File scanner-databases.spec of Package scanner-databases.41223

#
# spec file for package scanner-databases
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%define _dbdir /var/lib/clamav

%define trivydbversion	202510190040

Name:           scanner-databases
Version:	202510200012
Release:	0.0
Summary:	Various scanner databases
License:        GPL-2.0
Group:		Security

# adds changes entry
Source9:	refresh-spec.sh

# clamav stuff
Source0:        clamav-database.tar.bz2
Source1:        clamav-database-refresh.sh
# local database , currently containing equation group hash
Source2:	local.hdb


# trivy stuff
Source10:	trivy-database-%trivydbversion.tar.xz
Source11:	trivy-database-refresh.sh
BuildRequires:  clamav
BuildRequires:  xz
BuildRoot:      %{_tmppath}/%{name}-%{version}-build

%package -n clamav-database
Summary:        Offline availability for clamav database
License:        GPL-2.0
Group:		Security
#!BuildIgnore: clamav-nodb
Requires:       clamav
BuildArch:	noarch

%description
This is a shared package for multiple scanner engines that contain
their offline data.

%description -n clamav-database
Open Build Service package build environments do not have network access
and need to have a recent version of the clamav database stored offline.
This package just wraps up /var/lib/clamav into an RPM package.

After installing, clamav can be used as usual, no need for special
commandline arguments.


%package -n trivy-database
Summary:	Trivy database archive
Version:	%trivydbversion
License:        Apache-2.0
Group:		Security
URL:            https://aquasecurity.github.io/trivy/latest/docs/configuration/db/
# must be arch dependend due to endianess

%description -n trivy-database
Trivy is a comprehensive and versatile security scanner. Trivy has scanners
that look for security issues, and targets where it can find those issues.

This package contains the database archive that can be used to run the Trivy
scanner in an isolated environment.

Use the offline database:

trivy image
--cache-dir /usr/share/trivy/cache
--format cosign-vuln
--offline-scan
--skip-db-update
--skip-java-db-update
--output trivy.result.txt
$containertag


%prep
%setup -n db -c db

mkdir trivy-database
pushd trivy-database
tar xf %{SOURCE10}
popd

%install
pwd
ls -la

# clamav stuff
mkdir -p $RPM_BUILD_ROOT/var
cp -al var/* $RPM_BUILD_ROOT/var/
find  $RPM_BUILD_ROOT
cp %SOURCE2 $RPM_BUILD_ROOT/%_dbdir


# trivy stuf

pushd trivy-database
install -d -m 0755 %{buildroot}%{_datadir}/trivy/cache
cp -av * %{buildroot}%{_datadir}/trivy/cache/
popd

%files -n clamav-database
%defattr(-,vscan,vscan,644)
%attr(755,vscan,vscan) %_dbdir
%attr(644,vscan,vscan) %_dbdir/*

%files -n trivy-database
%defattr(-,root,root)
%dir %{_datadir}/trivy
%{_datadir}/trivy/cache

%changelog
openSUSE Build Service is sponsored by