b/_servicedata
new file mode 100644
index 0000000..a8145bc
--- /dev/null
+++ b/_servicedata
@@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/quay/clair/</param>
+              <param name="changesrevision">4170798b6d464be0b8f74b1979785a17ad71dbd0</param></service></servicedata>
\ No newline at end of file
diff --git a/clair-4.7.4.obscpio b/clair-4.7.4.obscpio
new file mode 100644
index 0000000..5a34312
--- /dev/null
+++ b/clair-4.7.4.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f89b2c4f18bdcc11e43ede34c1a6ca73e902cbf9f96ebe32e0aa4aad5d2457b4
+size 2849804
diff --git a/clair-indexer.service b/clair-indexer.service
new file mode 100644
index 0000000..bf6c6b9
--- /dev/null
+++ b/clair-indexer.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode indexer -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/clair-matcher.service b/clair-matcher.service
new file mode 100644
index 0000000..ccd88e3
--- /dev/null
+++ b/clair-matcher.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode matcher -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/clair-watcher.service b/clair-watcher.service
new file mode 100644
index 0000000..10c08c3
--- /dev/null
+++ b/clair-watcher.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode watcher -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/clair.changes b/clair.changes
new file mode 100644
index 0000000..935448e
--- /dev/null
+++ b/clair.changes
@@ -0,0 +1,20 @@
+-------------------------------------------------------------------
+Fri May 31 12:27:45 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 4.7.4:
+  * chore: 4.7.4 changelog bump
+  * chore: Add merge step when creating release binaries
+  * chore: update go version for release
+  * chore: update claircore to v1.5.27
+  * chore: update go version
+  * Dockerfile: remove sh loop
+  * cicd: add container version skew check
+  * cicd: update testing workflow
+  * cicd: don't upload workspace on failure
+  * cicd: change version specifiers to be major-version only
+
+-------------------------------------------------------------------
+Fri May 31 12:27:30 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- new package clair: Vulnerability Static Analysis for Containers,
+  including the clairctl CLI
diff --git a/clair.obsinfo b/clair.obsinfo
new file mode 100644
index 0000000..1ca6585
--- /dev/null
+++ b/clair.obsinfo
@@ -0,0 +1,4 @@
+name: clair
+version: 4.7.4
+mtime: 1714582404
+commit: 4170798b6d464be0b8f74b1979785a17ad71dbd0
diff --git a/clair.service b/clair.service
new file mode 100644
index 0000000..b3ce044
--- /dev/null
+++ b/clair.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Clair Vulnerability Scanner
+
+[Service]
+ExecStart=clair -mode combo -conf /etc/clair/config.yaml
+
+[Install]
+WantedBy=multi-user.target
diff --git a/clair.spec b/clair.spec
new file mode 100644
index 0000000..8892485
--- /dev/null
+++ b/clair.spec
@@ -0,0 +1,116 @@
+#
+# spec file for package clair
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
+
+%define cli_executable_name clairctl
+%define services clair.service clair-indexer.service clair-matcher.service clair-watcher.service
+
+Name:           clair
+Version:        4.7.4
+Release:        0
+Summary:        Vulnerability Static Analysis for Containers
+License:        Apache-2.0
+URL:            https://github.com/quay/clair
+Source:         %{name}-%{version}.tar.gz
+Source1:        vendor.tar.gz
+Source2:        clair.service
+Source3:        clair-indexer.service
+Source4:        clair-matcher.service
+Source5:        clair-watcher.service
+BuildRequires:  go >= 1.22
+
+%description
+Clair is an open source project for the static analysis of vulnerabilities in
+application containers (currently including OCI and docker).
+
+Clients use the Clair API to index their container images and can then match it
+against known vulnerabilities.
+
+Our goal is to enable a more transparent view of the security of
+container-based infrastructure. Thus, the project was named Clair after the
+French term which translates to clear, bright, transparent.
+
+%package -n %{cli_executable_name}
+Summary:        CLI for the Clair Vulnerability scanner
+
+%description -n %{cli_executable_name}
+clairctl is a command line tool for working with Clair. This CLI is capable of
+generating manifests from most public registries (dockerhub, quay.io, Red Hat
+Container Catalog) and submitting them for analysis to a running Clair.
+
+%prep
+%autosetup -p 1 -a 1
+chmod -x LICENSE
+
+%build
+go build \
+   -mod=vendor \
+   -buildmode=pie \
+   -trimpath \
+   -buildvcs=false \
+   -ldflags="-X github.com/quay/clair/v4/cmd.Version=%{version}" \
+   -o bin/ ./cmd/...
+
+%install
+# Install the clair binary
+install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name}
+
+# Install the clairctl binary
+install -D -m 0755 bin/%{cli_executable_name} %{buildroot}/%{_bindir}/%{cli_executable_name}
+
+# Systemd unit files
+install -D -p -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/clair.service
+install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/clair-indexer.service
+install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/clair-matcher.service
+install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/clair-watcher.service
+
+# configuration directory
+install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/
+
+%check
+%{buildroot}/%{_bindir}/%{cli_executable_name} --version|grep -q %{version}
+
+%pre
+%service_add_pre %{services}
+
+%post
+%service_add_post %{services}
+
+%preun
+%service_del_preun %{services}
+
+%postun
+%service_del_postun %{services}
+
+%files
+%doc README.md
+%license LICENSE
+%{_bindir}/%{name}
+%{_unitdir}/clair.service
+%{_unitdir}/clair-indexer.service
+%{_unitdir}/clair-matcher.service
+%{_unitdir}/clair-watcher.service
+%dir %{_sysconfdir}/%{name}/
+
+%files -n %{cli_executable_name}
+%doc README.md
+%license LICENSE
+%{_bindir}/%{cli_executable_name}
+
+%changelog
diff --git a/vendor.tar.gz b/vendor.tar.gz
new file mode 100644
index 0000000..71c107f
--- /dev/null
+++ b/vendor.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:47865b6de0eb01592dff8b33e363846ef13d0fa8d86ef9956ea0a50f222f4979
+size 43267100