mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-04 12:01:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

community/cosign: security upgrade to 2.2.1

Browse Source
This commit is contained in:
J0WI 2023-11-18 03:13:39 +01:00 committed by Natanael Copa
parent f645935cd1
commit d47e122f85
1 changed files with 8 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
community/cosign/APKBUILD
View File

@ -1,7 +1,7 @@
# Maintainer: Ariadne Conill <ariadne@dereferenced.org>
pkgname=cosign
pkgver=2.0.1
pkgrel=7
pkgver=2.2.1
pkgrel=0
pkgdesc="container signing tool with support for ephemeral keys and Sigstore signing"
url="https://github.com/sigstore/cosign"
arch="all"
@ -12,11 +12,6 @@ makedepends="go pcsc-lite-dev"
# NOTE: We can't use the default bashcomp, etc splitters because they take everything,
# the default splitters should be improved somehow.
subpackages="
sget
sget-bash-completion:_sget_bashcomp
sget-fish-completion:_sget_fishcomp
sget-zsh-completion:_sget_zshcomp
$pkgname-bash-completion
$pkgname-fish-completion
$pkgname-zsh-completion
@ -25,6 +20,8 @@ source="https://github.com/sigstore/cosign/archive/v$pkgver/cosign-$pkgver.tar.g
options="chmod-clean !check"
# secfixes:
# 2.2.1-r0:
# - CVE-2023-46737
# 1.12.1-r0:
# - CVE-2022-36056
# 1.10.1-r0:
@ -45,7 +42,6 @@ build() {
for i in bash fish zsh; do
"$builddir"/build/cosign completion $i > "$builddir"/cosign.$i
"$builddir"/build/sget completion $i > "$builddir"/sget.$i
done
}
@ -55,32 +51,12 @@ check() {
package() {
install -Dm755 "$builddir"/build/cosign "$pkgdir"/usr/bin/cosign
install -Dm755 "$builddir"/build/sget "$pkgdir"/usr/bin/sget
for i in cosign sget; do
install -Dm644 "$builddir"/$i.bash "$pkgdir"/usr/share/bash-completion/completions/$i
install -Dm644 "$builddir"/$i.fish "$pkgdir"/usr/share/fish/vendor_completions.d/$i.fish
install -Dm644 "$builddir"/$i.zsh "$pkgdir"/usr/share/zsh/site-functions/_$i
done
}
sget() {
pkgdesc="secure container image fetching tool"
amove /usr/bin/sget
}
_sget_bashcomp() {
amove /usr/share/bash-completion/completions/sget
}
_sget_fishcomp() {
amove /usr/share/fish/vendor_completions.d/sget.fish
}
_sget_zshcomp() {
amove /usr/share/zsh/site-functions/_sget
install -Dm644 "$builddir"/cosign.bash "$pkgdir"/usr/share/bash-completion/completions/cosign
install -Dm644 "$builddir"/cosign.fish "$pkgdir"/usr/share/fish/vendor_completions.d/cosign.fish
install -Dm644 "$builddir"/cosign.zsh "$pkgdir"/usr/share/zsh/site-functions/_cosign
}
sha512sums="
2d8ce3c495818091e8077503fd2266bd0f3d8ee8a76f2a9b27ab1ab1cf1e2a01fee3ce6138f54d634015010d80e8193f79a8029dd3eb7a09c4b457be16ee4e50 cosign-2.0.1.tar.gz
84f2308bbb1968eaf6d0d95e2dcb8efa2c42cd2599298b37d576e5e87f0cf6c1153c330b034908c0c7557953e0a7d964eaa4a8768f7dc35900f5f427d8fe7713 cosign-2.2.1.tar.gz
"