[info=661ba9512713191dbad2929ae1a76f9ef89bbcaa0f3da1fac367aa96b97f6054]

OBS-URL: https://build.opensuse.org/package/show/devel:Factory:git-workflow:staging:dirkmueller:trivy:2/trivy?expand=0&rev=2
2024-06-19 16:26:14 +00:00 · 2024-06-19 16:26:14 +00:00 · 4c45efeca5
commit 4c45efeca5
14 changed files with 2858 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<constraints>
+  <hardware>
+    <disk>
+      <size unit="G">10</size>
+    </disk>
+  </hardware>
+</constraints>
--- a/_scmsync.obsinfo
+++ b/_scmsync.obsinfo
@ -0,0 +1,4 @@
+mtime: 1718814149
+commit: 661ba9512713191dbad2929ae1a76f9ef89bbcaa0f3da1fac367aa96b97f6054
+url: https://src.opensuse.org/dirkmueller/trivy.git
+revision: 661ba9512713191dbad2929ae1a76f9ef89bbcaa0f3da1fac367aa96b97f6054
--- a/20
+++ b/20
@ -0,0 +1,20 @@
+<services>
+  <service name="tar_scm" mode="manual">
+    <param name="url">https://github.com/aquasecurity/trivy</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.52.2</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
+  </service>
+  <service name="recompress" mode="manual">
+    <param name="file">trivy-*.tar</param>
+    <param name="compression">zst</param>
+  </service>
+  <service name="set_version" mode="manual">
+    <param name="basename">trivy</param>
+  </service>
+  <service name="go_modules" mode="manual">
+    <param name="compression">zst</param>
+  </service>
+</services>
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/aquasecurity/trivy</param>
+              <param name="changesrevision">8709d4f9c8ae29df1ff2e0d45b414cc075d3ea0b</param></service></servicedata>
--- a/add-opensuse-tumbleweed-db.patch
+++ b/add-opensuse-tumbleweed-db.patch
@ -0,0 +1,103 @@
+From f055a591d0ad779eab39ad0b13bd240653c9f137 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 09:59:41 +0200
+Subject: [PATCH 1/2] added openSUSE Tumbleweed version detection
+
+(Tumbleweed has no version as it is rolling)
+
+https://github.com/aquasecurity/trivy-db/issues/410
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go      | 18 +++++++++++++++---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf_test.go |  4 ++++
+ 2 files changed, 19 insertions(+), 3 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index be3d4eff..297b29eb 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -24,8 +24,10 @@ type Distribution int
+ const (
+ 	SUSEEnterpriseLinux Distribution = iota
+ 	OpenSUSE
+	OpenSUSETumbleweed
+ 
+-	platformOpenSUSEFormat  = "openSUSE Leap %s"
+	platformOpenSUSETumbleweedFormat  = "openSUSE Tumbleweed"
+	platformOpenSUSELeapFormat  = "openSUSE Leap %s"
+ 	platformSUSELinuxFormat = "SUSE Linux Enterprise %s"
+ )
+ 
+@@ -55,6 +57,9 @@ func (vs VulnSrc) Name() types.SourceID {
+ 	if vs.dist == OpenSUSE {
+ 		return "opensuse-cvrf"
+ 	}
+	if vs.dist == OpenSUSETumbleweed {
+		return "opensuse-tumbleweed-cvrf"
+	}
+ 	return source.ID
+ }
+ 
+@@ -66,6 +71,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+ 	case OpenSUSE:
+	case OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")
+@@ -185,6 +191,10 @@ func getOSVersion(platformName string) string {
+ 		// SUSE Linux Enterprise Module for SUSE Manager Server 4.0
+ 		return ""
+ 	}
+	if strings.HasPrefix(platformName, "openSUSE Tumbleweed") {
+		// Tumbleweed has no version, it is a rolling release
+		return platformOpenSUSETumbleweedFormat
+	}
+ 	if strings.HasPrefix(platformName, "openSUSE Leap") {
+ 		// openSUSE Leap 15.0
+ 		ss := strings.Split(platformName, " ")
+@@ -196,7 +206,7 @@ func getOSVersion(platformName string) string {
+ 			log.Printf("invalid version: %s, err: %s", platformName, err)
+ 			return ""
+ 		}
+-		return fmt.Sprintf(platformOpenSUSEFormat, ss[2])
+		return fmt.Sprintf(platformOpenSUSELeapFormat, ss[2])
+ 	}
+ 	if strings.Contains(platformName, "SUSE Linux Enterprise") {
+ 		// e.g. SUSE Linux Enterprise Storage 7, SUSE Linux Enterprise Micro 5.1
+@@ -276,7 +286,9 @@ func (vs VulnSrc) Get(version string, pkgName string) ([]types.Advisory, error)
+ 	case SUSEEnterpriseLinux:
+ 		bucket = fmt.Sprintf(platformSUSELinuxFormat, version)
+ 	case OpenSUSE:
+-		bucket = fmt.Sprintf(platformOpenSUSEFormat, version)
+		bucket = fmt.Sprintf(platformOpenSUSELeapFormat, version)
+	case OpenSUSETumbleweed:
+		bucket = platformOpenSUSETumbleweedFormat
+ 	default:
+ 		return nil, xerrors.New("unknown distribution")
+ 	}
+
+From a6bad64919d94263c6e075f2f3676b6cdbfe811d Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 16:07:49 +0200
+Subject: [PATCH 2/2] Update pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+
+Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
+---
+ pkg/vulnsrc/suse-cvrf/suse-cvrf.go | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+index 297b29eb..f616990e 100644
+--- a/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+++ b/pkg/vulnsrc/suse-cvrf/suse-cvrf.go
+@@ -70,8 +70,7 @@ func (vs VulnSrc) Update(dir string) error {
+ 	switch vs.dist {
+ 	case SUSEEnterpriseLinux:
+ 		rootDir = filepath.Join(rootDir, "suse")
+-	case OpenSUSE:
+-	case OpenSUSETumbleweed:
+	case OpenSUSE, OpenSUSETumbleweed:
+ 		rootDir = filepath.Join(rootDir, "opensuse")
+ 	default:
+ 		return xerrors.New("unknown distribution")
--- a/add-opensuse-tumbleweed-support.patch
+++ b/add-opensuse-tumbleweed-support.patch
@ -0,0 +1,94 @@
+From 3e9c8361a53b33bdd8bfe3009fae69a50fe5f261 Mon Sep 17 00:00:00 2001
+From: Marcus Meissner <meissner@suse.de>
+Date: Wed, 19 Jun 2024 10:32:34 +0200
+Subject: [PATCH] feat: add openSUSE tumbleweed detection and scanning
+
+needs changes in trivy-db to go along from https://github.com/aquasecurity/trivy-db/pull/411 to go along
+
+https://github.com/aquasecurity/trivy-db/issues/410
+---
+ docs/docs/coverage/os/index.md  | 1 +
+ docs/docs/coverage/os/suse.md   | 5 +++--
+ pkg/detector/ospkg/detect.go    | 1 +
+ pkg/detector/ospkg/suse/suse.go | 9 +++++++++
+ 4 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/docs/docs/coverage/os/index.md b/docs/docs/coverage/os/index.md
+index a8d2670d7d6..49982b1b2d6 100644
+--- a/docs/docs/coverage/os/index.md
+++ b/docs/docs/coverage/os/index.md
+@@ -22,6 +22,7 @@ Trivy supports operating systems for
+ | [CBL-Mariner](cbl-mariner.md)        | 1.0, 2.0                            | dnf/yum/rpm      |
+ | [Amazon Linux](amazon.md)            | 1, 2, 2023                          | dnf/yum/rpm      |
+ | [openSUSE Leap](suse.md)             | 42, 15                              | zypper/rpm       |
+| [openSUSE Tumbleweed](suse.md)       | (n/a)                               | zypper/rpm       |
+ | [SUSE Enterprise Linux](suse.md)     | 11, 12, 15                          | zypper/rpm       |
+ | [Photon OS](photon.md)               | 1.0, 2.0, 3.0, 4.0                  | tndf/yum/rpm     |
+ | [Debian GNU/Linux](debian.md)        | 7, 8, 9, 10, 11, 12                 | apt/dpkg         |
+diff --git a/docs/docs/coverage/os/suse.md b/docs/docs/coverage/os/suse.md
+index 6ff52de31c8..15cfb1e9379 100644
+--- a/docs/docs/coverage/os/suse.md
+++ b/docs/docs/coverage/os/suse.md
+@@ -2,6 +2,7 @@
+ Trivy supports the following distributions:
+ 
+ - openSUSE Leap
+- openSUSE Tumbleweed
+ - SUSE Enterprise Linux (SLE)
+ 
+ Please see [here](index.md#supported-os) for supported versions.
+@@ -35,6 +36,6 @@ Trivy identifies licenses by examining the metadata of RPM packages.
+ 
+ 
+ [dependency-graph]: ../../configuration/reporting.md#show-origins-of-vulnerable-dependencies
+-[cvrf]: http://ftp.suse.com/pub/projects/security/cvrf/
+[cvrf]: https://ftp.suse.com/pub/projects/security/cvrf/
+ 
+-[vulnerability statuses]: ../../configuration/filtering.md#by-status
+\ No newline at end of file
+[vulnerability statuses]: ../../configuration/filtering.md#by-status
+diff --git a/pkg/detector/ospkg/detect.go b/pkg/detector/ospkg/detect.go
+index bbeb8e8649d..56c4b76d147 100644
+--- a/pkg/detector/ospkg/detect.go
+++ b/pkg/detector/ospkg/detect.go
+@@ -40,6 +40,7 @@ var (
+ 		ftypes.CentOS:       redhat.NewScanner(),
+ 		ftypes.Rocky:        rocky.NewScanner(),
+ 		ftypes.Oracle:       oracle.NewScanner(),
+		ftypes.OpenSUSETumbleweed: suse.NewScanner(suse.OpenSUSETumbleweed),
+ 		ftypes.OpenSUSELeap: suse.NewScanner(suse.OpenSUSE),
+ 		ftypes.SLES:         suse.NewScanner(suse.SUSEEnterpriseLinux),
+ 		ftypes.Photon:       photon.NewScanner(),
+diff --git a/pkg/detector/ospkg/suse/suse.go b/pkg/detector/ospkg/suse/suse.go
+index a5ccade5c81..439cad3ce28 100644
+--- a/pkg/detector/ospkg/suse/suse.go
+++ b/pkg/detector/ospkg/suse/suse.go
+@@ -66,6 +66,7 @@ const (
+ 	SUSEEnterpriseLinux Type = iota
+ 	// OpenSUSE for open versions
+ 	OpenSUSE
+	OpenSUSETumbleweed
+ )
+ 
+ // Scanner implements the SUSE scanner
+@@ -84,6 +85,10 @@ func NewScanner(t Type) *Scanner {
+ 		return &Scanner{
+ 			vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSE),
+ 		}
+	case OpenSUSETumbleweed:
+		return &Scanner{
+			vs: susecvrf.NewVulnSrc(susecvrf.OpenSUSETumbleweed),
+		}
+ 	}
+ 	return nil
+ }
+@@ -128,5 +133,9 @@ func (s *Scanner) IsSupportedVersion(ctx context.Context, osFamily ftypes.OSType
+ 	if osFamily == ftypes.SLES {
+ 		return osver.Supported(ctx, slesEolDates, osFamily, osVer)
+ 	}
+	// tumbleweed is a rolling release, it has no version and no eol
+	if osFamily == ftypes.OpenSUSETumbleweed {
+		return true
+	}
+ 	return osver.Supported(ctx, opensuseEolDates, osFamily, osVer)
+ }
--- a/build.specials.obscpio
+++ b/build.specials.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b2e416bcee1987ed56ce1444ba61cfb347ddbdccdd29289fad559466e974121d
+size 256
--- a/trivy-0.52.1.tar.zst
+++ b/trivy-0.52.1.tar.zst
--- a/trivy-0.52.2.tar.zst
+++ b/trivy-0.52.2.tar.zst
--- a/trivy.changes
+++ b/trivy.changes
--- a/trivy.spec
+++ b/trivy.spec
@ -0,0 +1,67 @@
+#
+# spec file for package trivy
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           trivy
+Version:        0.52.2
+Release:        0
+Summary:        A Simple and Comprehensive Vulnerability Scanner for Containers
+License:        Apache-2.0
+Group:          System/Management
+URL:            https://github.com/aquasecurity/trivy
+Source:         %{name}-%{version}.tar.zst
+Source1:        vendor.tar.zst
+# From https://github.com/aquasecurity/trivy-db/pull/411.patch
+Patch1:         add-opensuse-tumbleweed-db.patch
+Patch2:         https://github.com/aquasecurity/trivy/pull/6965.patch#/add-opensuse-tumbleweed-support.patch
+BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang-packaging
+BuildRequires:  zstd
+Requires:       ca-certificates
+Requires:       git-core
+Requires:       rpm
+
+%description
+Trivy (`tri` pronounced like trigger, `vy` pronounced like envy) is a simple and
+comprehensive vulnerability scanner for containers and other artifacts. A
+software vulnerability is a glitch, flaw, or weakness present in the software or
+in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine,
+RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn,
+etc.). Trivy is easy to use. Just install the binary and you're ready to
+scan. All you need to do for scanning is to specify a target such as an image
+name of the container.
+
+%prep
+%setup -a1
+pushd vendor/github.com/aquasecurity/trivy-db
+%patch -P 1 -p1
+popd
+%patch -P 2 -p1
+
+%build
+export CGO_ENABLED=1
+go build -o trivy -mod=vendor -buildmode=pie -trimpath -ldflags "-s -w -X=main.version=%{version}" cmd/trivy/main.go
+
+%install
+install -D -m 755 trivy %{buildroot}/%{_bindir}/%{name}
+
+%files
+%license LICENSE
+%doc NOTICE README.md
+%{_bindir}/%{name}
+
+%changelog
--- a/vendor.tar.zst
+++ b/vendor.tar.zst