diff options
Diffstat (limited to 'security/rekor')
| -rw-r--r-- | security/rekor/Makefile | 65 | ||||
| -rw-r--r-- | security/rekor/distinfo | 5 | ||||
| -rw-r--r-- | security/rekor/files/rekor.in | 46 | ||||
| -rw-r--r-- | security/rekor/pkg-descr | 17 | ||||
| -rw-r--r-- | security/rekor/pkg-plist.client | 2 | ||||
| -rw-r--r-- | security/rekor/pkg-plist.server | 5 |
6 files changed, 140 insertions, 0 deletions
diff --git a/security/rekor/Makefile b/security/rekor/Makefile new file mode 100644 index 000000000000..fc47905048e5 --- /dev/null +++ b/security/rekor/Makefile @@ -0,0 +1,65 @@ +PORTNAME= rekor +DISTVERSIONPREFIX= v +DISTVERSION= 1.3.10 +CATEGORIES= security + +MAINTAINER= bofh@FreeBSD.org +COMMENT= Software Supply Chain Transparency Log ${${FLAVOR}_COMMENT} +WWW= https://www.sigstore.dev/ + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +FLAVORS= client server +FLAVOR?= ${FLAVORS:[1]} +client_PKGNAMESUFFIX= -client +client_COMMENT= (client only) +client_PLIST= ${.CURDIR}/pkg-plist.client +server_PKGNAMESUFFIX= -server +server_COMMENT= (server only) +server_PLIST= ${.CURDIR}/pkg-plist.server + +USES= cpe go:1.24,modules +CPE_VENDOR= linuxfoundation +.if ${FLAVOR} == server +USE_RC_SUBR= rekor +.endif + +GO_MODULE= github.com/sigstore/rekor +.if ${FLAVOR} == client +GO_TARGET= ./cmd/rekor-cli +.elif ${FLAVOR} == server +GO_TARGET= ./cmd/rekor-server \ + ./cmd/backfill-index \ + ./cmd/cleanup-index \ + ./cmd/copy-index +.endif +GO_BUILDFLAGS= -ldflags="\ + -X sigs.k8s.io/release-utils/version.gitVersion=$(DISTVERSION) \ + -X sigs.k8s.io/release-utils/version.gitCommit=$(GIT_HASH) \ + -X sigs.k8s.io/release-utils/version.gitTreeState=clean \ + -X sigs.k8s.io/release-utils/version.buildDate=${SOURCE_DATE_EPOCH:U${SOURCE_DATE_EPOCH_CMD:sh}}" + +.if ${FLAVOR} == server +USERS= ${PORTNAME} +GROUPS= ${PORTNAME} +.endif + +GIT_HASH= 4118a64b4b9c228a968b2d935a00807ca1b33aed + +.include <bsd.port.pre.mk> + +# Bring DISTINFO_FILE into scope so we can get the timestamp. +SOURCE_DATE_EPOCH_CMD= date -ur \ + $$(${GREP} -m1 TIMESTAMP ${DISTINFO_FILE} | ${SED} -e 's/[^0-9]//g') \ + '+%Y-%m-%dT%H:%M:%SZ' + +post-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rekor +.if ${FLAVOR} == client + ${INSTALL_DATA} ${WRKSRC}/config/rekor.yaml ${STAGEDIR}${PREFIX}/etc/rekor/rekor.yaml.sample +.elif ${FLAVOR} == server + ${INSTALL_DATA} ${WRKSRC}/rekor-server.yaml ${STAGEDIR}${PREFIX}/etc/rekor/rekor-server.yaml.sample +.endif + +.include <bsd.port.post.mk> diff --git a/security/rekor/distinfo b/security/rekor/distinfo new file mode 100644 index 000000000000..2c16c79e10d2 --- /dev/null +++ b/security/rekor/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1746289423 +SHA256 (go/security_rekor/rekor-v1.3.10/v1.3.10.mod) = 788c563e936db5816de40e7ff4a7f58ffa8d184fbe99842eec058da0d3b8f65d +SIZE (go/security_rekor/rekor-v1.3.10/v1.3.10.mod) = 11137 +SHA256 (go/security_rekor/rekor-v1.3.10/v1.3.10.zip) = 6a65d2c266a8ac2351061716142c9cb373abec19c892d4b5c0c83e21bf2b3789 +SIZE (go/security_rekor/rekor-v1.3.10/v1.3.10.zip) = 1193215 diff --git a/security/rekor/files/rekor.in b/security/rekor/files/rekor.in new file mode 100644 index 000000000000..a8f145e34d2c --- /dev/null +++ b/security/rekor/files/rekor.in @@ -0,0 +1,46 @@ +#!/bin/sh + +# PROVIDE: rekor +# REQUIRE: DAEMON +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# rekor_enable (bool): Set it to YES to enable rekor. +# Default is "NO". +# rekor_user (user): Set user to run rekor. +# Default is "rekor". +# rekor_group (group): Set group to run rekor. +# Default is "rekor". +# rekor_config (file): Set rekor config file. +# Default is "%%PREFIX%%/etc/rekor/rekor-server.yaml". + +. /etc/rc.subr + +name=rekor-server +rcvar=rekor_enable + +load_rc_config $name + +: ${rekor_enable:="NO"} +: ${rekor_user:="rekor"} +: ${rekor_group:="rekor"} +: ${rekor_config:="%%PREFIX%%/etc/rekor/rekor-server.yaml"} + +pidfile=/var/run/rekor.pid +procname="%%PREFIX%%/bin/rekor-server" +command="/usr/sbin/daemon" +command_args="-f -t ${name} -p ${pidfile} ${procname} server -config=${rekor_config}" + +start_precmd=rekor_startprecmd +required_files="$rekor_config" + +rekor_startprecmd() +{ + if [ ! -e ${pidfile} ]; then + install -o ${rekor_user} -g ${rekor_group} /dev/null ${pidfile}; + fi +} + +run_rc_command "$1" diff --git a/security/rekor/pkg-descr b/security/rekor/pkg-descr new file mode 100644 index 000000000000..3bcbf74dd9a5 --- /dev/null +++ b/security/rekor/pkg-descr @@ -0,0 +1,17 @@ +Rekor's goals are to provide an immutable tamper resistant ledger of +metadata generated within a software projects supply chain. Rekor will +enable software maintainers and build systems to record signed metadata +to an immutable record. Other parties can then query said metadata to +enable them to make informed decisions on trust and non-repudiation of +an object's lifecycle. + +The Rekor project provides a restful API based server for validation and +a transparency log for storage. A CLI application is available to make +and verify entries, query the transparency log for inclusion proof, +integrity verification of the transparency log or retrieval of entries +by either public key or artifact. + +Rekor fulfils the signature transparency role of sigstore's software +signing infrastructure. However, Rekor can be run on its own and is +designed to be extensible to working with different manifest schemas and +PKI tooling. diff --git a/security/rekor/pkg-plist.client b/security/rekor/pkg-plist.client new file mode 100644 index 000000000000..e2d5c1237f63 --- /dev/null +++ b/security/rekor/pkg-plist.client @@ -0,0 +1,2 @@ +bin/rekor-cli +@sample etc/rekor/rekor.yaml.sample diff --git a/security/rekor/pkg-plist.server b/security/rekor/pkg-plist.server new file mode 100644 index 000000000000..665e4deed750 --- /dev/null +++ b/security/rekor/pkg-plist.server @@ -0,0 +1,5 @@ +bin/backfill-index +bin/cleanup-index +bin/copy-index +bin/rekor-server +@sample etc/rekor/rekor-server.yaml.sample |