File paranoia.spec of Package paranoia
#
# spec file for package paranoia
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: paranoia
Version: 0.5.0
Release: 0
Summary: Inspect certificate authorities in container images
License: Apache-2.0
URL: https://github.com/jetstack/paranoia
Source: %{name}-%{version}.tar.gz
Source1: vendor.tar.gz
BuildRequires: go >= 1.22
%description
Who do you trust?
Paranoia is a tool to analyse and export trust bundles (e.g.,
"ca-certificates") from container images. These certificates identify the
certificate authorities that your container trusts when establishing TLS
connections. The design of TLS is that any certificate authority that your
container trusts can issue a certificate for any domain. This means that a
malicious or compromised certificate authority could issue a certificate to
impersonate any other service, including your internal infrastructure.
Paranoia can be used to inspect and validate the certificates within your
container images. This gives you visibility into which certificate authorities
your container images are trusting; allows you to forbid or require
certificates at build-time in CI; and help you decide who to trust in your
container images.
Paranoia is built by Jetstack and made available under the Apache 2.0 license,
see LICENSE.txt.
%package -n %{name}-bash-completion
Summary: Bash Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Requires: bash-completion
Supplements: (%{name} and bash-completion)
BuildArch: noarch
%description -n %{name}-bash-completion
Bash command line completion support for %{name}.
%package -n %{name}-fish-completion
Summary: Fish Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Supplements: (%{name} and fish)
BuildArch: noarch
%description -n %{name}-fish-completion
Fish command line completion support for %{name}.
%package -n %{name}-zsh-completion
Summary: Zsh Completion for %{name}
Group: System/Shells
Requires: %{name} = %{version}
Supplements: (%{name} and zsh)
BuildArch: noarch
%description -n %{name}-zsh-completion
zsh command line completion support for %{name}.
%prep
%autosetup -p 1 -a 1
%build
go build \
-mod=vendor \
-buildmode=pie \
-o bin/%{name} .
%install
# Install the binary.
install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name}
# create the bash completion file
mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/
%{buildroot}/%{_bindir}/%{name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{name}
# create the fish completion file
mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
%{buildroot}/%{_bindir}/%{name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
# create the zsh completion file
mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
%{buildroot}/%{_bindir}/%{name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{name}
%files
%doc README.md
%license LICENSE.txt
%{_bindir}/%{name}
%files -n %{name}-bash-completion
%dir %{_datarootdir}/bash-completion/completions/
%{_datarootdir}/bash-completion/completions/%{name}
%files -n %{name}-fish-completion
%dir %{_datarootdir}/fish
%dir %{_datarootdir}/fish/vendor_completions.d
%{_datarootdir}/fish/vendor_completions.d/%{name}.fish
%files -n %{name}-zsh-completion
%defattr(-,root,root)
%dir %{_datarootdir}/zsh_completion.d/
%{_datarootdir}/zsh_completion.d/_%{name}
%changelog
