SHA256
1
0
forked from pool/rekor
rekor/rekor.spec
Marcus Meissner 65092aae15 Accepting request 972808 from home:msmeissn:branches:security
- Updated to rekor 0.6.0
  - attempting to fix codeowners file by @bobcallaway in #653
  - Update the warning text for the GA release. by @dlorenc in #654
  - Add docs about API stability and deprecation policy by @priyawadhwa in #661
  - update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666
  - Move k8s objects out of the default namespace by @k4leung4 in #674
  - add securityContext to deployment. by @k4leung4 in #678
  - Add intoto type documentation by @jspeed-meyers in #679
  - create namespace for rekor config in yaml. by @k4leung4 in #680
  - Set rekor-cli User-Agent header on requests by @bobcallaway in #684
  - update security process link by @bobcallaway in #685
  - explicitly set permissions for github actions by @k4leung4 in #687
  - Add documentation about Alpine type by @jspeed-meyers in #697
  - Add code coverage to pull requests. by @k4leung4 in #676
  - Consistent parenthesis use in Makefile by @k4leung4 in #700
  - Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671
  - Generate release yaml for non-CI builds. by @k4leung4 in #702
  - Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701
  - build trillian container to existing release. by @k4leung4 in #715
  - Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718
  - Switch to using the swag library for pointer manipulation. by @dlorenc in #719
  - Change TreeID to be of type string instead of int64 by @priyawadhwa in #712
  - Add sharding e2e test to Github Actions by @priyawadhwa in #714
  - fix merge conflict by @priyawadhwa in #720
  - Clearer logging for createAndInitTree by @priyawadhwa in #724
  - Return virtual index when creating and getting a log entry by @priyawadhwa in #725
  - Fix copy/paste mistake in repo name. by @k4leung4 in #730
  - Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729
  - Get log proofs by Tree ID by @priyawadhwa in #733
  - Refactor rekor-cli loginfo by @priyawadhwa in #734

OBS-URL: https://build.opensuse.org/request/show/972808
OBS-URL: https://build.opensuse.org/package/show/security/rekor?expand=0&rev=7
2022-04-26 09:47:47 +00:00

65 lines
2.8 KiB
RPMSpec

#
# spec file for package rekor
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define apps cli server
Name: rekor
Version: 0.6.0
Release: 0
%define revision 5c52ad228cb698ea4320dada5cd0a7cd31a5eb9a
Summary: Supply Chain Transparency Log
License: Apache-2.0
URL: https://github.com/sigstore/rekor
Source: https://github.com/sigstore/rekor/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: vendor.tar.xz
BuildRequires: golang-packaging
BuildRequires: golang(API)
%{go_nostrip}
%description
Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. Rekor will enable software maintainers and build systems to record signed metadata to an immutable record. Other parties can then query said metadata to enable them to make informed decisions on trust and non-repudiation of an object's lifecycle. For more details visit the sigstore website
The Rekor project provides a restful API based server for validation and a transparency log for storage. A CLI application is available to make and verify entries, query the transparency log for inclusion proof, integrity verification of the transparency log or retrieval of entries by either public key or artifact.
Rekor fulfils the signature transparency role of sigstore's software signing infrastructure. However, Rekor can be run on its own and is designed to be extensible to working with different manifest schemas and PKI tooling.
%prep
%autosetup -p1 -a1
%build
DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
for app in %{apps} ; do
CLI_PKG=github.com/sigstore/rekor/cmd/rekor-${app}/app
CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}"
go build -mod=vendor -buildmode=pie -ldflags "${CLI_LDFLAGS}" ./cmd/rekor-${app}
./rekor-${app} version
done
%install
for app in %{apps} ; do
install -D -m 0755 rekor-${app} %{buildroot}%{_bindir}/rekor-${app}
done
%files
%license LICENSE
%doc *.md
%{_bindir}/rekor-*
%changelog